Almut Herzog, Nahid Shahmehri, Claudiu Duma:
An Ontology of Information Security.
Abstract
We present a publicly available, OWL-based ontology of
information security which models assets, threats, vulnerabilities,
countermeasures and their relations. The ontology can be used as a general
vocabulary, roadmap, and extensible dictionary of the domain of
information security. With its help, users can agree on a common language
and definition of terms and relationships. In addition to browsing for
information, the ontology is also useful for reasoning about relationships
between its entities, for example, threats and countermeasures. The
ontology helps answer questions like: Which countermeasures detect or
prevent the violation of integrity of data? Which assets are protected by
SSH? Which countermeasures thwart buffer overflow attacks? At the moment,
the ontology comprises 88 threat classes, 79 asset classes, 133
countermeasure classes and 34 relations between those classes. We provide
the means for extending the ontology, and provide examples of the
extendibility with the countermeasure classes 'memory protection' and
'source code analysis'. This article describes the content of the ontology
as well as its usages, potential for extension, technical implementation
and tools for working with it.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-057
@article{REWERSE-RP-2007-057, author = {Almut Herzog and Nahid Shahmehri and Claudiu Duma}, title = {An Ontology of Information Security}, journal = {International Journal of Information Security and Privacy (IJISP)}, year = {2007}, volume = {1}, number = {4}, pages = {1--23}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-057} }