Skip to main content
SpringerLink
Log in

How FAIR are Security Core Ontologies? A Systematic Mapping Study

  • Conference paper
  • First Online:
Research Challenges in Information Science (RCIS 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 415))

Included in the following conference series:

Abstract

Recently, ontology-based approaches to security, in particular to information security, have been recognized as a relevant challenge and as an area of research interest of its own. As the number of ontologies about security grows for supporting different applications, semantic interoperability issues emerge. Relatively little attention has been paid to the ontological analysis of the concept of security understood as a broad application-independent security ontology. Core (or reference) ontologies of security cover this issue to some extent, enabling multiple applications crossing domains of security (information systems, economics, public health, crime etc.). In this paper, we investigate the current state-of-the-art on Security Core Ontologies. We select, analyze, and categorize studies on this topic, supporting a future ontological analysis of security, which could ground a well-founded security core ontology. Notably, we show that: most existing ontologies are not publicly findable/accessible; foundational ontologies are under-explored in this field of research; there seems to be no common ontology of security. From these findings, we make the case for the need of a FAIR Core Security Ontology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See https://webfoundation.org/2020/09/un-trust-and-security-letter/.

  2. 2.

    Indeed, our searches suggests there is almost no ontology-based study about security before 2000.

  3. 3.

    https://harzing.com/resources/publish-or-perish.

  4. 4.

    Source: https://github.com/ferruciof/Files.

  5. 5.

    Source: http://semionet.rnet.ryerson.ca/ontologies/sio.owl.

  6. 6.

    Source: http://securitytoolbox.appspot.com/stac.

  7. 7.

    Source: https://www.ida.liu.se/divisions/adit/security/projects/secont/.

  8. 8.

    Source: https://sourceforge.net/projects/vulneranet/files/Wiki/.

  9. 9.

    Source: https://github.com/brunomozza/IoTSecurityOntology.

  10. 10.

    http://lov4iot.appspot.com/?p=lov4iot-security.

References

  1. Amaral, G., Sales, T.P., Guizzardi, G., Porello, D.: Towards a reference ontology of trust. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C.A., Meersman, R. (eds.) OTM 2019. LNCS, vol. 11877, pp. 3–21. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33246-4_1

    Chapter  Google Scholar 

  2. Arbanas, K., et al.: Inf. Organiz. Sci. 39(2), 107–136 (2015)

    Google Scholar 

  3. Blanco, C., et al.: A systematic review and comparison of security ontologies. In: 3rd International Conference on Availability, Reliability and Security, pp. 813–820. IEEE (2008)

    Google Scholar 

  4. Blanco, C., et al.: Basis for an integrated security ontology according to a systematic review of existing proposals. Comput. Stand. Interfaces 33(4), 372–388 (2011)

    Article  Google Scholar 

  5. Donner, M.: Toward a security ontology. IEEE Secur. Priv. 3, 6–7 (2003)

    Google Scholar 

  6. Ellerm, A., et al.: Modelling security aspects with archimate: a systematic mapping study. In: Euromicro Conference on Software Engineering and Advanced Applications, pp. 577–584. IEEE (2020)

    Google Scholar 

  7. Griffo, C.: Ufo-l: A core ontology of legal concepts built from a legal relations perspective. Doctoral Consortium Contributions, IC3K-KEOD (2015)

    Google Scholar 

  8. Guizzardi, G.: Ontological foundations for structural conceptual models. CTIT, Centre for Telematics and Information Technology (2005)

    Google Scholar 

  9. Guizzardi, G.: The role of foundational ontologies for conceptual modeling and domain ontology representation. In: 2006 7th International Baltic Conference on Databases and Information Systems, pp. 17–25. IEEE (2006)

    Google Scholar 

  10. Guizzardi, G.: On ontology, ontologies, conceptualizations, modeling languages, and (meta) models. Frontiers Artif. Intell. Appl. 155, 18 (2007)

    Google Scholar 

  11. Guizzardi, G.: Ontology, ontologies and the “I” of FAIR. Data Intell. 2(1–2), 181–191 (2020)

    Article  Google Scholar 

  12. Guizzardi, G., et al.: Towards ontological foundations for conceptual modeling: the unified foundational ontology (UFO) story. Appl. Ontol. 10(3–4), 259–271 (2015)

