An Ontology of Security from a Risk Treatment Perspective

Ítalo Oliveira*, Tiago Prince Sales, Riccardo Baratella, Mattia Fumagalli, Giancarlo Guizzardi

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

14 Citations (Scopus)
130 Downloads (Pure)

Abstract

In Risk Management, security issues arise from complex relations among objects and agents, their capabilities and vulnerabilities, the events they are involved in, and the value and risk they ensue to the stakeholders at hand. Further, there are patterns involving these relations that crosscut many domains, ranging from information security to public safety. Understanding and forming a shared conceptualization and vocabulary about these notions and their relations is fundamental for modeling the corresponding scenarios, so that proper security countermeasures can be devised. Ontologies are instruments developed to address these conceptual clarification and terminological systematization issues. Over the years, several ontologies have been proposed in Risk Management and Security Engineering. However, as shown in recent literature, they fall short in many respects, including generality and expressivity - the latter impacting on their interoperability with related models. We propose a Reference Ontology for Security Engineering (ROSE) from a Risk Treatment perspective. Our proposal leverages on two existing Reference Ontologies: the Common Ontology of Value and Risk and a Reference Ontology of Prevention, both of which are grounded on the Unified Foundational Ontology (UFO). ROSE is employed for modeling and analysing some cases, in particular providing clarification to the semantically overloaded notion of Security Mechanism.
Original languageEnglish
Title of host publicationConceptual Modeling
Subtitle of host publication41st International Conference, ER 2022, Hyderabad, India, October 17-20, 2022, Proceedings
EditorsJolita Ralyté, Sharma Chakravarthy, Mukesh Mohania, Manfred A. Jeusfeld, Kamalakar Karlapalem
PublisherSpringer Nature
Pages365-379
Number of pages15
ISBN (Electronic)978-3-031-17995-2
ISBN (Print)978-3-031-17994-5
DOIs
Publication statusPublished - 10 Oct 2022
Event41st International Conference on Conceptual Modeling, ER 2022 - Virtual Event
Duration: 17 Oct 202220 Oct 2022
Conference number: 41
https://er2022web.github.io/ER2022/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume13607

Conference

Conference41st International Conference on Conceptual Modeling, ER 2022
Abbreviated titleER 2022
CityVirtual Event
Period17/10/2220/10/22
Internet address

Keywords

  • Risk management
  • Security Engineering
  • Ontology
  • 2023 OA procedure

Fingerprint

Dive into the research topics of 'An Ontology of Security from a Risk Treatment Perspective'. Together they form a unique fingerprint.

Cite this