D2.10 Certification Graph – v1

This deliverable describes the interim version of the central Certification Graph schema (i.e., the CertGraph ontology) for storing evidence in a graph-based format and is the refinement of the initial work on designing the CertGraph ontology in D2.1 [1]. This ontology serves as a common structure for semantically linked and combined evidence that is filled by all evidence extraction components of WP2. By developing the CertGraph ontology, this deliverable contributes to the key result CERTGRAPH (KR2) of the EMERALD project to provide a unified graph-based model of the cloud service under certification at different layers of the service. Following a knowledge graph-based approach in EMERALD, the ontology for storing and linking heterogeneous evidence information is developed in WP2, and the model is then implemented as a knowledge graph in WP3. First, this document starts with a recap of the CertGraph ontology from D2.1 [1] and indicates current changes. Second, the main part provides the functional and technical descriptions of the ontology, including its sub-ontologies and extensions to support the holistic approach to evidence collection. Some instructions for delivery and usage, as well as current limitations, are also presented. Third, a refined example of modelling and combining evidence information for TLS encryption from different sources illustrates the purpose and innovation of the ontology. Finally, the document concludes with a summary and discussion of future work.