Security Ontology for Annotating Resources

Kim, Anya; Luo, Jin; Kang, Min Woo

doi:10.1007/11575801_34

Cited by 105 publications

(62 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the technical level, the plan is to keep the ontology up to date and perform the necessary migrations to the latest available versions (OWL/Protégé). Kim et al [40] Undercoffer et al [17] Geneiataki s et al [18] Denker et al [ …”

Section: Discussionmentioning

confidence: 99%

A Security Ontology for Security Requirements Elicitation

Souag¹,

Salinesi²,

Mazo³

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

International audienceSecurity is an important issue that needs to be taken into account at all stages of information system development, including early requirements elicitation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts' knowledge about security is often tacit makes the task of security requirements elicitation even harder. Ontologies are known for being a good way to formalize knowledge. Ontologies, in particular, have been proved useful to support reusability. Requirements engineering based on predefined ontologies can make the job of requirement engineering much easier and faster. However, this very much depends on the quality of the ontology that is used. Some security ontologies for security requirements have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We implemented the ontology and developed an interactive environment to facilitate the use of the ontology during the security requirements engineering process. The proposed security ontology was evaluated by checking its validity and completeness compared to other ontologies. Moreover, a controlled experiment with end-users was performed to evaluate its usability

show abstract

Section: Discussionmentioning

confidence: 99%

A Security Ontology for Security Requirements Elicitation

Souag¹,

Salinesi²,

Mazo³

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Previous research in relation to applying ontologies to the security domain had primarily focused on security classifications and tended to go no further than providing abstract taxonomy's [12,13]. However, our research provides, in conjunction with providing an explicit specification and basic DL reasoning from a taxonomy perspective, inferences at a lower level of granularity.…”

Section: Related Researchmentioning

confidence: 99%

Network Access Control Interoperation using Semantic Web Techniques

Fitzgerald

Foley²,

Foghlú³

2008

Proceedings of the 6th International Workshop on Security in Information Systems

View full text Add to dashboard Cite

Abstract. Network Access Control requirements are typically implemented in practice as a series of heterogeneous security-mechanism-centric policies that span system services and application domains. For example, a Network Access Control (NAC) policy might be configured in terms of firewall, proxy, intrusion prevention and user-access policies. While defined separately, these policies may interoperate in the sense that the access requirements of one may conflict and/or be redundant with respect to the access requirements of another policy. Thus, managing a large number of distinct policies becomes a major challenge in terms of deploying and maintaining a meaningful and consistent configuration. It is argued that the Semantic Web-an architecture that supports the formal representation, reasoning and sharing of heterogeneous domain knowledge-provides a natural solution to this challenge. A risk-based approach to configuring interoperating policies is described. Each NAC mechanism has an ontology that is used to represent its configuration. This heterogeneous and interoperating policy knowledge is unified with higher-level business (risk) rules, providing a single (extensible) ontology that supports reasoning across the different NAC policy configurations.

show abstract

“…Other specific security ontologies are proposed by D. Geneiatakis et al [19] (designed for describing Session Initiation Protocol security flaws), by M. Karyda et al [20] (dedicated for describing applications of e-government), by J. Undercoffer et al [21] (designed for describing computer attacks), by A. Souag [22] (designed for requirements engineering process) and by other authors. A. Kim extended specific ontologies and created one which can be applied to any electronic resource [23]. However this ontology does not overlay all the concepts of information security.…”

Section: Security Ontologymentioning

confidence: 99%

Security Ontology for Adaptive Mapping of Security Standards

Ramanauskaitė

Olifer

Goranin

et al. 2013

INT J COMPUT COMMUN, Int. J. Comput. Commun. Control

View full text Add to dashboard Cite

Adoption of security standards has the capability of improving the security level in an organization as well as to provide additional benefits and possibilities to the organization. However mapping of used standards has to be done when more than one security standard is employed in order to prevent redundant activities, not optimal resource management and unnecessary outlays. Employment of security ontology to map different standards can reduce the mapping complexity however the choice of security ontology is of high importance and there are no analyses on security ontology suitability for adaptive standards mapping. In this paper we analyze existing security ontologies by comparing their general properties, OntoMetric factors and ability to cover different security standards. As none of the analysed security ontologies were able to cover more than 1/3 of security standards, we proposed a new security ontology, which increased coverage of security standards compared to the existing ontologies and has a better branching and depth properties for ontology visualization purposes. During this research we mapped 4 security standards (ISO 27001, PCI DSS, ISSA 5173 and NISTIR 7621) to the new security ontology, therefore this ontology and mapping data can be used for adaptive mapping of any set of these security standards to optimize usage of multiple security standards in an organization.

show abstract

Security Ontology for Annotating Resources

Cited by 105 publications

References 6 publications

A Security Ontology for Security Requirements Elicitation

A Security Ontology for Security Requirements Elicitation

Network Access Control Interoperation using Semantic Web Techniques

Security Ontology for Adaptive Mapping of Security Standards

Contact Info

Product

Resources

About