Ontologies for Security Requirements: A Literature Survey and Classification

  • Amina Souag
  • Camille Salinesi
  • Isabelle Comyn-Wattiau
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 112)


Despite existing methodologies in the field, most requirements engineers are poorly trained to define security requirements. This is due to a considerable lack of security knowledge. Some security ontologies have been proposed, but a gap still exists between the two fields of security requirement engineering and ontologies. This paper is a survey, it proposes an analysis and a typology of existing security ontologies and their use for requirements definition.


Security Ontologies Requirements Analysis Classification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: ARES, Barcelona (2008)Google Scholar
  2. 2.
    Mouratidis, H., Giorgini, P., Manson, G.: Towards the development of secure information systems: Security Reference Diagram and Security Attack Scenarios. In: CAiSE (2004)Google Scholar
  3. 3.
    Ekelhart, A., Fenz, S., Klemen, M., Weippl, E.: Security Ontologies: Improving Quantitative Risk Analysis. In: HICSS 2007 (2007)Google Scholar
  4. 4.
    Gruber, T.R.: Toward Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal Human-Computer Studies 43(5-6), 907–928 (1995)CrossRefGoogle Scholar
  5. 5.
    Dobson, G., Pete, S.: Revisiting Ontology-Based Requirements Engineering in the age of the Semantic Web. Requirements Engineering (2006)Google Scholar
  6. 6.
    Donner, M.: Toward a Security Ontology. IEEE Security and Privacy (2003)Google Scholar
  7. 7.
    Barnes, S.J.: Assessing the value of IS journals. Communications of the ACM (2005)Google Scholar
  8. 8.
    Rainer, R.K., Miller, M.D.: Examining differences across journal rankings. Communications of the ACM 48(2), 91–94 (2005)CrossRefGoogle Scholar
  9. 9.
    Mylopoulos, J., Jarke, M., Koubarakis, M.: Telos – a language for representing knowledge about information systems. ACM Trans. Information Systems 8(4), 327–362 (1990)CrossRefGoogle Scholar
  10. 10.
    Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. (2004)Google Scholar
  11. 11.
    Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)CrossRefGoogle Scholar
  12. 12.
    Herzog, A., Shahmehri, N., Duma, C.: An Ontology of Information Security. International Journal of Information Security 1(4), 1–23 (2007)CrossRefGoogle Scholar
  13. 13.
    Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009, pp. 183–194 (2009)Google Scholar
  14. 14.
    Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Geneiatakis, D., Lambrinoudakis, C.: An ontology description for SIP security flaws. Computer Communications (2006) (in press) (corrected proof)Google Scholar
  16. 16.
    Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.: Security for DAML Web Services: Annotation and Matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Denker, G., Nguyen, S., Ton, A.: OWL-S Semantics of Security Web Services: aGoogle Scholar
  18. 18.
    Denker, G., Kagal, L., Finin, T.: Security in the Semantic Web using OWL. Information Security Technical Report 10(1), 51–58 (2005)CrossRefGoogle Scholar
  19. 19.
    Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources. In: ODBASE 2005 (2005)Google Scholar
  20. 20.
    Vorobiev, A., Han, J.: Security Attack Ontology for Web Services. In: SKG 2006, p. 42. IEEE Computer Society (2006)Google Scholar
  21. 21.
    Abou Assali, A., Lenne, D., Debray, B.: Ontology development for industrial risk analysis. In: ICTTA 2008, Damascus, Syria (April 2008)Google Scholar
  22. 22.
    Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: AINA, pp. 985–992 (2006)Google Scholar
  23. 23.
    Karyda, M., et al.: An ontology for secure e-government applications. In: ARES 2006, pp. 1033–1037. IEEE Computer Society (2006)Google Scholar
  24. 24.
    Firesmith, D.G.: A taxonomy of security-related requirements. In: RHAS 2005, Paris (2005)Google Scholar
  25. 25.
    Mouratidis, H., Giorgini, P., Manson, G.: An Ontology for Modeling Security: The Tropos Approach. In: Knowledge-Based Intelligent Information and Engineering Systems, pp. 1387–1394. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Massacci, F., Mylopoulos, J., Paci, F., Tun, T., Yu, Y.: An extended ontology for security requirements. In: WEISSE 2011, June 20-24 (2011)Google Scholar
  27. 27.
    Case Study. In: 1st European Semantic Web Symposium: Heraklion, Greece (2004)Google Scholar
  28. 28.
    Elahi, G.: Security Requirements Engineering: State of the Art and Practice and Challenges (2009),
  29. 29.
    Nguyen, V.: Ontologies and Information Systems: A Literature Survey (2011),
  30. 30.
    Sikora, E., Tenbergen, B., Pohl, K.: Industry needs and research directions in requirements engineering for embedded systems. In: RE (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Amina Souag
    • 1
  • Camille Salinesi
    • 1
  • Isabelle Comyn-Wattiau
    • 2
  1. 1.CRISorbonne University Paris 1France
  2. 2.CEDRIC-CNAM & ESSEC Business SchoolFrance

Personalised recommendations