Skip to main content
SpringerLink
Log in

Towards an Ontology of Security Assessment: A Core Model Proposal

  • Conference paper
  • First Online:
Information Technology - New Generations

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 738))

Abstract

SecAOnto (Security Assessment Ontology) aims at formalizing the knowledge on “Security Assessment”. A conceptual formalization of this area is needed, given that there is an overlap of the “Information Security” and “Systems Assessment” areas, concepts are ambiguous, terminology is confounding, and important concepts are not defined. Nineteen papers on ontology, out of 80 papers of interest, have been selected to be discussed. Most of them are proposals of ontologies on information security; here we propose an ontology to deal specifically with security assessment aspects and particularities. SecAOnto is OWL-based, is publicly available and is devised to be used as a common and extensible model for security assessment. Its foundation comes from glossaries, vocabularies, taxonomies, ontologies, and market’s guidelines. The initial version of the ontology, its core model, as well as an application are presented. Our proposal is meant to be useful for security researchers who wish to formalize knowledge in their systems, methods and techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. L. Viljanen, Towards an ontology of trust. Computer (Long. Beach. Calif) 3592, 175–184 (2005)

    Google Scholar 

  2. F.F. Rosa, M. Jino, A survey of security assessment ontologies, in Advances in Intelligent Systems and Computing (AISC), 569th edn, ed. by J. Kacprzyk (Springer, 2017), pp. 166–173

    Google Scholar 

  3. C.P. de Barros, F. de Franco Rosa, A.F. Balcão Filho, Software testing with emphasis on finding security defects, in IADIS—The 12th International Conference on WWW/Internet (2013), pp. 226–228

    Google Scholar 

  4. N. Guarino, Formal ontology and information systems, in ACM International Conference in Formal Ontology and Information Systems (1998)

    Google Scholar 

  5. J. Biolchini, P.G. Mian, A. Candida, C. Natali, Systematic review in software engineering. Engineering 679, 165–176 (2005)

    Google Scholar 

  6. B. Kitchenham, Procedures for performing systematic reviews (Keele Univ., Keele, UK) 33, no. TR/SE-0401, 28 (2004)

    Google Scholar 

  7. F. de Franco Rosa, M. Jino, R. Bonacin, The Security Assessment Domain: A Survey of Taxonomies and Ontologies (Renato Archer Information Technology Center (CTI), Campinas, Brazil, 2017)

    Google Scholar 

  8. A. Souag, C. Salinesi, R. Mazo, I. Comyn-Wattiau, A Security Ontology for Security Requirements Elicitation (2015)

    Google Scholar 

  9. D. Feledi, S. Fenz, Challenges of web-based information security knowledge sharing, in 2012 Seventh Int. Conf. Availability, Reliab. Secur. (2012), pp. 514–521

    Google Scholar 

  10. A. Herzog, N. Shahmehri, C. Duma, An ontology of information security. Int. J. Inf. Secur. Priv. 1(4), 1–23 (2007)

    Article  Google Scholar 

  11. S. Fenz, A. Ekelhart, Formalizing information security knowledge, in … 4th Int. Symp. Inf. … (2009), p. 183

    Google Scholar 

  12. A. Evesti, R. Savola, E. Ovaska, J. Kuusijarvi, The design, instantiation, and usage of information security measuring ontology, in Proc. 4th IEEE Int. Conf. Self-Adaptive Self-Organizing Syst., no. c (2011), pp. 204–212

    Google Scholar 

  13. H. Zhu, Q. Huo, Developing a software testing ontology in UML for a software growth environment of web-based applications, in Softw. Evol. with UML (2005), pp. 1–34

    Google Scholar 

  14. P. Salini, S. Kanmani, Ontology-based representation of reusable security requirements for developing secure web applications (2013)

    Google Scholar 

  15. A.D. Khairkar, D.D. Kshirsagar, S. Kumar, Ontology for detection of web attacks, in Proc.—2013 Int. Conf. Commun. Syst. Netw. Technol. CSNT 2013 (2013), pp. 612–615

    Google Scholar 

  16. P. Salini, S. Kanmani, A knowledge-oriented approach to security requirements engineering for e-voting system. Int. J. Comput. Appl. 49(11), 21–25 (2012)

