International Journal of Open Information Technologies

Modern network applications commonly work in cloud environments, based on orchestration of hardware virtualization or containers. Design of such applications meets new security challenges related to their distributed architectures, the use of third-party components, deployment flexibility, and short life-cycle stages. These challenges require application security analysis to be continuous and automated.
To implement the secure by design principle, automatic threat modeling based on threat/security patterns can be added to design secure applications. However, for a long time both threat modeling and threat/security patterns operate manual
procedures and time consuming methods. Currently, automation in this field is still in the low maturity layer, caused by lack of experimental research and machine-readable data.
Toward overcoming these challenges, the work researches an approach based on ontologies and knowledge graphs to automatically determine application architecture (functions, structure) from software deployment models for farther adding right patterns. In particular, an ontology-driven framework has been adopted for automatic semantic representation of multi-container applications (Docker Compose) and learning their architectures. To prove the effectiveness of semantic patterns, used to automatically detect application structures and functions, an open dataset of 200 semantic diagram has been created.

Murat D., Berkan U., Ali I. An Overview of Secure by Design: Enhancing Systems Security through Systems Security Engineering and Threat Modeling //2024 17th International Conference on Information Security and Cryptology (ISCTürkiye). – IEEE, 2024. – С. 1-6.

Nadifi Z. et al. STRIDE-Based Threat Modeling and Risk Assessment Framework for IoT-enabled Smart Healthcare Systems //International Journal of Online & Biomedical Engineering. – 2025. – Т. 21. – №. 9.

Hammami A. The art of threat modeling //Journal of Computer Sciences and Informatics. – 2024. – Т. 1. – №. 1. – С. 57-57.

Yskout K. et al. Threat modeling: from infancy to maturity //Proceedings of the ACM/IEEE 42nd international conference on software engineering: New ideas and emerging results. – 2020. – С. 9-12.

Erceylan G., Akbarzadeh A., Gkioulos V. Balancing Automation and Human Involvement in Threat Modeling for Optimal Cyber Resilience //International Conference on Human-Computer Interaction. – Cham : Springer Nature Switzerland, 2025. – С. 234-244.

Grosse K. et al. Towards more practical threat models in artificial intelligence security //33rd USENIX Security Symposium (USENIX Security 24). – 2024. – С. 4891-4908.

Steingartner W., Galinec D., Kozina A. Threat defense: Cyber deception approach and education for resilience in hybrid threats model //Symmetry. – 2021. – Т. 13. – №. 4. – С. 597.

Fernandez E. B. et al. Abstract security patterns and the design of secure systems //Cybersecurity. – 2022. – Т. 5. – №. 1. – С. 7.

Cordeiro A., Vasconcelos A., Correia M. A catalog of security patterns //Proceedings of 29th Conference on Pattern Languages of Programs, PLoP. – 2022. – С. 6-8.

Uzunov A. V., Fernandez E. B. An extensible pattern-based library and taxonomy of security threats for distributed systems //Computer Standards & Interfaces. – 2014. – Т. 36. – №. 4. – С. 734-747.

Brazhuk A. Threat modeling of cloud systems with ontological security pattern catalog //International Journal of Open Information Technologies. – 2021. – Т. 9. – №. 5. – С. 36-41.

Qu Z. et al. AdvSQLi: Generating Adversarial SQL Injections against Real-world WAF-as-a-service //IEEE Transactions on Information Forensics and Security. – 2024. – Т. 19. – С. 2623-2638.

Pisu L. et al. HTTP/3 will not Save you from Request Smuggling: A Methodology to Detect HTTP/3 Header (mis) Validations //2024 22nd International Symposium on Network Computing and Applications (NCA). – IEEE, 2024. – С. 97-104.

Ryś A. et al. Model management to support systems engineering workflows using ontology-based knowledge graphs //Journal of Industrial Information Integration. – 2024. – Т. 42. – С. 100720.

