Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.
References
[1]
Common Criteria for IT Security Evaluation. Version 3.1; Common Criteria member organizations, part 1–3; 2009. Available online: http://www.commoncriteriaportal.org/ (accessed on 10 January 2011).
[2]
Common Criteria Portal Home page. Available online: http://www.commoncriteriaportal.org/ (accessed on 10 January 2011).
[3]
Bialas, A. Intelligent sensors security. Sensors 2010, 10, 822–859.
[4]
Bialas, A. Common Criteria related security design patterns—Validation on the intelligent sensor example designed for mine environment. Sensors 2010, 10, 4456–4496.
[5]
Protégé Ontology Editor and Knowledge Acquisition System; Stanford University: Menlo Park, CA, USA, 2011. Available online: http://protege.stanford.edu/ (accessed on 10 January 2011).
[6]
Hermann, DS. Using the Common Criteria for IT Security Evaluation; CRC Press: Boca Raton, FL, USA, 2003.
[7]
Bialas, A. Semiformal Common Criteria Compliant IT Security Development Framework; Silesian University of Technology Press: Gliwice, Poland, 2008. Available online: http://www.znsi.aei.polsl.pl/ (accessed on 10 January 2011).
[8]
Bialas, A. Semiformal Framework for ICT Security Development. Presented at the 8th International Common Criteria Conference, Rome, Italy, 25–27 September 2007; (available online: http://www.8iccc.com/index.php , currently can be obtained from the author on request).
[9]
Bialas, A. Semiformal Approach to the IT Security Development. Proceedings of the International Conferences on Dependability of Computer Systems (DepCoS-RELCOMEX 2007), Szklarska Poreba, Poland, 14–16 June 2007; Zamojski, W, Mazurkiewicz, J, Sugier, J, Walkowiak, T, Eds.; IEEE Computer Society: Los Alamitos, Washington, Tokyo, 2007; pp. 3–11.
[10]
Schumacher, M; Fernandez-Buglioni, E; Hybertson, D; Buschmann, F; Sommerlad, P. Security Patterns: Integrating Security and Systems Engineering; John Wiley and Sons: Chichester, UK, 2006.
[11]
Yoshioka, N; Washizaki, H; Maruyama, K. A survey on security patterns. Prog. Inf 2008, 5, 35–47.
[12]
Jürjens, J. Secure Systems Development with UML; Springer-Verlag: Heidelberg, Germany, 2005.
[13]
Ontology (information science). Available online: http://en.wikipedia.org/wiki/Ontology_%28information_science%29 (accessed 18 April 2011).
[14]
Noy, NF; McGuiness, DL. Ontology Development 101: A Guide to Creating Your First Ontology; Knowledge Systems Laboratory, Stanford University: Stanford, CA, USA, 2001.
[15]
Bialas, A. Ontology-based Security Problem Definition and Solution for the Common Criteria Compliant Development Process. Proceedings of the International Conferences on Dependability of Computer Systems (DepCoS-RELCOMEX 2009), Brunow, Poland, 30 June–2 July 2009; Zamojski, W, Mazurkiewicz, J, Sugier, J, Walkowiak, T, Eds.; IEEE Computer Society: Los Alamitos, Washington, Tokyo, 2009; pp. 3–10.
[16]
Bialas, A. Validation of the Specification Means Ontology on the Simple Firewall Case. Proceedings of the 2009 International Conferences on Security and Management–SAM'09 (The World Congress in Applied Computing), Las Vegas, NV, USA, 13–16 July 2009; Arabnia, H, Daimi, K, Eds.; CSREA Press: Las Vegas, NV, USA, 2009; I, pp. 278–284.
[17]
Bialas, A. Ontological approach to the motion sensor security development. Electr. Rev. (Przegl?d Elektrotechniczny) 2009, 85, 36–44.
[18]
Yavagal, DS; Lee, SW; Ahn, GJ; Gandhi, RA. Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance (QoIA). Proceedings of the 43rd Annual ACM Southeast Conference (ACMSE’05), Kennesaw, GA, USA, 18–20 March 2005; 2, pp. 130–135.
[19]
Ekelhart, A; Fenz, S; Goluch, G; Weippl, E. Ontological Mapping of Common Criteria’s Security Assurance Requirements. In New Approaches for Security, Privacy and Trust in Complex Environments, International Federation for Information Processing; Venter, H, Eloff, M, Labuschagne, L, Eloff, J, von Solms, R, Eds.; Springer: Boston, MA, USA, 2007; Volume 232, pp. 85–95.
[20]
Ekelhart, A; Fenz, S; Klemen, M; Weippl, E. Security Ontologies: Improving Quantitative Risk Analysis. Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS'07), Big Island, HI, USA; IEEE Computer Society Press: Washington, DC, USA.
[21]
Tsoumas, B; Dritsas, S; Gritzalis, D. An Ontology-Based Approach to Information Systems Security Management. In Lecture Notes in Computer Science, Proceedings of 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS, St Petersburg, Russia, September 2005; 3685/2005, pp. 151–164.