    Article  Google Scholar 

  13. Jacobsen, A., et al.: FAIR principles: interpretations and implementation considerations. Data Intell. 2(1–2), 10–29 (2020)

    Article  Google Scholar 

  14. Keet, C.M.: The use of foundational ontologies in ontology development: an empirical assessment. In: Antoniou, G., Grobelnik, M., Simperl, E., Parsia, B., Plexousakis, D., De Leenheer, P., Pan, J. (eds.) ESWC 2011. LNCS, vol. 6643, pp. 321–335. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21034-1_22

    Chapter  Google Scholar 

  15. Kovalenko, O., et al.: Knowledge model and ontology for security services. In: International Conference on System Analysis & Intelligent Computing, pp. 1–4. IEEE (2018)

    Google Scholar 

  16. Meriah, I., et al.: Analysing information security risk ontologies. Int. J. Syst. Softw. Secur. Prot. 11(1), 1–16 (2020)

    Google Scholar 

  17. Mitzen, J.: Ontological security in world politics: state identity and the security dilemma. Eur. J. Int. Relat. 12(3), 341–370 (2006)

    Article  Google Scholar 

  18. Nardi, J.C., et al.: A commitment-based reference ontology for services. Inf. Syst. 54, 263–288 (2015)

    Article  Google Scholar 

  19. Petersen, K., et al.: Systematic mapping studies in software engineering. In: 12th International Conference Evaluation and Assessment in Software Engineering (EASE) 12, pp. 1–10 (2008)

    Google Scholar 

  20. Quine, W.V.: On what there is. Rev. Metaphys. 2(5), 21–38 (1948)

    Google Scholar 

  21. Roussey, C., Pinet, F., Kang, M.A., Corcho, O.: An introduction to ontologies and ontology engineering. In: Ontologies in Urban Development Projects. Advanced Information and Knowledge Processing, vol. 1, pp. 9–39. Springer, London (2011). https://doi.org/10.1007/978-0-85729-724-2_2

  22. Sales, T.P., Baião, F., Guizzardi, G., Almeida, J.P.A., Guarino, N., Mylopoulos, J.: The common ontology of value and risk. In: Trujillo, J.C., et al. (eds.) ER 2018. LNCS, vol. 11157, pp. 121–135. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00847-5_11

    Chapter  Google Scholar 

  23. Schulz, S.: The role of foundational ontologies for preventing bad ontology design. In: 4th Joint Ontology Workshops (JOWO), vol. 2205. CEUR-WS (2018)

    Google Scholar 

  24. Sicilia, M.-A., García-Barriocanal, E., Bermejo-Higuera, J., Sánchez-Alonso, S.: What are information security ontologies useful for? In: Garoufallou, E., Hartley, R.J., Gaitanou, P. (eds.) MTSR 2015. CCIS, vol. 544, pp. 51–61. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24129-6_5

    Chapter  Google Scholar 

  25. Sikos, L.F.: OWL ontologies in cybersecurity: conceptual modeling of cyber-knowledge. In: Sikos, L.F. (ed.) AI in Cybersecurity. ISRL, vol. 151, pp. 1–17. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-98842-9_1

    Chapter  Google Scholar 

  26. Studer, R., et al.: Knowledge engineering: principles and methods. Data Knowl. Eng. 25(1–2), 161–197 (1998)

    Article  Google Scholar 

  27. Tao, M., et al.: Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes. Fut. Gen. Comput. Syst. 78, 1040–1051 (2018)

    Article  Google Scholar 

  28. Zemmouchi-Ghomari, L., et al.: Reference ontology. In: International Conference on Signal Image Technology and Internet Based Systems, pp. 485–491. IEEE (2009)

    Google Scholar 

Selected Studies

  1. Agrawal, V.: Towards the ontology of ISO/IEC 27005: 2011 risk management standard. In: International Symposium on Human Aspects of Information Security & Assurance, pp. 101–111 (2016)

