International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Ontology Based-Security Issues for Internet of Thing (IoT): Ontology Development

  • Amir Mohamed Talib (Information Technology Department, College of Computer and Information Sciences, Al Imam Mohammad Ibn Saud Islamic University (IMSIU))
  • Received : 2023.08.05
  • Published : 2023.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

The use of sensors and actuators as a form of controlling cyber-physical systems in resource networks has been integrated and referred to as the Internet of Things (IoT). However, the connectivity of many stand-alone IoT systems through the Internet introduces numerous security challenges as sensitive information is prone to be exposed to malicious users. In this paper, IoT based-security issues ontology is proposed to collect, examine, analyze, prepare, acquire and preserve evidence of IoT security issues challenges. Ontology development has consists three main steps, 1) domain, purpose and scope setting, 2) important terms acquisition, classes and class hierarchy conceptualization and 3) instances creation. Ontology congruent to this paper is method that will help to better understanding and defining terms of IoT based-security issue ontology. Our proposed IoT based-security issue ontology resulting from the protégé has a total of 44 classes and 43 subclasses.

Keywords

References

  1. J. E. Ibarra-Esquer, F. l. F. Gonzalez-Navarro, B. L. Flores-Rios, L. Burtseva, and M. A. Astorga-Vargas, "Tracking the evolution of the internet of things concept across different application domains," Sensors, vol. 17, p. 1379, 2017. 
  2. M. James, M. Chui, P. Bisson, J. Woetzel, R. Dobbs, J. Bughin, and D. Aharon, "The internet of things: Mapping the value beyond the hype," McKinsey Global Institute, vol. 3, 2015. 
  3. T. R. Gruber, "A translation approach to portable ontology specifications," Knowledge acquisition, vol. 5, pp. 199-220, 1993.  https://doi.org/10.1006/knac.1993.1008
  4. D. L. McGuinness and F. Van Harmelen, "OWL web ontology language overview," W3C recommendation, vol. 10, p. 2004, 2004. 
  5. A. M. Talib, R. Atan, R. Abdullah, and M. A. A. Murad, "Security ontology driven multi agent system architecture for cloud data storage security:: Ontology development," International Journal of Computer Science and Network Security (IJCSNS), vol. 12, p. 63, 2012. 
  6. Z. D. Eri, R. Abdullah, M. A. Jabar, M. A. A. Murad, and A. M. Talib, "Ontology-based virtual communities model for the knowledge management system environment: ontology design," in Ontology-Based Applications for Enterprise Systems and Knowledge Management: IGI Global, 2013, pp. 343-360. 
  7. A. M. Talib and F. O. Alomary, "Towards a Comprehensive Ontology Based-Investigation for Digital Forensics Cybercrime," International Journal on Communications Antenna and Propagation, vol. 5, pp. 263-268, 2015.  https://doi.org/10.15866/irecap.v5i5.6112
  8. A. M. Talib, F. O. Alomary, H. F. Alwadi, and R. R. Albusayli, "Ontology-Based Cyber Security Policy Implementation in Saudi Arabia," Journal of Information Security, vol. 9, pp. 315-333, 2018.  https://doi.org/10.4236/jis.2018.94021
  9. G. Denker and L. Kagal, "Security Annotation for DAML web services," in Proc. 2nd International Semantic Web Conference (ISWC2003), Sanibel Island, Florida, USA, 2003. 
  10. G. Denker, L. Kagal, and T. Finin, "Security in the Semantic Web using OWL," Information Security Technical Report, vol. 10, pp. 51-58, 2005.  https://doi.org/10.1016/j.istr.2004.11.002
  11. A. Kim, J. Luo, and M. Kang, "Security ontology for annotating resources," in OTM Confederated International Conferences" On the Move to Meaningful Internet Systems", 2005, pp. 1483-1499. 
  12. S. Fenz and A. Ekelhart, "Formalizing information security knowledge," in Proceedings of the 4th international Symposium on information, Computer, and Communications Security, 2009, pp. 183-194. 
  13. A. Herzog, N. Shahmehri, and C. Duma, "An ontology of information security," International Journal of Information Security and Privacy (IJISP), vol. 1, pp. 1-23, 2007.  https://doi.org/10.4018/jisp.2007100101
  14. A. Gyrard, C. Bonnet, and K. Boudaoud, "An ontology-based approach for helping to secure the ETSI machine-to-machine architecture," in 2014 IEEE International Conference on Internet of Things (iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom), 2014, pp. 109-116. 
  15. B. A. Mozzaquatro, R. Jardim-Goncalves, and C. Agostinho, "Towards a reference ontology for security in the Internet of Things," in 2015 IEEE International Workshop on Measurements & Networking (M&N), 2015, pp. 1-6. 
  16. F. de Franco Rosa, M. Jino, and R. Bonacin, "Towards an ontology of security assessment: A core model proposal," in Information Technology-New Generations: Springer, 2018, pp. 75-80. 
  17. M. Tao, J. Zuo, Z. Liu, A. Castiglione, and F. Palmieri, "Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes," Future Generation Computer Systems, vol. 78, pp. 1040-1051, 2018.  https://doi.org/10.1016/j.future.2016.11.011
