Knowledge Graph¶
A knowledge graph uses a graph based data model to store details about entities, the relationships between those entities, and groupings or categorizations of those entities. Knowledge graphs are typically used when the relationships between entities, and the details or descriptions of those relationships, are a critical part of the data model.
A well-defined ontology defines the entities and their properties, any grouping or categorization that can be applied to entities, and finally how these entities can be associated through relationships. Relationships are further defined through properties that elaborate on the details of how or why the entities are associated. An ontology provides a well defined model through which the entities, their categorizations, and their relationships can be queried.
An example ontology from a secure software supply chain ecosystem could involve the following entities:
- Software release
- Package
- Deployment
- Cluster
- Vulnerability
The relationships across these entities might include:
- Software release is composed of many packages
- Deployment deploys a software release to a cluster
- Version of Package has a vulnerability.
These relationships enable queries like:
- Which clusters have a version of release x that's exposed to the critical zero-day vulnerability y?
- Does release x have any critical severity vulnerabilities?
- Which packages in release x are vulnerable to CVE-123?
An example ontology from the Microsoft Graph ecosystem could involve the following entities:
- Employee
- File
The relationships across these entities might include:
- Employee a is the manager of employee b
- Employee b has recently edited file x.
These relationships enable queries like:
- What files have the direct reports of manager a been working on recently?
- Who are the direct reports of manager a?
Characteristics¶
Entity¶
An entity describes an object and its properties. An example could be an employee entity that has first name, last name, department, email address as properties.
Relationship¶
A relationship describes how and why two entities are associated. An example could be employee a is a manager for employee b.
Categorization¶
Entities can be grouped into categories. An example could be package, vulnerability, digital signature as entities that are grouped into the security artifacts category.
Ontology¶
An ontology defines the categories, properties, and relationships between the concepts in a specific domain. In the context of the knowledge graph, the ontology can be seen as the formal contract or schema of the data representing the domain in the graph.
Examples¶
Ontology¶
- The "Improve release artifact and workload integrity in Kubernetes via a secure software supply chain" solution describes how the various processes and artifacts produced across the software supply chain can be associated, and their relationships queried to provide deep system insights.
- The Microsoft Graph is an example of how the Microsoft 365 entities, services and the relationships between them can be queried to build an understanding of how things are connected, or to gain deeper insights across categories of entities.
- The Azure Resource Graph is an example of how Azure resources and the relationships between them can be used to explore complex resource topologies, or understand policy compliance.
- GUAC (Graph for Understanding Artifact Composition) is an example of how software, software supply chain artifacts, and their relationships can be queried to improve governance and identify security risks.