Abstract
Vital to society, healthcare infrastructures are frequently subject to many threats that exploit their vulnerabilities. Many cyber and physical attacks are triggered, leading to many high-impact incidents. There is a growing need for innovative solutions that combine cyber and physical security features. To improve the response to incidents caused by attacks combining cyber and physical threats, we have produced within the H2020 project “Safecare”, an ontology-based solution. The Safecare ontology is designed to support an impact propagation model application, integrating cyber-physical interactions. In this paper, we present the different steps carried out to develop this ontology and two use cases on asset management and incident propagation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
ISO 14971:2019.
- 2.
- 3.
ANSI/NISO Z39.19-2005.
- 4.
- 5.
- 6.
References
ANSSI: Ebios risk manager - the method (2019). https://www.ssi.gouv.fr/en/guide/ebios-risk-manager-the-method/
Breier, J., Schindler, F.: Assets dependencies model in information security risk management. In: Linawati, M.M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) Information and Communication Technology-EurAsia Conference, pp. 405–412. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55032-4_40
Cristani, M., Cuel, R.: A survey on ontology creation methodologies. Int. J. Semant. Web and Inf. Syst. (IJSWIS) 1(2), 49–69 (2005)
Depoy, J., Phelan, J., Sholander, P., Smith, B., Varnado, G., Wyss, G.: Risk assessment for physical and cyber attacks on critical infrastructures. In: IEEE Military Communications Conference, pp. 1961–1969 (2005)
ENISA: Cyber security and resilience for Smart Hospitals (2016). https://www.enisa.europa.eu/publications/cyber-security-and-resilience-for-smart-hospitals
EU PROTECTIVE project: delivrable d4.1 (2017). https://protective-h2020.eu/
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 183–194 (2009)
Fernández-López, M., Gómez-Pérez, A., Juristo, N.: Methontology: from ontological art towards ontological engineering (1997)
Freitas, F., Schulz, S., Moraes, E.: Survey of current terminologies and ontologies in biology and medicine. RECIIS-Electron. J. Commun. Inf. Innov. Health 3(1), 7–18 (2009)
Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing? Int. J. Hum. Comput. Stud. 43(5), 907–928 (1995)
Grüninger, M., Fox, M.S.: Methodology for the design and evaluation of ontologies (1995)
HITRUST: Healthcare sector cybersecurity framework - implementation guide v1.1 (2016). https://hitrustalliance.net/
Horridge, M., Knublauch, H., Rector, A., Stevens, R., Wroe, C.: A practical guide to building owl ontologies using the Protégé-OWL plugin and co-ode tools edition 1.0. University of Manchester (2004)
Jakobson, G.: Mission cyber security situation assessment using impact dependency graphs. In: 14th International Conference on Information Fusion, pp. 1–8 (2011)
Kim, B.J., Lee, S.W.: Understanding and recommending security requirements from problem domain ontology: a cognitive three-layered approach. J. Syst. Softw. 169, 110695 (2020)
Li, T., Wang, X., Ni, Y.: Aligning social concerns with information system security: A fundamental ontology for social engineering. Inf. Syst. 101699 (2020)
Luh, R., Schrittwieser, S., Marschalek, S.: TAON: an ontology-based approach to mitigating targeted attacks (2016)
Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A.: WonderWeb deliverable d17. Comput. Sci. Preprint Arch. 2002(11), 74–110 (2002)
Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology (2001)
Pinto, H.S., Martins, J.P.: Ontologies: how can they be built? Knowl. Inf. Syst. 6(4), 441–464 (2004)
Roussey, C., Pinet, F., Kang, M.A., Corcho, O.: An introduction to ontologies and ontology engineering. In: Ontologies in Urban Development Projects, pp. 9–38. Springer, London (2011). https://doi.org/10.1007/978-0-85729-724-2_2
Schauer, S., Grafenauer, T., König, S., Warum, M., Rass, S.: Estimating cascading effects in cyber-physical critical infrastructures. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 43–56. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_4
Silva, F.R.L., Jacob, P.: Mission-centric risk assessment to improve cyber situational awareness. Association for Computing Machinery (2018)
Staab, S., Studer, R.: Handbook on Ontologies. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-540-92673-3
Suárez-Figueroa, M.C., Gómez-Pérez, A., Fernández-López, M.: The neon methodology framework: a scenario-based methodology for ontology development. Appl. Ontol. 10(2), 107–145 (2015)
Theocharidou, M., Giannopoulos, G.: Risk assessment methodologies for critical infrastructure protection. part II: a new approach (report EUR 27332) (2015)
Tong, X., Ban, X.: A hierarchical information system risk evaluation method based on asset dependence chain. Int. J. Secur. Appl. 8(6), 81–88 (2014)
Uschold, M., Gruninger, M., et al.: Ontologies: principles, methods and applications. Technical report University of Edinburgh Artificial Intelligence Applications Institute AIAI TR (1996)
vom Brocke, J., Braccini, A.M., Sonnenberg, C., Spagnoletti, P.: Living it infrastructures - an ontology-based approach to aligning it infrastructure capacity and business needs. Int. J. Account. Inf. Syst. 15(3), 246–274 (2014)
White, R., Burkhart, A., George, R., Boult, T., Chow, E.: Towards comparable cross-sector risk analyses: a re-examination of the risk analysis and management for critical asset protection (ramcap) methodology. Int. J. Crit. Infrastruct. Prot. 14, 28–40 (2016)
Wu, S., Zhang, Y., Chen, X.: Security assessment of dynamic networks with an approach of integrating semantic reasoning and attack graphs, pp. 1166–1174 (2018)
Acknowledgements
This research received funding from the European Union’s H2020 Research and Innovation Action under SAFECARE Project, grant agreement no. 787002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hannou, FZ., Atigui, F., Lammari, N., Cherfi, S.Ss. (2021). SafecareOnto: A Cyber-Physical Security Ontology for Healthcare Systems. In: Strauss, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Database and Expert Systems Applications. DEXA 2021. Lecture Notes in Computer Science(), vol 12924. Springer, Cham. https://doi.org/10.1007/978-3-030-86475-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-86475-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86474-3
Online ISBN: 978-3-030-86475-0
eBook Packages: Computer ScienceComputer Science (R0)