Skip to main content

SafecareOnto: A Cyber-Physical Security Ontology for Healthcare Systems

Part of the Lecture Notes in Computer Science book series (LNISA,volume 12924)

Abstract

Vital to society, healthcare infrastructures are frequently subject to many threats that exploit their vulnerabilities. Many cyber and physical attacks are triggered, leading to many high-impact incidents. There is a growing need for innovative solutions that combine cyber and physical security features. To improve the response to incidents caused by attacks combining cyber and physical threats, we have produced within the H2020 project “Safecare”, an ontology-based solution. The Safecare ontology is designed to support an impact propagation model application, integrating cyber-physical interactions. In this paper, we present the different steps carried out to develop this ontology and two use cases on asset management and incident propagation.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-86475-0_3
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-86475-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Notes

  1. 1.

    ISO 14971:2019.

  2. 2.

    https://www.safecare-project.eu/.

  3. 3.

    ANSI/NISO Z39.19-2005.

  4. 4.

    https://cve.mitre.org/.

  5. 5.

    https://protege.stanford.edu/.

  6. 6.

    https://www.w3.org/2001/sw/wiki/Pellet.

References

  1. ANSSI: Ebios risk manager - the method (2019). https://www.ssi.gouv.fr/en/guide/ebios-risk-manager-the-method/

  2. Breier, J., Schindler, F.: Assets dependencies model in information security risk management. In: Linawati, M.M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) Information and Communication Technology-EurAsia Conference, pp. 405–412. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55032-4_40

  3. Cristani, M., Cuel, R.: A survey on ontology creation methodologies. Int. J. Semant. Web and Inf. Syst. (IJSWIS) 1(2), 49–69 (2005)

    CrossRef  Google Scholar 

  4. Depoy, J., Phelan, J., Sholander, P., Smith, B., Varnado, G., Wyss, G.: Risk assessment for physical and cyber attacks on critical infrastructures. In: IEEE Military Communications Conference, pp. 1961–1969 (2005)

    Google Scholar 

  5. ENISA: Cyber security and resilience for Smart Hospitals (2016). https://www.enisa.europa.eu/publications/cyber-security-and-resilience-for-smart-hospitals

  6. EU PROTECTIVE project: delivrable d4.1 (2017). https://protective-h2020.eu/

  7. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 183–194 (2009)

    Google Scholar 

  8. Fernández-López, M., Gómez-Pérez, A., Juristo, N.: Methontology: from ontological art towards ontological engineering (1997)

    Google Scholar 

  9. Freitas, F., Schulz, S., Moraes, E.: Survey of current terminologies and ontologies in biology and medicine. RECIIS-Electron. J. Commun. Inf. Innov. Health 3(1), 7–18 (2009)

    Google Scholar 

  10. Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing? Int. J. Hum. Comput. Stud. 43(5), 907–928 (1995)

    CrossRef  Google Scholar 

  11. Grüninger, M., Fox, M.S.: Methodology for the design and evaluation of ontologies (1995)

    Google Scholar 

  12. HITRUST: Healthcare sector cybersecurity framework - implementation guide v1.1 (2016). https://hitrustalliance.net/

  13. Horridge, M., Knublauch, H., Rector, A., Stevens, R., Wroe, C.: A practical guide to building owl ontologies using the Protégé-OWL plugin and co-ode tools edition 1.0. University of Manchester (2004)

    Google Scholar 

  14. Jakobson, G.: Mission cyber security situation assessment using impact dependency graphs. In: 14th International Conference on Information Fusion, pp. 1–8 (2011)

    Google Scholar 

  15. Kim, B.J., Lee, S.W.: Understanding and recommending security requirements from problem domain ontology: a cognitive three-layered approach. J. Syst. Softw. 169, 110695 (2020)

    CrossRef  Google Scholar 

  16. Li, T., Wang, X., Ni, Y.: Aligning social concerns with information system security: A fundamental ontology for social engineering. Inf. Syst. 101699 (2020)

