Abstract
SecAOnto (Security Assessment Ontology) aims at formalizing the knowledge on “Security Assessment”. A conceptual formalization of this area is needed, given that there is an overlap of the “Information Security” and “Systems Assessment” areas, concepts are ambiguous, terminology is confounding, and important concepts are not defined. Nineteen papers on ontology, out of 80 papers of interest, have been selected to be discussed. Most of them are proposals of ontologies on information security; here we propose an ontology to deal specifically with security assessment aspects and particularities. SecAOnto is OWL-based, is publicly available and is devised to be used as a common and extensible model for security assessment. Its foundation comes from glossaries, vocabularies, taxonomies, ontologies, and market’s guidelines. The initial version of the ontology, its core model, as well as an application are presented. Our proposal is meant to be useful for security researchers who wish to formalize knowledge in their systems, methods and techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
L. Viljanen, Towards an ontology of trust. Computer (Long. Beach. Calif) 3592, 175–184 (2005)
F.F. Rosa, M. Jino, A survey of security assessment ontologies, in Advances in Intelligent Systems and Computing (AISC), 569th edn, ed. by J. Kacprzyk (Springer, 2017), pp. 166–173
C.P. de Barros, F. de Franco Rosa, A.F. Balcão Filho, Software testing with emphasis on finding security defects, in IADIS—The 12th International Conference on WWW/Internet (2013), pp. 226–228
N. Guarino, Formal ontology and information systems, in ACM International Conference in Formal Ontology and Information Systems (1998)
J. Biolchini, P.G. Mian, A. Candida, C. Natali, Systematic review in software engineering. Engineering 679, 165–176 (2005)
B. Kitchenham, Procedures for performing systematic reviews (Keele Univ., Keele, UK) 33, no. TR/SE-0401, 28 (2004)
F. de Franco Rosa, M. Jino, R. Bonacin, The Security Assessment Domain: A Survey of Taxonomies and Ontologies (Renato Archer Information Technology Center (CTI), Campinas, Brazil, 2017)
A. Souag, C. Salinesi, R. Mazo, I. Comyn-Wattiau, A Security Ontology for Security Requirements Elicitation (2015)
D. Feledi, S. Fenz, Challenges of web-based information security knowledge sharing, in 2012 Seventh Int. Conf. Availability, Reliab. Secur. (2012), pp. 514–521
A. Herzog, N. Shahmehri, C. Duma, An ontology of information security. Int. J. Inf. Secur. Priv. 1(4), 1–23 (2007)
S. Fenz, A. Ekelhart, Formalizing information security knowledge, in … 4th Int. Symp. Inf. … (2009), p. 183
A. Evesti, R. Savola, E. Ovaska, J. Kuusijarvi, The design, instantiation, and usage of information security measuring ontology, in Proc. 4th IEEE Int. Conf. Self-Adaptive Self-Organizing Syst., no. c (2011), pp. 204–212
H. Zhu, Q. Huo, Developing a software testing ontology in UML for a software growth environment of web-based applications, in Softw. Evol. with UML (2005), pp. 1–34
P. Salini, S. Kanmani, Ontology-based representation of reusable security requirements for developing secure web applications (2013)
A.D. Khairkar, D.D. Kshirsagar, S. Kumar, Ontology for detection of web attacks, in Proc.—2013 Int. Conf. Commun. Syst. Netw. Technol. CSNT 2013 (2013), pp. 612–615
P. Salini, S. Kanmani, A knowledge-oriented approach to security requirements engineering for e-voting system. Int. J. Comput. Appl. 49(11), 21–25 (2012)
M. Grobler, J.J. van Vuuren, L. Leenen, Implementation of a cyber security policy in South Africa: reflection on progress and the way forward. ICT Crit. Infrastruct. Soc. 386(2012), 215–225 (2012)
F.-H. Liu, W.-T. Lee, Constructing enterprise information network security risk management mechanism by ontology. J. Appl. Sci. Eng. 13(1), 79–87 (2010)
I. Kotenko, O. Polubelova, I. Saenko, E. Doynikova, The ontology of metrics for security evaluation and decision support in SIEM systems, in Proc.—2013 Int. Conf. Availability, Reliab. Secur. ARES 2013 (2013), pp. 638–645
W. Kang, Y. Liang, A security ontology with MDA for software development, in Proc.—2013 Int. Conf. Cyber-Enabled Distrib. Comput. Knowl. Discov. CyberC 2013 (2013), pp. 67–74
A. Gyrard, C. Bonnet, K. Boudaoud, A. Gyrard, C. Bonnet, K. Boudaoud, T. Stac, S. Toolbox, A. Gyrard, C. Bonnet, The STAC (Security Toolbox: Attacks & Countermeasures) ontology (2014)
U. Koinig, S. Tjoa, J. Ryoo, Contrology—an ontology-based cloud assurance approach, in 2015 IEEE 24th Int. Conf. Enabling Technol. Infrastruct. Collab. Enterp. (2015), pp. 105–107
S. Ramanauskaite, D. Olifer, N. Goranin, A. Čenys, Security ontology for adaptive mapping of security standards. Int. J. Comput. Commun. Control 8(6), 878–890 (2013)
D. Jutla, L. Xu, Privacy agents and ontology for the semantic web. Am. Conf. Inf. Syst., 1760–1767 (2004)
V. Raskjn, C. F. Hempelmann, S. Nirenburg, W. Lafayette, Ontology in information security: a useful theoretical foundation and methodological tool, in Work. New Secur. Paradig. (2002), pp. 53–59
L. Obrst, P. Chase, R. Markeloff, Developing an ontology of the cyber security domain, in Seventh Int. Conf. Semant. Technol. for. Intell. Defense, Secur.—STIDS 2012 (2012), pp. 49–56
P.M.S. Bueno, M. Jino, W.E. Wong, Diversity oriented test data generation using metaheuristic search techniques. Inf. Sci. (NY). 259, 490–509 (2011)
ISO/IEC, ISO/IEC 27001:2013 Information Technology—Security Techniques—Information Security Management Systems—Requirements (2013)
F. de Franco Rosa, M. Jino, L.A.L. Teixeira Junior, Security Assessment Ontology—SecAOnto (2017), https://github.com/ferruciof/Files/blob/master/SecAOnto/SecAOnto_V4.owl. Accessed 12 Jan 2017
A. Lozano-Tello, A. Gomez-Perez, ONTOMETRIC: a method to choose the appropriate ontology. J. Database Manag. 15(2), 1–18 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
de Franco Rosa, F., Jino, M., Bonacin, R. (2018). Towards an Ontology of Security Assessment: A Core Model Proposal. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 738. Springer, Cham. https://doi.org/10.1007/978-3-319-77028-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-77028-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77027-7
Online ISBN: 978-3-319-77028-4
eBook Packages: EngineeringEngineering (R0)