Skip to main content
SpringerLink
Log in

An Ontology-Based Approach to Information Systems Security Management

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3685))

Abstract

Complexity of modern information systems (IS), impose novel security requirements. On the other hand, the ontology paradigm aims to support knowledge sharing and reuse in an explicit and mutually agreed manner. Therefore, in this paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an arbitrary IS. We demonstrate that the linking between high-level policy statements and deployable security controls is possible and the implementation is achievable. This framework may support critical security expert activities with respect to security requirements identification and selection of certain controls and countermeasures. In addition, we present a structured approach for establishing a security management framework and identify its critical parts. Our security ontology is being represented in a neutral manner, based on well-known security standards, extending widely used information systems modeling approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Karygiannis, T., Owens, L.: Wireless Network Security: 802.11, Bluetooth and Handheld Devices, NIST Special Publication no. 800-48, US Dept. of Commerce, USA (2002)

    Google Scholar 

  2. PAMPAS (“Pioneering Advanced Mobile Privacy and Security”) Project, EU-IST-2001-37763, Final Roadmap, Deliverable D4 (May 2003), http://www.pampas.eu.org/

  3. DMTF CIM Policy Model v. 2.81 (February 2005), available at http://www.dmtf.org/standards/published_documents.php

  4. Clemente F., Perez G., Blaya J., Skarmeta A.: Representing Security Policies in Web Information Systems. In: Policy Management for the Web - WWW2005 Workshop, 14th International World Wide Web Conference, Chiba, Japan (May 2005)

    Google Scholar 

  5. Gruber, T.: Toward principles for the design of ontologies used for knowledge sharing. In: Formal Ontology in Conceptual Analysis and Knowledge Representation. Kluwer Academic Publishers, Dordrecht (1993)

    Google Scholar 

  6. Decker, S., et al.: Ontobroker: Ontology based access to distributed and semi-structured information. In: Meersman, R., et al. (eds.) DS-8: Semantic Issues in Multimedia Systems. Kluwer Academic Publishers, Dordrecht (1999)

    Google Scholar 

  7. Damianou, N., et al.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. ISO/IEC 17799 (2000-12-01), Information technology - Code of practice for information security management, ISO

    Google Scholar 

  9. COBIT 3rd Edition Control Objectives, IT Governance Institute (2000)

    Google Scholar 

  10. BSI, IT Baseline Protection Manual, Germany (March 2005), available at http://www.bsi.bund.de/english/index.htm

  11. Cisco Security Advisories (March 2005), http://www.cisco.com/go/psirt/

  12. SecurityFocus security portal (March 2005), http://www.securityfocus.com

  13. Seclists. Org Security Mailing List Archive (March 2005), http://seclists.org

  14. Common Vulnerabilities and Exposures (March 2005), http://www.cve.mitre.org/

  15. OVAL–Open Vulnerability Assessment Language (March 2005), http://oval.mitre.org/

  16. Cunningham, H., et al.: GATE: A Framework and Graphical Development Environment for Robust NLP Tools and Applications. In: Proc. of the 40th meeting of the Association for Computational Linguistics (ACL 2002), USA (July 2002)

    Google Scholar 

  17. Bontcheva, K., et al.: Evolving GATE to Meet New Challenges in Language Engineering. Natural Language Engineering (to appear)

    Google Scholar 

  18. Dean, M., et al.: OWL Web Ontology Language Reference W3C Recommendation (March 2005), http://www.w3.org/TR/owl-ref/

  19. Noy, N., McGuiness, D.: Ontology Development 101: A Guide to Creating Your First Ontology, Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880 (March 2001)

    Google Scholar 

  20. Holsapple, C., Joshi, K.: A collaborative approach to ontology design. Com. of the ACM 45(2), 42–47 (2002)

    Google Scholar 

  21. British Standard 7799, Part 2, Information Technology - Specification for Information Security Management System, BSI (1999)

