The authors present a publicly available, OWL-based ontology of information security which models assets, threats, vulnerabilities and countermeasures and their relations. The ontology can be used as a general vocabulary, roadmap and extensible dictionary of the domain of information security. With its help, users can agree on a common language and definition of terms and relationships. In addition to browsing for information, the ontology is also useful for reasoning about relationships between its entities, that is, threats and countermeasures. The ontology helps answer questions like: Which countermeasures detect or prevent the violation of integrity of data? Which assets are protected by SSH? Which countermeasures thwart buffer overflow attacks? At the moment, the ontology comprises 88 threat classes, 79 asset classes, 133 countermeasure classes and 34 relations between those classes. The authors provide means for extending the ontology, and provide examples of the extendibility with the countermeasure classes “memory protection” and “source code analysis”. This chapter describes the content of the ontology as well as its usages, potential for extension, technical implementation and tools for working with it.
TopIntroduction
Agreeing on the meaning of concepts and their relations is useful in all domains because the consequences of a misunderstanding can be time-consuming and costly. In the domain of information security many concepts are vaguely defined, even for security professionals. Is a password “a unique character string held by each user, a copy of which is stored within the system” (Oxford University Press, 2004) or “an example of an authentication mechanism based on what people know” (Bishop, 2003, p. 310)?
Such ambiguities could be mitigated by a common repository of domain knowledge for the security domain. In this article, we present such a repository by means of an ontology. An ontology “defines the basic terms and relations comprising the vocabulary of a topic area, as well as the rules for combining terms and relations to define extensions to the vocabulary” (Neches et al., 1991).
The need for an ontology of information security has also been clearly verbalised by Donner (2003):
“What the field needs is an ontology—a set of descriptions of the most important concepts and the relationship among them. ... Maybe we [the community of security professionals] can set the example by building our ontology in a machine-usable form in using XML and developing it collaboratively.”
Previous work, such as Schumacher (2003); Kim et al. (2005); Jutla and Bodorik (2005); Squicciarini et al. (2006); Nejdl et al. (2005); Undercoffer et al. (2004); Tsoumas et al. (2005); Takahashi et al. (2005), has only partly addressed these needs, and, so far, an ontology of information security that provides general and specific concepts, is machine-usable, and can be developed collaboratively is still missing.
In this article we present an ontology that (1) provides a general overview over the domain of information security, (2) contains detailed domain vocabulary and is thus capable of answering queries about specific, technical security problems and solutions, and (3) supports machine reasoning.
As a step towards an ontology that is collaboratively developed and acceptable by the security and ontology community, we have designed our ontology according to established ontology design principles (Gruber, 1995) and best practices (obofoundry.org1) and make our ontology available online. Consequently, users can browse the ontology online. They can extend it either by downloading and modifying it or by importing the ontology from the web and extending it with new concepts.
Our security ontology builds upon the classic components of risk analysis (Whitman and Mattord, 2005, p. 110ff.): assets, threats, vulnerabilities and countermeasures. By modelling these four basic building blocks of information security and their relations, and refining each block with technical concepts, we arrive at an ontology that provides the “big picture” of the domain of information security as well as a classification and definition of specific domain vocabulary.
Our ontology provides natural language definitions for general terms such as ‘asset’, as well as domain-specific, technical terms, such as ‘SSH’. By implementing high-level relations for specific, technical concepts, one can also find answers to questions such as “What and how does SSH protect?”. Other examples of questions that our ontology helps answer are: Which threats threaten user authentication? Which countermeasures protect the confidentiality of data? Which vulnerabilities enable a buffer overflow attack? Which countermeasures protect against buffer overflow attacks? Which countermeasures use encryption?
Users may find our ontology useful (1) as a reference book or hyper-text learning material on information security, (2) as a template for classifying and comparing security products, security attacks or security vulnerabilities, (3) as a framework for plugging in new or existing detailed security taxonomies, and (4) as a knowledge base for reasoning with semantic web applications.