Ontology-based security problem definition and solution for the common criteria compliant development process

Proceedings of 2009 4th International Conference on Dependability of Computer Systems, DepCos-RELCOMEX 2009

Volumn , Issue , 2009, Pages 3-10

  Bialas, Andrzej ^a  

^a Institute of Innovative Technologies EMAG   (Poland)

Author keywords

[No Author keywords available]

Indexed keywords

COMMON CRITERIA; DEVELOPMENT PROCESS; ISO/IEC 15408; IT SECURITY; KNOWLEDGE BASE; ONTOLOGY-BASED; SECURITY OBJECTIVES; SECURITY POLICY; SECURITY PROBLEMS;

KNOWLEDGE BASED SYSTEMS; ONTOLOGY; SECURITY SYSTEMS; STANDARDIZATION;

NETWORK SECURITY;

EID: 70449650807     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DepCoS-RELCOMEX.2009.15     Document Type: Conference Paper

References (21)

1. ISO/IEC 15408. Common Criteria for IT security evaluation. v.3.1. Part 1-3.
2. Bialas A.: Semiformal framework for ICT security development, The 8th International Common Criteria Conference, Rome, 25-27 September 2007. http://www.8iccc.com/index.php
3. Bialas A.: Semiformal Approach to the IT Security Development In: Zamojski W., Mazurkiewicz J., Sugier J., Walkowiak T.: Proc. of the Int. Conf. on Dependability of Comp. Sys. DepCoS-RELCOMEX 2007, IEEE Computer Society, Los Alamitos, Washington, Tokyo, ISBN 0-7695-2850-3. pp. 3-11.
4. Bialas A.: Semiformal Common Criteria Compliant IT Security Development Framework, Studia Informatica vol. 29, Number 2B(77), Silesian Univ. of Technology Press, Gliwice 2008. http://www.znsi.aei.polsl.pl/
5. Bialas A.: Ontology-based Approach to the Common Criteria Compliant IT Security Development, In: Proceedings of the 2008 Int. Conf. on Security and Management - SAM'08, Las Vegas, July 2008, pp. 586-592.
6. Ekelhart A., Fenz, S., Goluch, G., and Weippl, E.: Ontological Mapping of Common Criteria's Security Assurance Requirements, 2007 IFIP, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, Venter et al (eds.), Boston: Springer 2007, pp. 85-95.
7. Common Criteria ontology, Secure Business. http://research. securityresearch.at/research/focus/common-criteria-security-assurance/
8. Yavagal D.S., Lee S.W., Ahn G-J., Gandhi R.A.: Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA), In: Proc. of the 43rd Annual ACM Southeast Conference (ACMSE'05), Vol. 2, pp. 130-135, March 18-20, Kennesaw State Univ. Kennesaw, Georgia. 2005.
9. Vorobiev A., Bekmamedova N.: An Ontological Approach Applied to Information Security and Trust, 18th Australasian Conf. on Inform. Syst., Toowoomba, 2007. http://www.acis2007.usq.edu.au/assets/papers/144.pdf
10. Kim A., Luo J., Kang M.: Security Ontology for Annotating Resources, NRL, Washington, 2005. http://chacs.nrl.navy.mil/publications/CHACS/2005/2005kim- NRLOntologyFinal.pdf
11. OWL Security ontologies in OWL, Computer Science Laboratory. http://www.csl.sri.com/users/denker/owl-sec/ontologies/
12. DAML Services - Security and privacy. http://www.daml.org/services/owl-s/ security.html
13. A. Herzog's web site "Security Ontology", Linköping University. http://www.ida.liu.se/~iislab/projects/secont/
14. REI Ontology Specifications, ver. 2.0, University of Maryland. http://www.cs.umbc.edu/~lkagal1/rei/
15. Ekelhart A., Fenz S., Goluch, G., Riedel B., et al.: Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard, Proc. of the 13th Pacific Rim Int. Symp. on Dependable Computing, IEEE Computer Society, 2007, pp. 381-388. http://publik.tuwien.ac.at/files/pub-inf-4689.pdf
16. Martimiano L.A.F, Moreira EdS.: Using ontologies to assist security management, 8th Intl. Protégé Conf., 2005. http://www.ppgia.pucpr. br/~maziero/pesquisa/ceseg/sbseg06/conteudo/artigos/resumos/19513.pdf
17. Ekelhart A., Fenz S., Klemen M., Weippl E.: Security Ontologies: Improving Quantitative Risk Analysis, Proc. of the 40th Hawaii Int. Conf. on System Sciences, Big Island, IEEE Computer Soc. Press, 2007.
18. Tsoumas B., Dritsas S., Gritzalis D.: An Ontology-Based Approach to Information Systems Security Management, LNCS, Volume 3685/2005, Springer Berlin/ Heidelberg 2005, pp. 151-164.
19. Martimiano L.A.F, Moreira EdS.: An OWL-based Security Incident Ontology, 8th Intl. Protégé Conf. Madrid, 2005. http://protege.stanford.edu/ conference/2005/submissions/posters/poster-martimiano.pdf
20. Noy N.F., McGuiness D.L.: Ontology Development 101: A Guide to Creating Your First Ontology, Knowledge Systems Laboratory, March, 2001. http://www-ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noy-mcguinness- abstract.html
21. Protégé Ontology Editor and Knowledge Acquisition System, Stanford University. http://protege.stanford.edu/