    Google Scholar 

  2. do Amaral, F.N., et al.: An ontology-based approach to the formalization of information security policies. In: International Enterprise Distributed Object Computing Conference Workshops. IEEE (2006)

    Google Scholar 

  3. Wang, A., et al.: An ontological approach to computer system security. Inf. Secur. J. A Glob. Perspect. 19(2), 61–73 (2010)

    Article  Google Scholar 

  4. Arogundade, O.T., et al.: Towards an ontological approach to information system security and safety requirement modeling and reuse. Inf. Secur. J. A Glob. Perspect. 21(3), 137–149 (2012)

    Article  Google Scholar 

  5. Avizienis, A., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  6. Beji, S., et al.: Security ontology proposal for mobile applications. In: 10th International Conference on Mobile Data Management: Systems, Services and Middleware. IEEE (2009)

    Google Scholar 

  7. Blanco, F.J., et al.: Vulnerapedia: security knowledge management with an ontology. In: International Conference on Agents and Artificial Intelligence, pp. 485–490 (2012)

    Google Scholar 

  8. Boualem, S.A., et al.: Maintenance & information security ontology. In: International Conference on Control, Decision and Information Technologies, pp. 312–317. IEEE (2017)

    Google Scholar 

  9. Casola, V., et al.: A first step towards an ISO-based information security domain ontology. In: International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 334–339. IEEE (2019)

    Google Scholar 

  10. Chen, B., et al.: Research on ontology-based network security knowledge map. In: International Conference on Cloud Computing, Big Data and Blockchain, pp. 1–7. IEEE (2018)

    Google Scholar 

  11. Cherdantseva, Y., et al.: A reference model of information assurance & security. In: International Conference on Availability, Reliability and Security, pp. 546–555. IEEE (2013)

    Google Scholar 

  12. Chowdhury, M.J.M.: Security risk modelling using secureUML. In: 16th International Conference on Computer and Information Technology, pp. 420–425. IEEE (2014)

    Google Scholar 

  13. de Franco Rosa, F., Jino, M., Bonacin, R.: Towards an ontology of security assessment: a core model proposal. In: Latifi, S. (ed.) Information Technology – New Generations. AISC, vol. 738, pp. 75–80. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77028-4_12

    Chapter  Google Scholar 

  14. dos Santos Moreira, E., Andréia Fondazzi Martimiano, L., José dos Santos Brandão, A., César Bernardes, M.: Ontologies for information security management and governance. Inf. Manag. Comput. Secur. 16(2), 150–165 (2008). https://doi.org/10.1108/09685220810879627

  15. Dritsas, S., Gymnopoulos, L., Karyda, M., Balopoulos, T., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S.: Employing ontologies for the development of security critical applications. In: Funabashi, M., Grzech, A. (eds.) I3E 2005. IIFIP, vol. 189, pp. 187–201. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-29773-1_13

    Chapter  Google Scholar 

  16. Ekelhart, A., Fenz, S., Klemen, M.D., Tjoa, A.M., Weippl, E.R.: Ontology-based business knowledge for simulating threats to corporate assets. In: Reimer, U., Karagiannis, D. (eds.) PAKM 2006. LNCS (LNAI), vol. 4333, pp. 37–48. Springer, Heidelberg (2006). https://doi.org/10.1007/11944935_4

    Chapter  Google Scholar 

  17. Ekelhart, A., Fenz, S., Klemen, M.D., Weippl, E.R.: Security ontology: simulating threats to corporate assets. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 249–259. Springer, Heidelberg (2006). https://doi.org/10.1007/11961635_17

    Chapter  Google Scholar 

  18. Ekelhart, A., et al.: Security ontologies: improving quantitative risk analysis. In: Annual Hawaii International Conference on System Sciences, pp. 156a–156a. IEEE (2007)

    Google Scholar 

  19. Ekelhart, A., et al.: Extending the UML statecharts notation to model security aspects. IEEE Trans. Softw. Eng. 41(7), 661–690 (2015)

    Article  Google Scholar 

  20. Elahi, G., Yu, E., Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds.) ER 2009. LNCS, vol. 5829, pp. 99–114. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04840-1_10

