Understanding and Modeling Prevention

Baratella, Riccardo; Fumagalli, Mattia; Oliveira, Ítalo; Guizzardi, Giancarlo

doi:10.1007/978-3-031-05760-1_23

Cited by 8 publications

(21 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ROSE will be represented through the UFO-based modeling language OntoUML [12]. We are interested in UFO's conceptualization of prevention (presented in [4]), which involves multiple ways of stopping or forestalling certain types of events, because this sort of dynamics plays a fundamental role in the domain of security. In section 4, we build ROSE as an extension and reinterpretation of the Common Ontology of Value and Risk (COVER), applying the theory of prevention.…”

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

“…According to UFO [14,4], events are manifestations of interacting objects' dispositions, which are activated by certain situations. For example, the event of a lion attack on customers in a given zoo is the result of manifestations of capabilities of the lion and the vulnerabilities of customers, when these dispositions meet each other in the right situations that activate them.…”

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

“…So causes is the transitive closure of directly causes. Furthermore, likelihood or probability can be ascribed to events of certain types, as described in [24] and incorporated in UFO theory of prevention [4] in the following way: Triggering Likelihood inheres in a Situation Type, and it refers to how likely a Situation Type will trigger an Event Type once a situation of this type is brought about by an event; the Causal Likelihood inheres in an Event Type, and it means the chances of an event causing, directly or indirectly, another one of a certain type.…”

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

“…For instance, caging the lion prevents the formation of a situation in which capacities of the lion and the vulnerabilities of the customers could meet; sedating the lion would remove some of its threatening capabilities; in both cases, the (semi-saturated) type of event of the lion attack in the zoo would be prevented. In general, prevention of events of type E T that are manifestations of dispositions of type D T occurs when an event of type E ′ T brings about a situation of a type S ′ T that is incompatible with the situations required to activate instances of D T [4]. This incompatibility means these situations cannot obtain concurrently, and, on the type-level, incompatible(S T ,S ′ T ) implies that there are no two instances of these two types that obtain in overlapping time intervals.…”

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

“…UFO theory of prevention also defines a concept of Countermeasures [4]. In general, given a disposition d whose manifestations are of type E T , countermeasures are designed interventions that endow a setting containing d with other dispositions {d 1 , ..., d n }, whose manifestations prevent any instance of E T .…”

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

See 4 more Smart Citations

An Ontology of Security from a Risk Treatment Perspective

Oliveira

Sales²,

Baratella³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In Risk Management, security issues arise from complex relations among objects and agents, their capabilities and vulnerabilities, the events they are involved in, and the value and risk they ensue to the stakeholders at hand. Further, there are patterns involving these relations that crosscut many domains, ranging from information security to public safety. Understanding and forming a shared conceptualization and vocabulary about these notions and their relations is fundamental for modeling the corresponding scenarios, so that proper security countermeasures can be devised. Ontologies are instruments developed to address these conceptual clarification and terminological systematization issues. Over the years, several ontologies have been proposed in Risk Management and Security Engineering. However, as shown in recent literature, they fall short in many respects, including generality and expressivity -the latter impacting on their interoperability with related models. We propose a Reference Ontology for Security Engineering (ROSE) from a Risk Treatment perspective. Our proposal leverages on two existing Reference Ontologies: the Common Ontology of Value and Risk and a Reference Ontology of Prevention, both of which are grounded on the Unified Foundational Ontology (UFO). ROSE is employed for modeling and analysing some cases, in particular providing clarification to the semantically overloaded notion of Security Mechanism.

show abstract

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

Section: Ontological Foundations Of Preventionmentioning

confidence: 99%

See 3 more Smart Citations

An Ontology of Security from a Risk Treatment Perspective

Oliveira

Sales²,

Baratella³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Ontological Analysis and Redesign of Security Modeling in ArchiMate

Oliveira

Sales²,

Almeida³

et al. 2022

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Enterprise Risk Management and security have become a fundamental part of Enterprise Architecture, so several frameworks and modeling languages have been designed to support the activities associated with these areas. Archi-Mate's Risk and Security Overlay is one of such proposals, endorsed by The Open Group. We investigate the capabilities of the proposed security-related constructs in ArchiMate with regard to the necessities of enterprise security modeling. Our analysis relies on a well-founded reference ontology of security to uncover ambiguity, missing modeling elements, and other deficiencies of the security modeling capabilities in ArchiMate. Based on this ontologically-founded analysis, we propose a redesign of security aspects of ArchiMate to overcome its original limitations.

show abstract

On the Semantics of Risk Propagation

Fumagalli

Engelberg²,

Sales

et al. 2023

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Risk propagation encompasses a plethora of techniques for analyzing how risk "spreads" in a given system. Albeit commonly used in technical literature, the very notion of risk propagation turns out to be a conceptually imprecise and overloaded one. This might also explain the multitude of modeling solutions that have been proposed in the literature. Having a clear understanding of what exactly risk is, how it be quantified, and in what sense it can be propagated is fundamental for devising high-quality risk assessment and decision-making solutions. In this paper, we exploit a previous well-established work about the nature of risk and related notions with the goal of providing a proper interpretation of the different notions of risk propagation, as well as revealing and harmonizing the alternative semantics for the links used in common risk propagation graphs. Finally, we discuss how these results can be leveraged in practice to model risk propagation scenarios.

show abstract

Understanding and Modeling Prevention

Cited by 8 publications

References 26 publications

An Ontology of Security from a Risk Treatment Perspective

An Ontology of Security from a Risk Treatment Perspective

Ontological Analysis and Redesign of Security Modeling in ArchiMate

On the Semantics of Risk Propagation

Contact Info

Product

Resources

About