    Google Scholar 

  17. Luh, R., Schrittwieser, S., Marschalek, S.: TAON: an ontology-based approach to mitigating targeted attacks (2016)

    Google Scholar 

  18. Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A.: WonderWeb deliverable d17. Comput. Sci. Preprint Arch. 2002(11), 74–110 (2002)

    Google Scholar 

  19. Noy, N.F., McGuinness, D.L., et al.: Ontology development 101: a guide to creating your first ontology (2001)

    Google Scholar 

  20. Pinto, H.S., Martins, J.P.: Ontologies: how can they be built? Knowl. Inf. Syst. 6(4), 441–464 (2004)

    CrossRef  Google Scholar 

  21. Roussey, C., Pinet, F., Kang, M.A., Corcho, O.: An introduction to ontologies and ontology engineering. In: Ontologies in Urban Development Projects, pp. 9–38. Springer, London (2011). https://doi.org/10.1007/978-0-85729-724-2_2

  22. Schauer, S., Grafenauer, T., König, S., Warum, M., Rass, S.: Estimating cascading effects in cyber-physical critical infrastructures. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 43–56. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_4

    CrossRef  Google Scholar 

  23. Silva, F.R.L., Jacob, P.: Mission-centric risk assessment to improve cyber situational awareness. Association for Computing Machinery (2018)

    Google Scholar 

  24. Staab, S., Studer, R.: Handbook on Ontologies. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-540-92673-3

    CrossRef  MATH  Google Scholar 

  25. Suárez-Figueroa, M.C., Gómez-Pérez, A., Fernández-López, M.: The neon methodology framework: a scenario-based methodology for ontology development. Appl. Ontol. 10(2), 107–145 (2015)

    CrossRef  Google Scholar 

  26. Theocharidou, M., Giannopoulos, G.: Risk assessment methodologies for critical infrastructure protection. part II: a new approach (report EUR 27332) (2015)

    Google Scholar 

  27. Tong, X., Ban, X.: A hierarchical information system risk evaluation method based on asset dependence chain. Int. J. Secur. Appl. 8(6), 81–88 (2014)

    Google Scholar 

  28. Uschold, M., Gruninger, M., et al.: Ontologies: principles, methods and applications. Technical report University of Edinburgh Artificial Intelligence Applications Institute AIAI TR (1996)

    Google Scholar 

  29. vom Brocke, J., Braccini, A.M., Sonnenberg, C., Spagnoletti, P.: Living it infrastructures - an ontology-based approach to aligning it infrastructure capacity and business needs. Int. J. Account. Inf. Syst. 15(3), 246–274 (2014)

    CrossRef  Google Scholar 

  30. White, R., Burkhart, A., George, R., Boult, T., Chow, E.: Towards comparable cross-sector risk analyses: a re-examination of the risk analysis and management for critical asset protection (ramcap) methodology. Int. J. Crit. Infrastruct. Prot. 14, 28–40 (2016)

    CrossRef  Google Scholar 

  31. Wu, S., Zhang, Y., Chen, X.: Security assessment of dynamic networks with an approach of integrating semantic reasoning and attack graphs, pp. 1166–1174 (2018)

    Google Scholar 

Download references

Acknowledgements

This research received funding from the European Union’s H2020 Research and Innovation Action under SAFECARE Project, grant agreement no. 787002.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fatma-Zohra Hannou .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Hannou, FZ., Atigui, F., Lammari, N., Cherfi, S.Ss. (2021). SafecareOnto: A Cyber-Physical Security Ontology for Healthcare Systems. In: Strauss, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Database and Expert Systems Applications. DEXA 2021. Lecture Notes in Computer Science(), vol 12924. Springer, Cham. https://doi.org/10.1007/978-3-030-86475-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86475-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86474-3

  • Online ISBN: 978-3-030-86475-0

  • eBook Packages: Computer ScienceComputer Science (R0)