    Chapter  Google Scholar 

  21. Fani, H., et al.: An ontology for describing security events. In: SEKE, pp. 455–460 (2015)

    Google Scholar 

  22. Fenz, S., et al.: Formalizing information security knowledge. In: International Symposium on Information, Computer, and Communications Security, pp. 183–194 (2009)

    Google Scholar 

  23. Fernandez, E.B., et al.: A security reference architecture for cloud systems. In: WICSA 2014 Companion Volume, pp. 1–5 (2014)

    Google Scholar 

  24. Guan, H., Yang, H., Wang, J.: An ontology-based approach to security pattern selection. International Journal of Automation and Computing 13(2), 168–182 (2016). https://doi.org/10.1007/s11633-016-0950-1

    Article  Google Scholar 

  25. Gyrard, A., et al.: The STAC (security toolbox: attacks & countermeasures) ontology. In: International Conference on World Wide Web, pp. 165–166 (2013)

    Google Scholar 

  26. Herzog, A., et al.: An ontology of information security. Int. J. Inf. Secur. Priv. 1(4), 1–23 (2007)

    Article  Google Scholar 

  27. Jonsson, E.: Towards an integrated conceptual model of security and dependability. In: International Conference on Availability, Reliability and Security. IEEE (2006)

    Google Scholar 

  28. Kang, W., et al.: A security ontology with MDA for software development. In: International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 67–74 (2013)

    Google Scholar 

  29. Karyda, M., et al.: An ontology for secure e-government applications. In: International Conference on Availability, Reliability and Security, p. 5. IEEE (2006)

    Google Scholar 

  30. Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005). https://doi.org/10.1007/11575801_34

    Chapter  Google Scholar 

  31. Kim, B.J., et al.: Analytical study of cognitive layered approach for understanding security requirements using problem domain ontology. In: Asia-Pacific Software Engineering Conference, pp. 97–104. IEEE (2016)

    Google Scholar 

  32. Kim, B.J., et al.: Understanding and recommending security requirements from problem domain ontology: a cognitive three-layered approach. J. Syst. Soft. 169, (2020)

    Google Scholar 

  33. Korger, A., Baumeister, J.: The SECCO ontology for the retrieval and generation of security concepts. In: Case-Based Reasoning Research and Development (2018)

    Google Scholar 

  34. Li, T., et al.: An ontology-based learning approach for automatically classifying security requirements. J. Syst. Soft. 165, (2020)

    Google Scholar 

  35. Lund, M.S., et al.: UML profile for security assessment. Technical report STF A 3066 (2003)

    Google Scholar 

  36. Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y.: An extended ontology for security requirements. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 622–636. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22056-2_64

    Chapter  Google Scholar 

  37. Mayer, N.: Model-based management of information system security risk. Ph.D. thesis, University of Namur (2009)

    Google Scholar 

  38. Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., Wieringa, R.: An integrated conceptual model for information system security risk management supported by enterprise architecture management. Softw. Syst. Model. 18(3), 2285–2312 (2018). https://doi.org/10.1007/s10270-018-0661-x

    Article  Google Scholar 

  39. Milicevic, D., Goeken, M.: Ontology-based evaluation of ISO 27001. In: Cellary, W., Estevez, E. (eds.) I3E 2010. IAICT, vol. 341, pp. 93–102. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16283-1_13

    Chapter  Google Scholar 

  40. Mouratidis, H., Giorgini, P., Manson, G.: An ontology for modelling security: the tropos approach. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS (LNAI), vol. 2773, pp. 1387–1394. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45224-9_187

    Chapter  Google Scholar 

  41. Mozzaquatro, B.A., et al.: Towards a reference ontology for security in the internet of things. In: International Workshops on Measurements & Networking, pp. 1–6. IEEE (2015)

    Google Scholar 

  42. Oltramari, A., et al.: Towards a human factors ontology for cyber security. In: STIDS, pp. 26–33 (2015)

    Google Scholar 

  43. Oltramari, A., et al.: Building an ontology of cyber security. In: Conference on Semantic Technology for Intelligence, Defense, and Security, vol. 1304, pp. 54–61 (2014)

