An ontology-driven approach applied to information security

Journal of Research and Practice in Information Technology

Volumn 42, Issue 1, 2010, Pages 61-76

  Vorobiev, Artem ^a   Bekmamedova, Nargiza ^a  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Information security; Security attacks; Security defenses; Security ontologies

Indexed keywords

COUNTER MEASURES; DISTRIBUTED ATTACK; DISTRIBUTED DENIAL OF SERVICE ATTACK; DISTRIBUTED ENVIRONMENTS; INDEPENDENT COMPONENTS; INFORMATION SECURITY; SECURITY ATTACKS; SECURITY DEFENSE; SECURITY FUNCTIONS; SECURITY ONTOLOGIES; SOFTWARE SYSTEMS;

COMPUTER CRIME; INTRUSION DETECTION; NETWORK SECURITY; SOFTWARE AGENTS;

ONTOLOGY;

EID: 78649504015     PISSN: 1443458X     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Conference Paper

References (30)

1. BRICKLEY, D. and GUHA, R.V. (1999): RDF vocabulary description language 1.0: RDF Schema. Proposed W3c Recommendation for World Wide Web Consortium. http://www.w3.org/TR/PR-rdf-schema. Accessed 21-Nov-2001.
2. CC IS (2006): Common criteria international standard. http://www.niap-ccevs.org/cc-scheme. Accessed 3- Feb-2008.
3. CORE IMPACT (2008): CORE IMPACT website. http://www.coresecurity.com. Accessed 15-Sept-2008.
4. DAMIANI, E., De CAPITANI Di VIMERCATI, S., PARABOSCHI, S., SAMARATI, P. and VIOLANTE, F. (2002): A reputation-based approach for choosing reliable resources in peer-to-peer networks. CCS, Washington, USA.
5. DENKER, G., NGUYEN, S. and TON, A. (2004): OWL-S semantics of security web services: A case study. SRI International, Menlo Park, California, USA.
6. HENDLER, J. and McGUINNESS, D. (2000): The DARPA agent markup language. IEEE Intelligent Systems 16 (6): 67-73.
7. ISACA (2008): Information systems audit and control association. http://www.isaca.org. Accessed 25-Aug-2008.
8. KHAN, K. and HAN, J. (2003): A security characterisation framework for trustworthy component based software systems. COMPSAC2003, 164-169.
9. KHAN, K. (2005): Security characterisation and compositional analysis for component-based software systems. Ph.D. thesis. Monash University at Melbourne.
10. KIM, A., LUO, J. and KANG, M. (2005): Security ontology for annotating resources. The 4th International Conference on Ontologies, Databases, and Applications of Semantics (ODBASE 2005).
11. LINDSTROM, P. (2004): Attacking and defending web services. A Spire Research Report.
12. MARTIMIANO, L.A. and MOREIRA, E. (2006): The evaluation process of a computer security incident ontology. The 2nd Workshop on Ontologies and Their Applications, Ribeirão Preto.
13. MOURATIDIS, H. and GIORGINI, P. (2007): Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering, World Scientific 17(2): 285-309.
14. Nmap SCANNER (2007): Nmap scanner website. http://www.insecure.org/nmap. Accessed 10-Sept-2008.
15. NOY, N.F. and MCGUINNESS, D.L. (2007): Ontology development 101: A guide to creating your first ontology. http://protege.stanford.edu/publications/ ontology-development/ontology101-noy-mcguinness.html. Accessed 12-Jun- 2007.
16. NYSTEDT, D. (2005): Online gaming growing fast in China. IDG News Service.
17. OWL (2007): Web ontology language. http:w3.org/TR/owl-features. Accessed 17-May-2007.
18. OWL-S (2007): Semantic markup for web services. http://www.daml.org/ services. Accessed 17-May-2007.
19. PATEL, C., SUPERKAR, K. and LEE, Y. (2003): OntoGenie: Extracting ontology instances from WWW, Proc. of Workshop on Human Language Technology for the Semantic Web and Web Services 2003, Sanibel Island, Florida, 123-126.
20. PRICE, C. and SPACKMAN, K. (2000): SNOMED: Clinical terms. British Journal of Healthcare Computing and Information Management 17(3): 27-31.
21. SAINT (2008): SAINT website. http://www.saintcorporation.com. Accessed 20-Sept-2008.
22. SEACORD, R.C. and HOUSEHOLDER, A.D. (2005): A structured approach to classifying security vulnerabilities. CMU/SEI- 2005- TN-003.
23. SWSL (2007): Semantic web services language. http://www.daml.org/ services/swsl. Accessed 17-May- 2007.
24. STEWART, J.M., TITTEL, E. and CHAPPLE, M. (2005): CISSP: Certified information systems security professional: Study Guide. Sybex.
25. TSOUMAS, B. and GRITZALIS, D. (2006): Towards an ontology-based security management, Proc. of AINA06, Austria.
26. UNDERCOFFER, J., JOSHI, A., FININ, T. and PINKSTON, J. (2004): A target-centric ontology for intrusion detection. International Joint Conference on Artificial Intelligence, Mexico.
27. USCHOLD, M., KING, M., MORALEE, S. and ZORGIOS, Y. (1998): The enterprise ontology. The Knowledge Engineering Review 13(1): 31-89.
28. VOROBIEV, A. and HAN, J. (2006a): Specifying dynamic security properties of web service based systems. Proc. of SKG06, China.
29. VOROBIEV, A., HAN, J. (2006b): Security attack ontology for web services. Proc. of SKG06, China.
30. VOROBIEV, A., HAN, J. and BEKMAMEDOVA, N. (2008): An ontology framework for managing security attacks and defences in component based software systems. Proc. of the Australian Software Engineering Conference (ASWEC'08), Perth, Australia.