[22]
Atkinson, C; Cuske, Ch; Dickopp, T. Concepts for an Ontology-centric Technology Risk Management Architecture in the Banking Industry. Proceedings of 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW'06), Hong Kong, China, October 2006; IEEE Computer Society: Washington, DC, USA, 2006; pp. 21–29.
[23]
Bialas, A. Security Trade-off-ontological approach. In Advances in Computer Science and IT; Akbar Hussain, DM, Ed.; InTech: Rijeka, Croatia, 2009; pp. 39–64.
[24]
Ekelhart, A; Fenz, S; Goluch, G; Riedel, B; Weippl, E. Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard. Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing, Melbourne, Australia, 12–17 December 2007; IEEE Computer Society: Washington, DC, USA, 2007; pp. 381–388.
[25]
Bialas, A. Ontological Approach to the Business Continuity Management System Development. Proceedings of the 2010 International Conference on Security and Management–SAM’10 (The World Congress in Applied Computing), Las Vegas, NV, USA, 12–15 July 2010; Arabnia, H, Daimi, K, Grimaila, MR, Markowsky, G, Eds.; CSREA Press: Las Vegas, NV, USA, 2010; 2, pp. 386–392.
[26]
Security Ontologies in OWL; CSL—Computer Science Laboratory: Menlo Park, CA, USA, 2008. Available online: http://www.csl.sri.com/users/denker/owl-sec/ontologies/ (accessed on 20 April 2011).
[27]
DAML Services–Security and privacy. 2008. Available online: http://www.daml.org/services/owl-s/security.html (accessed on 20 April 2011).
[28]
Herzog’s Security Ontology; Link?ping University: Link?ping, Sweden, 2006. Available online: http://www.ida.liu.se/~iislab/projects/secont/ (accessed on 20 April 2011).
[29]
, Version 2.0; University of Maryland: College Park, MD, USA, 2008. Available online: http://www.cs.umbc.edu/~lkagal1/rei/ (accessed on 20 April 2011).
[30]
Kim, A; Luo, J; Kang, M. Security ontology for annotating resources. In On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE; Springer: Berlin, Germany, 2005; pp. 1483–1499.
[31]
Vorobiev, A; Bekmamedova, N. An Ontological Approach Applied to Information Security and Trust. Proceedings of the 18th Australasian Conference on Information Systems, Toowoomba, QLD, Australia, 5–7 December 2007.
[32]
Higaki, WH. Successful Common Criteria Evaluations–A Practical Guide for Vendors; CreateSpace: Lexington, KY, USA, 2010.
[33]
Ramirez-Caceres, GH; Teshigawara, Y. A Knowledge-Based Tool to Support Clear Relationship between Threats and Countermeasures Based on International Standards. Proceedings of the 11th Asia-Pacific Network Operations and Management Symposium, APNOMS 2008, Beijing, China, 22–24 October 2008; Springer: Berlin, Germany, 2008; pp. 523–526.
[34]
CCMODE (Common Criteria compliant, Modular, Open IT security Development Environment) Project. Available online: http://ccmode.emag.pl/ (accessed on 20 April 2011).
[35]
Bialas, A. Patterns-Based Development of IT Security Evaluation Evidences. Proceedings of the The 11th International Common Criteria Conference, Antalya, Turkey, 21–23 September 2010.
[36]
Bialas, A. Patterns improving the common criteria compliant IT security development process. In Dependable Computer Systems (Advances in Intelligent and Soft Computing); Springer-Verlag: Berlin, Germany, 2011; Volume 97, pp. 1–16.
[37]
SemanticWorks Semantic Web Tool. Available online: http://www.altova.com/semanticworks.html (accessed on 24 June 2011).
[38]
NeOn Toolkit. Available online: http://neon-toolkit.org/wiki/Main_Page (accessed on 2 July 2011).
[39]
TopBraid Composer. Available online: http://www.topquadrant.com/products/TB_Suite.html (accessed on 2 July 2011).
[40]
Horridge, M. A Practical Guide To Building OWL Ontologies Using Protégé 4 and CO-ODE Tools, 1.3 ed; The University of Manchester: Manchester, UK, 2011. Available online: http://owl.cs.manchester.ac.uk/tutorials/protegeowltutorial/ (accessed on 2 July 2011).
[41]
Staab, S; Studer, R. Handbook on Ontologies, 2nd ed ed.; Springer-Verlag: Berlin, Germany, 2009.
[42]
W3C Semantic Web. Available online: http://www.w3.org/standards/semanticweb/ (accessed on 2 July 2011).
[43]
D2R Server. Available online: http://www4.wiwiss.fu-berlin.de/bizer/d2r-server/ (accessed on 24 June 2011).
[44]
Enterprise Architect. Available online: http://www.sparxsystems.com/ (accessed on 24 June 2011).