    Google Scholar 

  22. Standards Australia and Standards New Zealand, Australian/New Zealand Standard for Risk Management 4360 (1999)

    Google Scholar 

  23. ISO/IEC 15408-1, 2, 3: Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements (1999)

    Google Scholar 

  24. Nmap scanner (March 2005), available at http://www.insecure.org/nmap

  25. Netstumbler 802.11 network scanner (March 2005), available at http://www.stumbler.net

  26. Protégé Ontology Development Environment (March 2005), at http://protege.stanford.edu/

  27. Westerinen, A., Schott, J.: Implementation of the CIM Policy Model Using PONDER. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, June 7–9. IEEE Computer Society, Los Alamitos (2004) ISBN 0-7695-2141-X

    Google Scholar 

  28. Lymberopoulos, L., Lupu, E.C., Sloman, M.S.: Ponder Policy Implementation and Validation in a CIM and Differentiated Services Framework. In: Presented at NOMS 2004, Seoul (April 2004)

    Google Scholar 

  29. Alcantara, O.D., Sloman, M.: QoS policy specification - A mapping from Ponder to the IETF, Department of Computing, Imperial College, 180 Queen’s Gate, London SW7 2BZ

    Google Scholar 

  30. Hewlett-Packard: A Primer on Policy-based Network Management, September 14 (1999)

    Google Scholar 

  31. ANSI INCITS 359-2004, “Information Technology - Role Based Access Control” (2004)

    Google Scholar 

  32. Hegering, H.-G., Abeck, S., Neumair, B.: Integrated Management of Network Systems: Concepts, Architectures and Their Operational Application. Kaufmann Publ., San Francisco (1999)

    Google Scholar 

  33. Donner, M.: Toward a Security Ontology. IEEE Security and Privacy 1(3), 6–7 (2003)

    Google Scholar 

  34. Denker, G.: Access Control and Data Integrity for DAML+OIL and DAML-S, SRI International, USA (2002)

    Google Scholar 

  35. Denker, G.: Security Mark-up and Rules, SRI International, CAIn: Dagstuhl Seminar on Rule Markup Techniques (2002)

    Google Scholar 

  36. OASIS Security Service TC. Security Assertion Markup Language (SAML) (March 2005), http://www.oasis-open.org/committees/security/

  37. Bozsak, E., Ehrig, M., Handschub, S., Hotho, J.: KAON – Towards a Large Scale Semantic Web. In: Bauknecht, K., et al. (eds.) Proc. of the 3rd International Conference on e-Commerce and Web Technologies, EC-WEB-2002, pp. 304–313 (2002)

    Google Scholar 

  38. Kagal, L., et al.: A policy language for a pervasive computing environment. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (2003)

    Google Scholar 

  39. Raskin, V., et al.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool. In: Raskin, V., et al. (eds.) Proc. of the New Security Paradigms Workshop. ACM, USA (2001)

    Google Scholar 

  40. Uszok, A., et al.: KAoS: A Policy and Domain Services Framework for Grid Computing and Semantic Web Services. In: Proc. of the Second International Conference on Trust Management (2004)

    Google Scholar 

  41. Tonti, G., et al.: Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei and Ponder. In: Proc. of the 2nd International Semantic Web Conference (2003)

    Google Scholar 

  42. Gandon, F.L., Sadeh, M.N.: Semantic web technologies to reconcile privacy and context awareness. Web Semantics Journal 1(3) (2004)

    Google Scholar 

  43. Chen, H., et al.: SOUPA: Standard ontology for ubiquitous and pervasive applications. In: Proc. of the First International Conference on Mobile and Ubiquitous Systems: Networking and Services (2004)

    Google Scholar 

  44. XACML Specification (2003), eXtensible Access Control Markup Language, v. 1.1 (March 2005), available at http://www.oasis-open.org

Download references

Author information

Authors and Affiliations

  1. Dept. of Informatics, Athens University of Economics and Business, 76 Patission Ave., Athens, GR-10434, Greece

    Bill Tsoumas, Stelios Dritsas & Dimitris Gritzalis

Authors
  1. Bill Tsoumas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stelios Dritsas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsoumas, B., Dritsas, S., Gritzalis, D. (2005). An Ontology-Based Approach to Information Systems Security Management. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_12

Download citation

  • DOI: https://doi.org/10.1007/11560326_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation