In operational technology (OT) contexts, containerised applications often require elevated privileges to access low-level network interfaces or perform administrative tasks such as application monitoring. These privileges reduce the default isolation provided by containers and introduce significant security risks. Security risk identification for OT container deployments is challenged by hybrid IT/OT architectures, fragmented stakeholder knowledge, and continuous system changes. Existing approaches lack reproducibility, interpretability across contexts, and technical integration with deployment artefacts. We propose a model-based approach, implemented as the Container Security Risk Ontology (CSRO), which integrates five key domains: adversarial behaviour, contextual assumptions, attack scenarios, risk assessment rules, and container security artefacts. Our evaluation of CSRO in a case study demonstrates that the end-to-end formalisation of risk calculation, from artefact to risk level, enables automated and reproducible risk identification. While CSRO currently focuses on technical, container-level treatment measures, its modular and flexible design provides a solid foundation for extending the approach to host-level and organisational risk factors.

翻译：在运营技术（OT）环境中，容器化应用通常需要提升权限以访问底层网络接口或执行应用监控等管理任务。这些权限削弱了容器默认提供的隔离性，并引入了显著的安全风险。OT容器部署的安全风险识别面临混合IT/OT架构、利益相关方知识碎片化以及系统持续变更等挑战。现有方法缺乏可复现性、跨场景可解释性以及与部署制品的技术集成。本文提出一种基于模型的方法，通过实现为容器安全风险本体（CSRO），整合了五个关键领域：对抗行为、上下文假设、攻击场景、风险评估规则和容器安全制品。我们在案例研究中对CSRO的评估表明，从制品到风险级别的端到端风险计算形式化，能够实现自动化且可复现的风险识别。虽然CSRO目前侧重于技术层面的容器级处置措施，但其模块化与灵活的设计为将该方法扩展至主机级和组织级风险因素奠定了坚实基础。