Software applications become highly distributed and complex, involving independent collaborating components working towards achieving system goals. At the same time, security attacks against these applications have also grown being more sophisticated and are quite difficult to detect and withstand, especially distributed attacks. In this paper, we argue that one way to identify and mitigate such attacks is through the trust-based collaboration of application components. However, to achieve collaborative defense in distributed environments, a common vocabulary is needed for the components to collaborate with each other in identifying security incidents. Thus, we employ an ontological approach to define security ontologies as a common vocabulary that is understandable for both humans and software agents. Further, we introduce basic security concepts and trust implications, explain our security ontologies (specified in OWL) that include the security asset-vulnerability ontology (SAVO), the security algorithm-standard ontology (SASO), the security function ontology (SFO), and the security attack and defence ontologies (SAO and SDO respectively). Trust is also examined while its dimensions are employed to create trust-based communications used to distribute security ontologies. We use a case study involving Mitnick attacks to demonstrate our approach.
Vorobiev, Artem and Bekmamedova, Nargiza, "An Ontological Approach Applied to Information Security and Trust" (2007). ACIS 2007 Proceedings. Paper 114.