  18. C. Choi and J. Choi, "Ontology-Based Security Context Reasoning for Power IoT-Cloud Security Service," IEEE Access, vol. 7, pp. 110510-110517, 2019.  https://doi.org/10.1109/ACCESS.2019.2933859
  19. P. Gonzalez-Gil, A. F. Skarmeta, and J. A. Martinez, "Towards an ontology for iot context-based security evaluation," in 2019 Global IoT Summit (GIoTS), 2019, pp. 1-6. 
  20. M. F. Arruda and R. F. BulcALo-Neto, "Toward a lightweight ontology for IoT privacy," in Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, 2019, pp. 880-888. 
  21. T. Priebe, W. Dobmeier, and N. Kamprath, "Supporting attribute-based access control with ontologies," in First International conference on availability, reliability and security (ARES'06), 2006, pp. 8 pp.-472. 
  22. T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thuraisingham, "R OWL BAC: representing role based access control in OWL," in Proceedings of the 13th ACM symposium on Access control models and technologies, 2008, pp. 73-82. 
  23. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr. "Basic concepts and taxonomy of dependable and secure computing." Dependable and Secure Computing, IEEE Transactions on 1.1 (2004): 11-33.  https://doi.org/10.1109/TDSC.2004.2
  24. A. Ekelhart, S. Fenz, M. D. Klemen and E. R. Weippl. Security ontology: Simulating threats to corporate assets. Springer Berlin Heidelberg, 2006. 
  25. A. Ekelhart, S. Fenz, M. Klemen, and E. Weippl, "Security ontologies: Improving quantitative risk analysis," Proc. Annu. Hawaii Int. Conf. Syst. Sci., 2007. 
  26. G. Goluch, A. Ekelhart, S. Fenz, S. Jakoubi, S. Tjoa, and T. Muck, "Integration of an ontological information security concept in risk aware business process management." Hawaii International Conference on System Sciences, Proceedings of the 41st Annual. IEEE, 2008. 
  27. S. Fenz, and E. Weippl. Ontology based IT-security planning. IEEE, 2006. 
  28. J. Undercoffer, A. Joshi, and J. Pinkston, "Modeling Computer Attacks : An Ontology for Intrusion Detection," pp. 113-135, 2003. 
  29. A. Garcia-Crespo, J. M. Gomez-Berbís, R. Colomo-Palacios, and G. Alor-Herna ́ndez, "SecurOntology: A semantic web access control framework." Computer Standards & Interfaces 33.1 (2011): 42-49.  https://doi.org/10.1016/j.csi.2009.10.003
  30. V. Raskin, C. F. Hempelmann, K. E. Triezenberg, and S. Nirenburg, "Ontology in information security: a useful theoretical foundation and methodological tool," in Proceedings of the 2001 workshop on New security paradigms, 2001, pp. 53-59. 
  31. A. Evesti, R. Savola, E. Ovaska, and J. KuusijArvi, "The design, instantiation, and usage of information security measuring ontology," in MOPAS 2011, The Second International Conference on Models and Ontology-based Design of Protocols, Architectures and Services, 2011, pp. 1-9. 
  32. D. Feledi and S. Fenz, "Challenges of web-based information security knowledge sharing," in 2012 Seventh international conference on availability, reliability and security, 2011, pp. 514-521. 
  33. P. Salini and S. Kanmani, "A knowledge-oriented approach to security requirements engineering for e-voting system," International Journal of Computer Applications, vol. 49, 2012. 
  34. A. Gyrard, C. Bonnet, and K. Boudaoud, "The stac (security toolbox: attacks & countermeasures) ontology," in Proceedings of the 22nd International Conference on World Wide Web, 2013, pp. 165-166. 
  35. I. Kotenko, O. Polubelova, I. Saenko, and E. Doynikova, "The ontology of metrics for security evaluation and decision support in SIEM systems," in 2013 International Conference on Availability, Reliability and Security, 2013, pp. 638-645. 
  36. P. Salini and S. Kanmani, "Ontology-based representation of reusable security requirements for developing secure web applications," International Journal of Internet Technology and Secured Transactions, vol. 5, pp. 63-83, 2013.  https://doi.org/10.1504/IJITST.2013.058295
  37. W. Kang and Y. Liang, "A security ontology with MDA for software development," in 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, 2013, pp. 67-74. 
  38. U. Koinig, S. Tjoa, and J. Ryoo, "Contrology-an ontology-based cloud assurance approach," in 2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2015, pp. 105-107. 
  39. C. Blanco, J. Lasheras, E. Fernandez-Medina, R. Valencia-Garcia, and A. Toval, "Basis for an integrated security ontology according to a systematic review of existing proposals," Computer Standards & Interfaces, vol. 33, pp. 372-388, 2011.  https://doi.org/10.1016/j.csi.2010.12.002
  40. A. Souag, C. Salinesi, and I. Comyn-Wattiau, "Ontologies for security requirements: A literature survey and classification," in International conference on advanced information systems engineering, 2012, pp. 61-69. 
  41. S. Alam, M. M. R. Chowdhury, and J. Noll, "Interoperability of security-enabled internet of things," Wireless Personal Communications, vol. 61, pp. 567-586, 2011.  https://doi.org/10.1007/s11277-011-0384-6
  42. A. Ekelhart, S. Fenz, and T. Neubauer, "Aurum: A framework for information security risk management," in 2009 42nd Hawaii International Conference on System Sciences, 2009, pp. 1-10.