Security-by-ontology: A knowledge-centric approach

IFIP International Federation for Information Processing

Volumn 201, Issue , 2006, Pages 99-110

  Tsoumas, Bill ^a   Papagiannakopoulos, Panagiotis ^a   Dritsas, Stelios ^a   Gritzalis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; INTEROPERABILITY; ONTOLOGY; RISK ASSESSMENT; SECURITY OF DATA;

ARBITRARY INFORMATION; SECURITY ACTIVITIES; SECURITY MANAGEMENT; SECURITY ONTOLOGIES; SECURITY REQUIREMENTS;

INFORMATION MANAGEMENT;

EID: 33845517642     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/0-387-33406-8_9     Document Type: Article

References (30)

1. National Research Council: Computers At Risk: Safe Computing in The Information Age, System Security Study Committee/Nat.ional Academy Press, Washington (1991).
2. British Standard 7799, Part 2 (1999), Information Technology - Specification for Information Security Management System, BSI.
3. Baskerville, R.: Research Notes: Research Directions in Information Systems Security, International Journal of Information Management, 14 (5), 385-387, 1994
4. DMTF CIM Policy Model v. 2.9, available at http://www.dmtf.org
5. Donner, M.: Toward a Security Ontology, IEEE Security and Privacy, Vol. 1-3, (2003).
6. Denker, G.: Access Control and Data Integrity for DAML+OIL and DAML-S, SRI International, USA (2002).
7. Clemente, F., et. al: Representing Security Policies, in Web Information Systems, in Proc. of the Policy Management for the Web Workshop (WWW 2005), Japan (2005).
8. OASIS Security Service TC, SAML, available at http://www.oasis-open.org.
9. XACML Specification v. 1.1, available at http://www.oasis-open.org.
10. Bozsak, E., Ehrig, M., Handschub, S., Hotho, J.: KAON - Towards a Large Scale Semantic Web, in Proc. of the 3rd EC-WEB Conference, Bauknecht, K., et al. (Eds.), France (2002).
11. Kagal, L. et al.: A policy language for a pervasive computing environment, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Italy (2003).
12. Lymberopoulos, L., Lupu, E., Sloman, M.: Ponder Policy Implementation and Validation in a CIM and Differentiated Services Framework, in Proc. of the 9th IEEE/IFIP Network Operations and Management Symposium, Seoul, South Korea (2004).
13. Alcantara, O., Sloman, M.: QoS policy specification - A mapping from Ponder to the IETF, Dept. of Computing, Imperial College, United Kingdom.
14. Raskin, V. et al.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool, in Proc. of the New Security Paradigms Workshop, V. Raskin, et al. Eds. USA (2001).
15. Uszok, A. et al.: KAoS: A Policy and Domain Services Framework for Grid Computing and Semantic Web Services, 2nd Intl. Conference on Trust Management, UK (2004).
16. Gandon, L., Sadeh, N.: Semantic web technologies to reconcile privacy and context awareness, Web Semantics Journal, Vol. 1, No. 3 (2004).
17. Chen, H. et al.: SOUPA: Standard ontology for ubiquitous and pervasive applications, in Proc. of the 1st International Conference on Mobile and Ubiquitous Systems: Networking and Services, USA (2004).
18. Gruber T.: Toward principles for the design of ontologies used for knowledge sharing, in Formal Ontology in Conceptual Analysis and Knowledge Representation. Kluwer Academic Publishers (1993).
19. Noy N., McGuiness D., "Ontology Development 101: A Guide to Creating Your First Ontology", Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, March 2001.
20. Holsapple C., Joshi K., "A collaborative approach to ontology design", Comm. of the ACM, 45(2):42-47, 2002.
21. Tsoumas, V., Dritsas, S., Gritzalis, D.: An Ontology-Based Approach to Information Systems Security Management, in 3rd Intl. Conference on Mathematical Models, Methods and Architectures for Computer Network Security (MMM-2005), Russia (2005).
22. ISO/IEC 17799, Information technology - Code of practice for information security management, IS0 (2000).
23. Australian/New Zealand Standard for Risk Management 4360 (1999).
24. United Kingdom Central Computer and Telecommunication Agency. CCTA Risk Analysis and Management Method: User Manual, v. 3.0, UK CCTA (1996).
25. Protégé Ontology Development Environment, at http://protege.stanford.edu/
26. Ernest Friedman-Hill, "JESS - The Rule Engine for the Java Platform", Sandia National Laboratories, http://herzberg.ca.sandia.gov/jess/index.shtml (Nov. 2005)
27. Damianou, N. et al.: The Ponder Policy Specification Language, in Proc. of the Policies for Distributed Systems and Networks Workshop, Lecture Notes in Computer Science, Vol. 1995. Springer-Verlag, (2001) 18-39.
28. Nmap scanner, available at http://www.insecure.org/nmap
29. Cunningham, H. et a.: GATE: A Framework and Graphical Development Environment for Robust NLP Tools and Applications, in Proc. of the 40th meeting of the Association for Computational Linguistics (ACL'02), USA (2002).
30. Aunningham, H., Maynard, D., Tablan, V.: JAPE: a Java Annotation Patterns Engine, (2nd edition), Dept. of Computer Science, Univ. of Sheffield, United Kingdom (2000).