    Google Scholar 

  17. M. Grobler, J.J. van Vuuren, L. Leenen, Implementation of a cyber security policy in South Africa: reflection on progress and the way forward. ICT Crit. Infrastruct. Soc. 386(2012), 215–225 (2012)

    Article  Google Scholar 

  18. F.-H. Liu, W.-T. Lee, Constructing enterprise information network security risk management mechanism by ontology. J. Appl. Sci. Eng. 13(1), 79–87 (2010)

    Google Scholar 

  19. I. Kotenko, O. Polubelova, I. Saenko, E. Doynikova, The ontology of metrics for security evaluation and decision support in SIEM systems, in Proc.—2013 Int. Conf. Availability, Reliab. Secur. ARES 2013 (2013), pp. 638–645

    Google Scholar 

  20. W. Kang, Y. Liang, A security ontology with MDA for software development, in Proc.—2013 Int. Conf. Cyber-Enabled Distrib. Comput. Knowl. Discov. CyberC 2013 (2013), pp. 67–74

    Google Scholar 

  21. A. Gyrard, C. Bonnet, K. Boudaoud, A. Gyrard, C. Bonnet, K. Boudaoud, T. Stac, S. Toolbox, A. Gyrard, C. Bonnet, The STAC (Security Toolbox: Attacks & Countermeasures) ontology (2014)

    Google Scholar 

  22. U. Koinig, S. Tjoa, J. Ryoo, Contrology—an ontology-based cloud assurance approach, in 2015 IEEE 24th Int. Conf. Enabling Technol. Infrastruct. Collab. Enterp. (2015), pp. 105–107

    Google Scholar 

  23. S. Ramanauskaite, D. Olifer, N. Goranin, A. Čenys, Security ontology for adaptive mapping of security standards. Int. J. Comput. Commun. Control 8(6), 878–890 (2013)

    Article  Google Scholar 

  24. D. Jutla, L. Xu, Privacy agents and ontology for the semantic web. Am. Conf. Inf. Syst., 1760–1767 (2004)

    Google Scholar 

  25. V. Raskjn, C. F. Hempelmann, S. Nirenburg, W. Lafayette, Ontology in information security: a useful theoretical foundation and methodological tool, in Work. New Secur. Paradig. (2002), pp. 53–59

    Google Scholar 

  26. L. Obrst, P. Chase, R. Markeloff, Developing an ontology of the cyber security domain, in Seventh Int. Conf. Semant. Technol. for. Intell. Defense, Secur.—STIDS 2012 (2012), pp. 49–56

    Google Scholar 

  27. P.M.S. Bueno, M. Jino, W.E. Wong, Diversity oriented test data generation using metaheuristic search techniques. Inf. Sci. (NY). 259, 490–509 (2011)

    Article  Google Scholar 

  28. ISO/IEC, ISO/IEC 27001:2013 Information Technology—Security Techniques—Information Security Management Systems—Requirements (2013)

    Google Scholar 

  29. F. de Franco Rosa, M. Jino, L.A.L. Teixeira Junior, Security Assessment Ontology—SecAOnto (2017), https://github.com/ferruciof/Files/blob/master/SecAOnto/SecAOnto_V4.owl. Accessed 12 Jan 2017

  30. A. Lozano-Tello, A. Gomez-Perez, ONTOMETRIC: a method to choose the appropriate ontology. J. Database Manag. 15(2), 1–18 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Technology Center Renato Archer, Campinas, SP, Brazil

    Ferrucio de Franco Rosa & Rodrigo Bonacin

  2. FEEC–University of Campinas, Campinas, SP, Brazil

    Mario Jino

  3. Faculty of Campo Limpo Paulista, Campo Limpo Paulista, SP, Brazil

    Rodrigo Bonacin

Authors
  1. Ferrucio de Franco Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mario Jino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rodrigo Bonacin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rodrigo Bonacin .

Editor information

Editors and Affiliations

  1. Department of Electrical & Computer Engineering, University of Nevada, Las Vegas, Las Vegas, Nevada, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

de Franco Rosa, F., Jino, M., Bonacin, R. (2018). Towards an Ontology of Security Assessment: A Core Model Proposal. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 738. Springer, Cham. https://doi.org/10.1007/978-3-319-77028-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-77028-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-77027-7

  • Online ISBN: 978-3-319-77028-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation