an ontology based approach to the formalization of
play

An Ontology-based Approach to the Formalization of Information - PowerPoint PPT Presentation

Jan 12, 2023 •404 likes •878 views

An Ontology-based Approach to the Formalization of Information Security Policies An Ontology-based Approach to the Formalization of Information Security Policies Fernando Nufel do Amaral Carlos Bazlio Geiza Maria Hamazaki da Silva

  1. An Ontology-based Approach to the Formalization of Information Security Policies An Ontology-based Approach to the Formalization of Information Security Policies Fernando Náufel do Amaral Carlos Bazílio Geiza Maria Hamazaki da Silva Alexandre Rademaker Edward Hermann Haeusler TecMF Dept. of Informatics PUC-Rio, Brazil VORTE 2006

  2. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Project Anubis Participants ◮ IS Consulting Firm ⇒ Experienced at developing and implementing tools and techniques for Information Security and Risk Analysis. Strong presence in the marketplace. ◮ TecMF ⇒ Experienced at developing and using logic- and formal-semantic-based techniques, languages and frameworks. Intensional programming (TXL, XSLT, MAUDE, etc).

  3. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Project Anubis Demands ◮ IS Consulting Firm ⇒ Rethink / refactor / adapt a proprietary tool for Risk Analysis and Information Security ◮ TeCMF ⇒ Develop case studies and solutions for real-world, industrial-scale problems

  4. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Working Environment Working Environment Main Concepts in Information Security ◮ Standards, Control Objectives ◮ Security Policies, Actions, Security Controls ◮ The big picture

  5. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Working Environment Standards ◮ Public documents in normative text ◮ Set of Control Objectives to be accomplished by the organization desiring a higher level of security ◮ State what should be achieved at a higher level of abstraction ◮ Control-based × threat-based approach to security

  6. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Working Environment Security Policies ◮ The organization’s Security Policy is implemented through a set of Actions ◮ Actions should achieve the Control Objectives and protect the organization against potential threats ◮ Actions are implemented by a set of Security Controls ◮ Security Controls are low-level technical measures that can be directly observed / implemented

  7. An Ontology-based Approach to the Formalization of Information Security Policies Motivation Working Environment The Security Landscape Nowadays Threat and Risk Analysis Control Objective Control Objective + Standards (Cobit, Iso/Nist, Coso) Security Action Action Policy Directly app licable Security Control Security Control assertives

  8. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture Computer-Aided Risk Analysis Tools ◮ Implemented from an initial ◮ Represents the knowledge set of empirically defined of an expert group security controls ◮ Updated on demand ◮ Need for conformance ◮ Human-performed ◮ Computer stores data and conformance analysis performs minimal inference ◮ Designed in bottom-up ◮ Based on the needs of the fashion market

  9. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture Computer-Aided Risk Analysis Tools ◮ Implemented from an initial ◮ Represents the knowledge set of empirically defined of an expert group security controls ◮ Updated on demand ◮ Need for conformance ◮ Human-performed ◮ Computer stores data and conformance analysis performs minimal inference ◮ Designed in bottom-up ◮ Based on the needs of the fashion market

  10. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture Computer-Aided Risk Analysis Tools ◮ Implemented from an initial ◮ Represents the knowledge set of empirically defined of an expert group security controls ◮ Updated on demand ◮ Need for conformance ◮ Human-performed ◮ Computer stores data and conformance analysis performs minimal inference ◮ Designed in bottom-up ◮ Based on the needs of the fashion market

  11. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture Computer-Aided Risk Analysis Tools ◮ Implemented from an initial ◮ Represents the knowledge set of empirically defined of an expert group security controls ◮ Updated on demand ◮ Need for conformance ◮ Human-performed ◮ Computer stores data and conformance analysis performs minimal inference ◮ Designed in bottom-up ◮ Based on the needs of the fashion market

  12. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Role of Formal Analysis of Systems / Theories Provide techniques, tools and methodologies to work with the Principle of Falseability of Theories towards the (formal) validation of software and specifications

  13. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies Known Techniques / Tools ◮ Ad-hoc and systematic testing ◮ Simulation (including stochastic modeling) ◮ Logical and algebraic languages: theorem proving and model checking

  14. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  15. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  16. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  17. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  18. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  19. An Ontology-based Approach to the Formalization of Information Security Policies Motivation The Big Picture An Ontology-based Approach to Security Policies The Chosen Techniques / Tools ◮ Declarative knowledge + ◮ Conformance validation as an imperative feature ◮ = Logical approach with computer-aided validation cycle ◮ Description-logic-based ontology + set of tools for CAV ◮ Knowledge extraction from natural language texts (standards) ◮ Context-independent representation of utterances

  20. An Ontology-based Approach to the Formalization of Information Security Policies Main Goal: Computer-Aided Formulation and Validation of Security Policies

