Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

PaaSword: A Data Privacy and Context-aware Security Framework for Developing Secure Cloud Applications - Technical and Scientific Contributions

Most industries worldwide have entered a period of reaping the benefits and opportunities cloud offers. At the same time, many efforts are made to address engineering challenges for the secure development of cloud systems and software.With the majority of software engineering projects today relying on the cloud, the task to structure end-to-end secure-by-design cloud systems becomes challenging but at the same time mandatory. The PaaSword project has been commissioned to address security and data privacy in a holistic way by proposing a context-aware security-by-design framework to support software developers in constructing secure applications for the cloud. This chapter presents an overview of the PaaSword project results, including the scientific achievements as well as the description of the technical solution. The benefits offered by the framework are validated through two pilot implementations and conclusions are drawn based on the future research challenges which are discussed in a research agenda

Ontology Of Trusted Identity In Cyberspace

The nations digital infrastructure is in jeopardy because of inadequate provisions for privacy, identity, and security. Recent Internet activity has resulted in an onslaught of identity theft, fraud, digital crime, and an increasing burden to responsible citizens. The computer security and Internet communities have been generally responsive but apparently ineffective, so it is time for a third party to step in, take charge, and provide an infrastructure to assist in protecting individuals and non-person entities. This paper is a contribution to the domain of ontological commitment as it applies to a description of subjects, objects, actions, and relationships as they pertain to the National Strategy of Trusted Identity in Cyberspace initiative

Ontologies in Cloud Computing - Review and Future Directions

Cloud computing as a technology has the capacity to enhance cooperation, scalability, accessibility, and offers discount prospects using improved and effective computing, and this capability helps organizations to stay focused. Ontologies are used to model knowledge. Once knowledge is modeled, knowledge management systems can be used to search, match, visualize knowledge, and also infer new knowledge. Ontologies use semantic analysis to define information within an environment with interconnecting relationships between heterogeneous sets. This paper aims to provide a comprehensive review of the existing literature on ontology in cloud computing and defines the state of the art. We applied the systematic literature review (SLR) approach and identified 400 articles; 58 of the articles were selected after further selection based on set selection criteria, and 35 articles were considered relevant to the study. The study shows that four predominant areas of cloud computing—cloud security, cloud interoperability, cloud resources and service description, and cloud services discovery and selection—have attracted the attention of researchers as dominant areas where cloud ontologies have made great impact. The proposed methods in the literature applied 30 ontologies in the cloud domain, and five of the methods are still practiced in the legacy computing environment. From the analysis, it was found that several challenges exist, including those related to the application of ontologies to enhance business operations in the cloud and multi-cloud. Based on this review, the study summarizes some unresolved challenges and possible future directions for cloud ontology researchers.publishedVersio

System Security Assurance: A Systematic Literature Review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions

Human-Intelligence and Machine-Intelligence Decision Governance Formal Ontology

Since the beginning of the human race, decision making and rational thinking played a pivotal role for mankind to either exist and succeed or fail and become extinct. Self-awareness, cognitive thinking, creativity, and emotional magnitude allowed us to advance civilization and to take further steps toward achieving previously unreachable goals. From the invention of wheels to rockets and telegraph to satellite, all technological ventures went through many upgrades and updates. Recently, increasing computer CPU power and memory capacity contributed to smarter and faster computing appliances that, in turn, have accelerated the integration into and use of artificial intelligence (AI) in organizational processes and everyday life. Artificial intelligence can now be found in a wide range of organizational systems including healthcare and medical diagnosis, automated stock trading, robotic production, telecommunications, space explorations, and homeland security. Self-driving cars and drones are just the latest extensions of AI. This thrust of AI into organizations and daily life rests on the AI community’s unstated assumption of its ability to completely replicate human learning and intelligence in AI. Unfortunately, even today the AI community is not close to completely coding and emulating human intelligence into machines. Despite the revolution of digital and technology in the applications level, there has been little to no research in addressing the question of decision making governance in human-intelligent and machine-intelligent (HI-MI) systems. There also exists no foundational, core reference, or domain ontologies for HI-MI decision governance systems. Further, in absence of an expert reference base or body of knowledge (BoK) integrated with an ontological framework, decision makers must rely on best practices or standards that differ from organization to organization and government to government, contributing to systems failure in complex mission critical situations. It is still debatable whether and when human or machine decision capacity should govern or when a joint human-intelligence and machine-intelligence (HI-MI) decision capacity is required in any given decision situation. To address this deficiency, this research establishes a formal, top level foundational ontology of HI-MI decision governance in parallel with a grounded theory based body of knowledge which forms the theoretical foundation of a systemic HI-MI decision governance framework