D3FEND CAD

Basic design requirements for the D3FEND CAD tool.

CAD Graph Data Model

D3FEND CAD uses the svelte-flow library for graph visualization. Nearly all mature graph UI libraries have their own representations, especially on the web. Unfortunately, none really use semantic graph technology.

As such, here is our JSON Schema data model:

Of note, there are separate data structures for "nodes and edges" in this schema, this is not a triple model. We have to translate this denormalized structure to a normalized one, RDF in our case.

On the node and edge object, there is a property d3f_iri, this is used to translate between the schema and the D3FEND Ontology. This property is intended to work for both class instance and all property types.

CAD Graph to Semantic Graph Conversions

We handle two primary use cases when we convert from the CAD Graph to a D3FEND Semantic Graph.

  1. Instance focused semantic graph

    This is the primary use case for CAD. Users use the ontology as it exists to create ontologically consistent graphs of cyber threat scenarios, model CTI reports, and system security architectures designs. Additionally, these models will also be exportable to SysML or other systems engineering representations and D3FEND will serve as the "Rosetta Stone". These advanced secondary conversions may exist as scripts outside of CAD.

  2. D3FEND Ontology additions

    An import additional use case as the acceleration of accurate and precise additions to the D3FEND ontology. Users can specify a scenario, e.g. as they might in use case #1, and then specific additional classes, properties, and restrictions to add the missing elements they need to the D3FEND Ontology. The TTL conversion route will make certain assumptions about the intentions of the user. This will be a limited functionality focused on ontology additions, versus full ontology editing.

    Behavior and interpretation logic:

    Class := Node
Property := Edge
    • If user prefixes a node or edge with a :, then it is assumed to be new declaration of a class or property respectively.
    • New properties will be a rdfs:subPropertyOf of d3f:d3fend-object-property
    • New classes will be a subtype of their archetypal box unless there is one or more rdfs:subClassOf assertions on that "Node". New classes with no archetype will be a D3FENDThing
    • If a new class is indicated via the : , all Edges on that Node are assumed to be owl:someValuesFrom restrictions against the target class.