    Google Scholar 

  44. Parkin, S.E., et al.: An information security ontology incorporating human-behavioural implications. In: Proceedings of SIN’09, pp. 46–55 (2009)

    Google Scholar 

  45. Pereira, T.S.M., et al.: An ontology approach in designing security information systems to support organizational security risk knowledge. In: KEOD, pp. 461–466 (2012)

    Google Scholar 

  46. Pereira, D.P., et al.: A stamp-based ontology approach to support safety and security analyses. J. Inf. Secur. Appl. 47, 302–319 (2019)

    Google Scholar 

  47. Ramanauskaitė, S., et al.: Security ontology for adaptive mapping of security standards. Int. J. Comput. Commun. & Control 8(6), 813–825 (2013)

    Article  Google Scholar 

  48. Schumacher, M.: Toward a security core ontology. Security Engineering with Patterns. LNCS, vol. 2754, pp. 87–96. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45180-8_6

    Chapter  MATH  Google Scholar 

  49. Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_13

    Chapter  Google Scholar 

  50. Takahashi, T., et al.: Reference ontology for cybersecurity operational information. Comput. J. 58(10), 2297–2312 (2015)

    Article  Google Scholar 

  51. Tsoumas, B., Papagiannakopoulos, P., Dritsas, S., Gritzalis, D.: Security-by-ontology: a knowledge-centric approach. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) SEC 2006. IIFIP, vol. 201, pp. 99–110. Springer, Boston, MA (2006). https://doi.org/10.1007/0-387-33406-8_9

    Chapter  Google Scholar 

  52. Tsoumas, B., et al.: Towards an ontology-based security management. In: International Conference on Advanced Information Networking and Applications, vol. 1, pp. 985–992 (2006)

    Google Scholar 

  53. Vale, A.P., et al.: An ontology for security patterns. In: 38th International Conference of the Chilean Computer Science Society, pp. 1–8. IEEE (2019)

    Google Scholar 

  54. Vorobiev, A., Bekmamedova, N.: An ontological approach applied to information security and trust. Australasian Conference on Information Systems, p. 114 (2007)

    Google Scholar 

  55. Vorobiev, A., et al.: An ontology-driven approach applied to information security. J. Res. Pract. Inf. Technol. 42(1), 61 (2010)

    Google Scholar 

  56. Yau, S.S., Yao, Y., Buduru, A.B.: An adaptable distributed trust management framework for large-scale secure service-based systems. Computing 96(10), 925–949 (2013). https://doi.org/10.1007/s00607-013-0354-9

    Article  Google Scholar 

  57. Zheng-qiu, H., et al.: Semantic security policy for web service. In: International Symposium Parallel and Distributed Processing with Applications, pp. 258–262. IEEE (2009)

    Google Scholar 

Download references

Acknowledgement

This work is supported by Accenture Israel Cyber R&D Lab. (RiskGraph project).

Author information

Authors and Affiliations

  1. Conceptual and Cognitive Modeling Research Group (CORE), Free University of Bozen-Bolzano, Bolzano, Italy

    Ítalo Oliveira, Mattia Fumagalli, Tiago Prince Sales & Giancarlo Guizzardi

Authors
  1. Ítalo Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mattia Fumagalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tiago Prince Sales
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Giancarlo Guizzardi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ítalo Oliveira .

Editor information

Editors and Affiliations

  1. Conservatoire National des Arts et Métiers, Paris, France

    Samira Cherfi

  2. Fondazione Bruno Kessler, Trento, Italy

    Anna Perini

  3. University Paris 1 Panthéon-Sorbonne, Paris, France

    Selmin Nurcan

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Oliveira, Í., Fumagalli, M., Prince Sales, T., Guizzardi, G. (2021). How FAIR are Security Core Ontologies? A Systematic Mapping Study. In: Cherfi, S., Perini, A., Nurcan, S. (eds) Research Challenges in Information Science. RCIS 2021. Lecture Notes in Business Information Processing, vol 415. Springer, Cham. https://doi.org/10.1007/978-3-030-75018-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75018-3_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75017-6

  • Online ISBN: 978-3-030-75018-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation