How FAIR are Security Core Ontologies? A Systematic Mapping Study

Oliveira, Ítalo; Fumagalli, Mattia; Sales, Tiago Prince; Guizzardi, Giancarlo

doi:10.1007/978-3-030-75018-3_7

Cited by 5 publications

(15 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ROSE includes all concepts mapped in [22] as the most common in security core ontologies, as requested by OR2. Indeed, ROSE ontologically unpacks them and explains their interactions in details, also distinguishing between intentional and non-intentional threats, and how this matters for security.…”

Section: Discussionmentioning

confidence: 99%

“…ROSE shall support the task of representing the risk treatment options (a)-(g), which are directly connected to the AR2; 2. ROSE shall include both risk and security concepts, explaining explicitly how they interact with one another, including the ones mapped in [22] as the most common in security core ontologies: Vulnerability, Risk, Asset, Attacker, Threat, Control, Countermeasure, Stakeholder, Attack, Consequence; 3. ROSE shall be able to distinguish intentional and non-intentional threats, because this distinction impacts the risk treatment options.…”

Section: Requirements For a Reference Ontology Of Securitymentioning

confidence: 99%

“…The closest related works to ours are proposals of reference ontologies of security based on some foundational ontology. In a recent literature review [22], only four with this approach were found, while nearly all the 57 selected security core ontologies miss every FAIR principle. In [6] the authors propose an ISO-based information security domain ontology, represented in OWL and designed under the principles of the Basic Formal Ontology (BFO), to facilitate the management of standards-related documents and compliance in an Information Security Management System.…”

Section: Related Workmentioning

confidence: 99%

“…In fact, these core ontologies of security even fall short w.r.t. the FAIR principles, i.e., basic management standards for scientific artifacts (as shown by [22]).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Ontology of Security from a Risk Treatment Perspective

Oliveira

Sales²,

Baratella³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In Risk Management, security issues arise from complex relations among objects and agents, their capabilities and vulnerabilities, the events they are involved in, and the value and risk they ensue to the stakeholders at hand. Further, there are patterns involving these relations that crosscut many domains, ranging from information security to public safety. Understanding and forming a shared conceptualization and vocabulary about these notions and their relations is fundamental for modeling the corresponding scenarios, so that proper security countermeasures can be devised. Ontologies are instruments developed to address these conceptual clarification and terminological systematization issues. Over the years, several ontologies have been proposed in Risk Management and Security Engineering. However, as shown in recent literature, they fall short in many respects, including generality and expressivity -the latter impacting on their interoperability with related models. We propose a Reference Ontology for Security Engineering (ROSE) from a Risk Treatment perspective. Our proposal leverages on two existing Reference Ontologies: the Common Ontology of Value and Risk and a Reference Ontology of Prevention, both of which are grounded on the Unified Foundational Ontology (UFO). ROSE is employed for modeling and analysing some cases, in particular providing clarification to the semantically overloaded notion of Security Mechanism.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Requirements For a Reference Ontology Of Securitymentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…In fact, these core ontologies of security even fall short w.r.t. the FAIR principles, i.e., basic management standards for scientific artifacts (as shown by [22]).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Ontology of Security from a Risk Treatment Perspective

Oliveira

Sales²,

Baratella³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Despite all eorts in the ontology engineering community to provide methods, guidelines, metrics, standards, and maturity models for the ontology engineering process, ontology engineers and domain experts still develop unclear ontologies due to their unbalanced views and biases [165,195]. The problem is that stakeholders take dierent conceptual perspectives, and this causes ontologies to have biases.…”

Section: Problem Statementmentioning

confidence: 99%

A Framework for Conceptual Characterization of Ontologies and its Application in the Cybersecurity Domain

Franco Martins Souza

View full text Add to dashboard Cite

This thesis was a great personal challenge for me and my family. We have changed house, country, and continent, building a new life full of challenges and new things. Along the way, we have left many dear people behind. But with a lot of study, perseverance, and the help of many people, we have made it. I would like to express my sincere thanks to all of them. I begin by expressing my gratitude to my advisor, Óscar Pastor López, who guided me along this path of study and research. It was years of great learning with him, I thank him for sharing his immense knowledge with me and for his support, patience, and dedication. More than a professor, he is an example to be followed, with a big sense of humor; always focused, and communicative, he supported me on this path. Thank you for accepting me on this journey as my advisor, but more for being my friend.Thanks to José Fabián Reyes Román, my co-advisor who also helped me during all the research and for reviewing the preliminary version of this thesis. I am grateful to my colleagues from the Accenture Israel Cyber R&D Lab (Moshe Hadad, Dan Klein, Gal Engelberg, and Ethan Hadar) who helped with their immense knowledge in cybersecurity. Thanks to my dear old friends and Prof. Renata Guizzardi and Prof. Giancarlo Guizzardi for their valuable advice and support during the course of this research work. Also, thanks to my colleagues Bruno Duarte Borlini and Cristine Grio for the countless philosophical and ontological discussions that opened me to new possibilities.Thanks to Vicente Javier Julian Inglada of DSIC, Ana Cidad Vila of ValgrAI, ix Prof. José Ignacio Panach Navarrete, and the other PROS@VRAIN team members and colleagues. For all of you, who believed in me, especially when I was weakest and thought that the end never to come.Besides my advisors and research team, I thank my thesis committee Prof.

show abstract