Information Technology Reference
In-Depth Information
deployable security measures. The transformation to Ponder can be realized
through an appropriate interface. The CIM-Ponder transformation/mapping is
already discussed in [27] [28] [29].
4.
Security Actions Deployment and Monitoring
VIII.
Deploy the Ponder rules over the IS infrastructure;
employ Ponder manage-
ment framework in order to realize the security requirements (enforcing the
policy statements that apply to technical controls) over the IS devices.
IX.
Iterate from step I in a timely basis;
in order to keep up with the changes in
the IS environment and policy modifications, the whole process should be
employed over certain periods of time.
Furthermore, reporting facilities should be in place so as to be able to monitor every step
of the process. Additional capabilities, such as storage of the ontology in a suitable manner
so as to be able to perform queries upon the ontology, are highly preferable. Moreover, the
representation of the ontology should be available in a semantic web language, such as
OWL [18], so as to promote reusability and exchange of security knowledge.
5 Related Work
Regarding previous work, two main directions exist: policy specification and (partial)
security-related ontologies.
There is a research effort on different approaches to policy specification [7];
IETF/DMTF and the network component manufacturers are concentrating on infor-
mation models [3] and condition-action rules focusing on the management of Quality
of Service (QoS) in networks [30]. The security community has developed a number
of models with respect to specification of mandatory and discretionary access control
policies (e.g. such as Clark-Wilson), further evolving into work on role based access
control (RBAC) and role based management where a role may be considered as a
group of related policies pertaining to a position in an organization [31]. Finally, con-
siderable work within the greater scope of management has already resulted in archi-
tectures and technologies that provide the basic infrastructure required to implement
policy-based management solutions [32].
Although the need for a security ontology has been recognized by the research
community [33] [34] [35], only partial attention has been drawn for a common solu-
tion. A loosely related to our work [34] [35] deal mainly with access control issues;
Standards discussed include XML Signatures and integration with Security Assertions
Markup Language (SAML), an XML-based security standard for exchanging authen-
tication and authorization information [36]. Furthermore, work on KAON [37] focus-
es mostly on the managing infrastructure of generic ontologies and metadata, whereas
in [38] authors present a policy ontology based on deontic logic, elaborating, among
others, on delegation of actions.
Raskin et al. presented an ontology-driven approach to information security [39].
They argue that a security ontology could organize and systematize all the security
phenomena such as computer attacks. Furthermore, the inherent ontology modularity
could support the reaction in attacks by relating certain controls with specific attack
characteristics, and finally, support attack prediction.
In general, we should mention that the policy languages which are represented
using Semantic Web languages are, usually, defined in terms of ontologies. In this
