VULNERAPEDIA: SECURITY KNOWLEDGE MANAGEMENT WITH AN ONTOLOGY

Francisco J. Blanco, José Ignacio Fernández-Villamor, Carlos A. Iglesias

Abstract

Ontological engineering can do an efficient management of the security data, generating security knowledge. We use a step methodology defining a main ontology in the web application security domain. Next, extraction and integration processes translate unstructured data in quality security knowledge. Thus, we check the ontology can perform management processes involved. A social tool is implemented to wrap the knowledge in an accessible way. It opens the security knowledge to encourage people to collaboratively use and extend it.

References

  1. Ahlgren, R. (2011). Software patterns, organizational learning and sotware process improvement.
  2. Antezana, E., Blonde, W., and more (2009). Biogateway: a semantic systems biology tool for the life sciences.
  3. Aurum, A., Daneshgar, F., and more (2008). Investigating knowledge management practices in software development organizations - an australian experience.
  4. Blanco, C., Lasheras, J., and more (2008). A systematic review and comparison of security ontologies. Availability, Reliability and Security, 0:813-820.
  5. Debruyne, C., Reul, Q., and more (2010). Gospl: Grounding ontologies with social processes and natural language. In Information Technology: New Generations.
  6. Elahi, G., Eric, Y., and more (2010). A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng., 15:41-62.
  7. Fenz, S. and Ekelhart, A. (2009). Formalizing information security knowledge.
  8. Fernández-Villamor, J. I., Blasco, J., Iglesias, C. A., and Garijo, M. (2011). A Semantic Scraping Model for Web Resources - Applying Linked Data to Web Page Screen Scraping. In Third International Conference on Agents and Artificial Intelligence.
  9. Fink, T. and Koch, M. (2006). An mda approach to access control specifications using mof and uml profiles.
  10. Garcia, R. and Gil, R. (2010). Semantic wiki for quality management in software development projects.
  11. Guo, K. H. (2010). Knowledge for managing information systems security: Review and future research directions.
  12. Herzogand, A., Shahmehri, N., and more (2007). An ontology of information security.
  13. Huner, K. M. and Otto, B. (2009). The effect of using a semantic wiki for metadata management: A controlled experiment.
  14. Kasisopha, N. and Wongthongtham, P. (2009). Semantic wiki-based ontology evolution.
  15. Korkala, M. and Abrahamsson, P. (2007). Communication in distributed agile development: A case study.
  16. Mouratidis, H. and Giorgini, P. (2006). Integrating security and software engineering: Advances and future vision.
  17. Papadaki, E., Polemi, D., and more (2008). A holistic, collaborative, knowledge-sharing approach for information security risk management. In Internet Monitoring and Protection, 2008, pages 125 -130.
  18. Thuraisingham, B. (2005). Security standards for the semantic web.
  19. Tsoumas, B. and Gritzalis, D. (2006). Towards an ontologybased security management.
  20. Wang, J. A. and Guo, M. (2009). Ovm: An ontology for vulnerability management.
  21. Zhuge, H. (2003). Active e-document framework adf: model and tool.
Download


Paper Citation


in Harvard Style

J. Blanco F., Ignacio Fernández-Villamor J. and A. Iglesias C. (2012). VULNERAPEDIA: SECURITY KNOWLEDGE MANAGEMENT WITH AN ONTOLOGY . In Proceedings of the 4th International Conference on Agents and Artificial Intelligence - Volume 1: ICAART, ISBN 978-989-8425-95-9, pages 485-490. DOI: 10.5220/0003718604850490


in Bibtex Style

@conference{icaart12,
author={Francisco J. Blanco and José Ignacio Fernández-Villamor and Carlos A. Iglesias},
title={VULNERAPEDIA: SECURITY KNOWLEDGE MANAGEMENT WITH AN ONTOLOGY},
booktitle={Proceedings of the 4th International Conference on Agents and Artificial Intelligence - Volume 1: ICAART,},
year={2012},
pages={485-490},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003718604850490},
isbn={978-989-8425-95-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Agents and Artificial Intelligence - Volume 1: ICAART,
TI - VULNERAPEDIA: SECURITY KNOWLEDGE MANAGEMENT WITH AN ONTOLOGY
SN - 978-989-8425-95-9
AU - J. Blanco F.
AU - Ignacio Fernández-Villamor J.
AU - A. Iglesias C.
PY - 2012
SP - 485
EP - 490
DO - 10.5220/0003718604850490