  21. An Ontology-based Approach to the Formalization of Information Security Policies Main Goal: Computer-Aided Formulation and Validation of Security Policies The Front-End

  22. An Ontology-based Approach to the Formalization of Information Security Policies Main Goal: Computer-Aided Formulation and Validation of Security Policies Looking into the ontology ◮ AdministerRemotely ⊑ AccessRemotely and NetwareServer ⊑ System are assertions in the IS taxonomy ◮ “Configuring X to achieve Y” is equivalent to “Achieving Y” is asserted in the Axioms section of the ontology: ∃ hasVerb . ( Configure ⊓ ∃ hasTheme . X ⊓ ∃ hasPurpose . Y ) ≡ ∃ hasVerb . Y

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Combined Approach to Ontology-Based Data Access R. Kontchakov, C. Lutz, D. Toman, F.Wolter

The Combined Approach to Ontology-Based Data Access R. Kontchakov, C. Lutz, D. Toman, F.Wolter

The Combined Approach to Ontology-Based Data Access R. Kontchakov, C. Lutz, D. Toman, F.Wolter and M. Zakharyaschev Presented by Amer Mouawad University of Waterloo July 8, 2013 Ontology-Based Data Access (OBDA) Motivation: Data

280 views • 25 slides
Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain

Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain

PhD. Dissertation Presentation Performance-based Ontology Matching An Effectiveness-independent Approach for Performance-gain M. Bilal Amin mbilalamin@oslab.khu.ac.kr Dept. of Computer Engineering Kyung Hee University Advisor : Prof.

964 views • 60 slides
An Ontology-Based Approach for Facilitating Information Retrieval from Disparate Sources: Patent

An Ontology-Based Approach for Facilitating Information Retrieval from Disparate Sources: Patent

An Ontology-Based Approach for Facilitating Information Retrieval from Disparate Sources: Patent System as an Exemplar Kincho H. Law Professor of Civil and Environmental Engineering Engineering Informatics Group Stanford University

366 views • 34 slides
Ontology for Indian Music: An Approach for ontology learning from online music forums

Ontology for Indian Music: An Approach for ontology learning from online music forums

3 rd CompMusic Workshop, IIT Madras, Chennai Ontology for Indian Music: An Approach for ontology learning from online music forums Supervisors Joe Cheri Ross Prof. Pushpak Bhattacharyya Prof. Preeti Rao IIT Bombay 1 Objective Augment

891 views • 30 slides
Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business

Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business

Gedistribueerde Systemen 2 mei 2000 Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business Model De- and Reconstruction Reconstruction Jaap Gordijn Hans Akkermans Free University Amsterdam/Faculty of

328 views • 6 slides
Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe

Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe

Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe CRUZ, Aurlie Bertaux thomas.hassan@u-bourgogne.fr Le2i FRE2005, CNRS, Arts et Mtiers, Univ. Bourgogne Franche-Comt Dijon, France Outline

465 views • 24 slides
OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F.

OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F.

OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F. Ongenae, S. Verstichel, F. De Turck, T. Dhaene, B. Dhoedt, P. Demeester, July 28, 2008 Department of Information Technology - Broadband Communication

924 views • 22 slides
YAM++ - A combination of graph matching and machine learning approach to ontology alignment task

YAM++ - A combination of graph matching and machine learning approach to ontology alignment task

YAM++ - A combination of graph matching and machine learning approach to ontology alignment task DuyHoa Ngo, Zohra Bellahsene Amir Naseri Knowledge Engineering Group 28. Januar 2013 Introduction An Ontology is a formal specification

1.46k views • 38 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
a model approach Fielded Systems Panel Presentation September 2011 Model Based Approach

a model approach Fielded Systems Panel Presentation September 2011 Model Based Approach

a model approach Fielded Systems Panel Presentation September 2011 Model Based Approach Formalization of the information structures (particularly if the data structures are consistent) Optimize technical integrity for on-going

394 views • 8 slides
The Planetary Science Ontology A Case Study in an Ontology- Based Information Architecture J.

The Planetary Science Ontology A Case Study in an Ontology- Based Information Architecture J.

The Planetary Science Ontology A Case Study in an Ontology- Based Information Architecture J. Steven Hughes J. Steven Hughes 7th International Protg Conference Tuesday 6th - Friday 9th, July 2004 Washington, DC steve.hughes@jpl.nasa.gov

542 views • 20 slides
ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju

ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju

ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju CONTENTS Ontology Vs ODP Why use ODPs in Ontology Approach Our Dataset Ontology Analysis Machine Learning on existing

548 views • 24 slides
Ontology Ontology-based Methodology for based Methodology for Collaborative Process Definition

Ontology Ontology-based Methodology for based Methodology for Collaborative Process Definition

Ontology Ontology-based Methodology for based Methodology for Collaborative Process Definition of Collaborative Process Definition of Enterprise Networks Enterprise Networks V. Rajsiri, JP. Lorr EBM WebSourcing, Ramonville St-Agne,