Eyvazov F. et al. Beyond containers: orchestrating microservices with minikube, kubernetes, docker, and compose for seamless deployment and scalability //2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)(ICRITO). – IEEE, 2024. – С. 1-6.

Aung L. H. et al. An Implementation of Web-Based Answer Platform in the Flutter Programming Learning Assistant System Using Docker Compose //Electronics. – 2024. – Т. 13. – №. 24. – С. 4878.

Konev A. et al. A survey on threat-modeling techniques: protected objects and classification of threats //Symmetry. – 2022. – Т. 14. – №. 3. – С. 549.

Usman W., Zappala D. SoK: A framework and guide for human-centered threat modeling in security and privacy research //2025 IEEE Symposium on Security and Privacy (SP). – IEEE, 2025. – С. 2697-2715.

Berger B. J., Plump C. Automatic security-flaw detection-towards a fair evaluation and comparison //Software and Systems Modeling. – 2025. – С. 1-34.

Malakhova D. et al. HarborLang: Enhancing Maritime Operational Safety Through Cyber Threat Simulation and Assessment //International Conference on Business Process Modeling, Development and Support. – Cham : Springer Nature Switzerland, 2025. – С. 290-298.

Rouland Q., Hamid B., Jaskolka J. A model-driven formal methods approach to software architectural security vulnerabilities specification and verification //Journal of Systems and Software. – 2025. – Т. 219. – С. 112219.

Laponina O. R., Kostin R. N. Threat Modeling Software Development for LLM-Agent-Based Systems //International Journal of Open Information Technologies. – 2025. – Т. 13. – №. 6. – С. 132-146.

Venkata R. Y., Kamongi P., Kavi K. An ontology-driven framework for security and resiliency in cyber physical systems //ICSEA. – 2018. – Т. 2018. – С. 23.

Williams I. et al. An automated security concerns recommender based on use case specification ontology //Automated Software Engineering. – 2022. – Т. 29. – №. 2. – С. 42.

De Rosa F. et al. Threma: Ontology-based automated threat modeling for ict infrastructures //IEEE Access. – 2022. – Т. 10. – С. 116514-116526.

Cauli C. et al. Pre-deployment security assessment for cloud services through semantic reasoning //International Conference on Computer Aided Verification. – Cham : Springer International Publishing, 2021. – С. 767-780.

Blanco C. et al. Onto-CARMEN: Ontology-driven approach for Cyber–Physical System Security Requirements meta-modelling and reasoning //Internet of Things. – 2023. – Т. 24. – С. 100989.

Luburić N. et al. A framework for teaching security design analysis using case studies and the hybrid flipped classroom //ACM Transactions on Computing Education (TOCE). – 2019. – Т. 19. – №. 3. – С. 1-19.

Tuma K. et al. Automating the early detection of security design flaws //Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems. – 2020. – С. 332-342.

Pereira-Vale A., Fernandez E. B. An ontology for security patterns //2019 38th International Conference of the Chilean Computer Science Society (SCCC). – IEEE, 2019. – С. 1-8.

Marko N., Vasenev A., Striecks C. Collecting and classifying security and privacy design patterns for connected vehicles: SECREDAS approach //International Conference on Computer Safety, Reliability, and Security. – Cham : Springer International Publishing, 2020. – С. 36-53.

Alvi A. K., Zulkernine M. Security pattern detection through diagonally distributed matrix matching //2022 9th International Conference on Dependable Systems and Their Applications (DSA). – IEEE, 2022. – С. 390-402.

Zeroual M. et al. A Tool Support Methodology for Creating Security Cases Using Argument Patterns //International Conference on Model and Data Engineering. – Cham : Springer Nature Switzerland, 2024. – С. 82-90.

Brazhuk A. I., Olizarovich E. V. Ontological analysis in the problems of container applications threat modelling / Informatika [Informatics], 2023, vol. 20, no. 4, pp. 69−86 (In Russ.)