An Ontology-based Approach to the Formalization of Information Security Policies

We present the structure of an ontology for Information Security (IS) and discuss a paradigm whereby it can be used to extract knowledge from natural language texts such as IS standards, security policies and security control descriptions. Besides providing a vocabulary for the IS domain, the proposed ontology stores logical forms corresponding to statements in the text, as well as a set of axioms used for inference in description logic (DL). We also describe a tool to provide automatic support for the formalization process.

[1]  Dimitris Gritzalis,et al.  An Ontology-Based Approach to Information Systems Security Management , 2005, MMM-ACNS.

[2]  Emily Gallup Fayen,et al.  Guidelines for the construction, format, and management of monolingual controlled vocabularies : A revision of ANSI/NISO Z39.19 for the 21st century , 2007 .

[3]  Paul Buitelaar,et al.  A Protégé Plug-In for Ontology Extraction from Text Based on Linguistic Analysis , 2004, ESWS.

[4]  Diego Calvanese,et al.  The Description Logic Handbook , 2007 .

[5]  Kalina Bontcheva,et al.  Evolving GATE to meet new challenges in language engineering , 2004, Natural Language Engineering.

[6]  Nathalie Aussenac-Gilles Supervised text analysis for ontology and terminology engineering , 2005 .

[7]  Siegfried Handschuh,et al.  Ontology-based Linguistic Annotation , 2003, ACL.

[8]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[9]  Christiane Fellbaum,et al.  Book Reviews: WordNet: An Electronic Lexical Database , 1999, CL.

[10]  John F. Sowa,et al.  Knowledge representation: logical, philosophical, and computational foundations , 2000 .

[11]  James F. Allen Natural language understanding (2nd ed.) , 1995 .

[12]  James F. Allen Natural language understanding , 1987, Bejnamin/Cummings series in computer science.

[13]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[14]  Clarisse Sieckenius de Souza,et al.  Structured argument generation in a logic-based KB-system , 1999 .

[15]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[16]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..