533 views • 22 slides
Ontology Development 101 Natasha Noy Stanford University A large part of this tutorial is based

Ontology Development 101 Natasha Noy Stanford University A large part of this tutorial is based

Ontology Development 101 Natasha Noy Stanford University A large part of this tutorial is based on Ontology Development 101: A Guide to Creating Your First Ontology by Natalya F. Noy and Deborah L. McGuinness

997 views • 66 slides
A Formalization of Convex Polyhedra based on the Simplex Method Sminaire Francilien de

A Formalization of Convex Polyhedra based on the Simplex Method Sminaire Francilien de

A Formalization of Convex Polyhedra based on the Simplex Method Sminaire Francilien de Gomtrie Algorithmique et Combinatoire Xavier Allamigeon 1 Ricardo D. Katz 2 March 15th, 2018 1 INRIA and Ecole polytechnique 2 CIFACIS-CONICET

1.88k views • 174 slides
A Symbolic Execution-Based Approach to Model Transformation Verification using Structural

A Symbolic Execution-Based Approach to Model Transformation Verification using Structural

A Symbolic Execution-Based Approach to Model Transformation Verification using Structural Contracts Bentley James Oakes McGill University bentley.oakes@mail.mcgill.ca September 4, 2018 1 Introduction 2 Formalization of DSLTrans 3

386 views • 37 slides
Scholarly Identity and Collaboration Dr Ken Klingenstein, Director, Middleware, Internet2 User

Scholarly Identity and Collaboration Dr Ken Klingenstein, Director, Middleware, Internet2 User

Scholarly Identity and Collaboration Dr Ken Klingenstein, Director, Middleware, Internet2 User Contexts Individuals do trusted Internet transactions in a variety of contexts The enterprise/federated use of identity well- established;

337 views • 13 slides
Switched Control and other 'uncontrolled' cases of obligatory control Dorothee Beermann and Lars

Switched Control and other 'uncontrolled' cases of obligatory control Dorothee Beermann and Lars

HeadLex 2016 Switched Control and other 'uncontrolled' cases of obligatory control Dorothee Beermann and Lars Hellan Research Group in Digital Linguistics Norwegian University of Science and Technology, Norway HeadLex 2016 Background and

732 views • 23 slides
Towards Enabling Internet-Scale Context-as-a-Service: A Position Paper Alexandru SORICI, Andrei

Towards Enabling Internet-Scale Context-as-a-Service: A Position Paper Alexandru SORICI, Andrei

Towards Enabling Internet-Scale Context-as-a-Service: A Position Paper Alexandru SORICI, Andrei OLARU, Adina Magda FLOREA University Politehnica of Bucharest What is Context-Awareness? Context is any information that can be used to

355 views • 12 slides
Malaysian Healthy Ageing Society Psychological well being Psychological well being is a

Malaysian Healthy Ageing Society Psychological well being Psychological well being is a

Organised by: Co-Sponsored: Malaysian Healthy Ageing Society Psychological well being Psychological well being is a structure that leads to positive performance and experience in the best way. Ryff and colleagues (1989) regarding to common

746 views • 22 slides
Ethical Values for E Ethical Values for E- -Society: Society: I f Information, Security and

Ethical Values for E Ethical Values for E- -Society: Society: I f Information, Security and

The 3rd International Conference on The 3rd International Conference on Ethics and Policy of Biometrics and International Data Sharing International Data Sharing 4 January 2010 Ethical Values for E Ethical Values for E- -Society: Society:

461 views • 11 slides
LOVE | OBEDIENCE John 14:15 God would rather see your faith on your life than on your lips

LOVE | OBEDIENCE John 14:15 God would rather see your faith on your life than on your lips

LOVE | OBEDIENCE John 14:15 God would rather see your faith on your life than on your lips - Afshin Ziafat LOVE | OBEDIENCE John 14:15 Little Children, we must not love with word or speech, but with truth and action. 1 John 3:18

542 views • 24 slides
6/18/2018 Obedience to God is Not a Deprivation from Life It is Gods Gracious Directions for

6/18/2018 Obedience to God is Not a Deprivation from Life It is Gods Gracious Directions for

6/18/2018 Obedience to God is Not a Deprivation from Life It is Gods Gracious Directions for Abundant Life 1 6/18/2018 Gods People Blessed with Gods Commands You yourselves have seen what I did to Egypt, and how I carried you

527 views • 6 slides
& Divine Providence through our obedience, God directs our steps outline of ruth Ch1

& Divine Providence through our obedience, God directs our steps outline of ruth Ch1

Human Obedience & Divine Providence through our obedience, God directs our steps outline of ruth Ch1 Trusting in Commitment Gods Goodness Ch2 Acting on What Obedience We Know Ch3 Stepping Out

384 views • 17 slides

More recommend