Abstract
The chapter presents researches on the ontology applications in the Common Criteria methodology. The first issue concerns the ontological representation of the standard security specifications, and the second one presents how this approach can be applied to elaborate the evidences for the IT security evaluation. Both issues are exemplified by the developed ontology and related knowledge base. Current research results are concluded and the planned works are shortly discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC 15408. Common Criteria for IT security evaluation. Part 1-3
Common Criteria portal, http://www.commoncriteriaportal.org/
Noy, N.F., McGuiness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology, Knowledge Systems Laboratory (2001), http://www-ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noy-mcguinness-abstract.html
Yavagal, D.S., Lee, S.W., Ahn, G.-J., Gandhi, R.A.: Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA). In: Proc. of the 43rd Annual ACM Southeast Conference (ACMSE 2005), vol. 2, pp. 130–135 (2005)
Ekelhart, A., Fenz, S., Goluch, G., Weippl, E.: Ontological Mapping of Common Criteria’s Security Assurance Requirements. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 85–95. Springer, Boston (2007)
Vorobiev, A., Bekmamedova, N.: An Ontological Approach Applied to Information Security and Trust. In: 18th Australasian Conf. on Information Systems, Toowoomba (2007), http://www.acis2007.usq.edu.au/assets/papers/144.pdf
Almut Herzog’s web site “Security Ontology”, Linkoping University, http://www.ida.liu.se/~iislab/projects/secont/
Kim, A., Luo, J., Kang, M.: Security Ontology for Annotating Resources, Naval Research Laboratory, Washington (2005), http://chacs.nrl.navy.mil/publications/CHACS/2005/2005kim-NRLOntologyFinal.pdf
Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 375–390. Springer, Heidelberg (2007)
Ekelhart, A., Fenz, S., Goluch, G., Riedel, B., Klemen, M., Weippl, E.: Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard. In: Proc. of the 13th Pacific Rim Int. Symp. on Dependable Computing, Washington DC, USA, pp. 381–388. IEEE Computer Society, Los Alamitos (2007), http://publik.tuwien.ac.at/files/pub-inf_4689.pdf
Ekelhart, A., Fenz, S., Klemen, M., Weippl, E.: Security Ontologies: Improving Quantitative Risk Analysis. In: Proceedings of the 40th Hawaii International Conference on System Sciences, Big Island, Hawaii, pp. 156–162. IEEE Computer Society Press, Los Alamitos (2007)
Tsoumas, B., Dritsas, S., Gritzalis, D.: An Ontology-Based Approach to Information Systems Security Management. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 151–164. Springer, Heidelberg (2005)
Bialas, A.: Semiformal framework for ICT security development. In: The 8th Int. Common Criteria Conference, Rome, September 25-27 (2007), http://www.8iccc.com/index.php
Bialas, A.: Semiformal Approach to the IT Security Development. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Proc. of the Int. Conf. on Dependability of Comp. Sys. DepCoS-RELCOMEX 2007, pp. 3–11. IEEE Computer Society, Los Alamitos (2007)
Bialas, A.: Semiformal Common Criteria Compliant IT Security Development Framework. Studia Informatica 29 2B(77) (2008), http://www.znsi.aei.polsl.pl/
Bialas, A.: Ontology-based Approach to the Common Criteria Compliant IT Security Development. In: Arabnia, H., Aissi, S., Bedworth, M. (eds.) Proc. of the 2008 International Conf. on Security and Management (WORLDCOMP 2008), Las Vegas, pp. 586–592. CSREA Press (2008) ISBN#1-60132-085-X
Bialas, A.: Ontology-based Security Problem Definition and Solution for the Common Criteria Compliant Development Process. In: Proc. of the Int. Conf. on Dependability of Comp. Sys. DepCoS-RELCOMEX 2009, pp. 3–10. IEEE Computer Society, Los Alamitos (2009)
Bialas, A.: Validation of the Specification Means Ontology on the Simple Firewall Case. In: Proc. of the Int. Conf. on Security and Management, WORLDCOMP 2009, Las Vegas. CSREA Press (July 2009) (accepted)
Bialas, A.: Security-related design patterns for intelligent sensors requiring measurable assurance. Przeglad Elektrotechniczny (Electrical Review), 92–99 (2009); R.85 NR 7/2009, ISSN 0033-2097
Protege Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/
Commission Regulation (EC) No.1360/2002 on recording equipment in road transport, Annex 1B Requirements for Construction, Testing, Installation and Inspection. Official Journal of the EC, L 207, pp. 204–252 (2002)
Guidelines for Developer Documentation according to Common Criteria version 3.1, Bundesamt fur Sicherheit in der Informationstechnik (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Białas, A. (2009). Ontological Approach to the IT Security Development. In: Tkacz, E., Kapczynski, A. (eds) Internet – Technical Development and Applications. Advances in Intelligent and Soft Computing, vol 64. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05019-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-05019-0_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05018-3
Online ISBN: 978-3-642-05019-0
eBook Packages: EngineeringEngineering (R0)