Ontology in Information Security 2001 Raskin

7/29/2019 Ontology in Information Security 2001 Raskin

1/7

O n to l o g y i n I n fo r m a t i o n S e c u r i ty : A Us e fu l T h e o r e t i c a lF o u n d a t i o n a n d M e t h o d o l o g i c a l T o o lVictor R askJn,Christian F. Hempelmann,Katdna E. Tdeze nberg

CER IAS, Purdue U n ive rsi tyWe s t La faye t te , INvraskin, hem pelm a, kat tr iez@ purdue.edu

Serge i NirenburgCom put ing R esearch Labora to ry , Ne w Me x ico S ta teUnivers i ty

[ .as Cruces, [email protected]

A B S T R A C TT h e p a p e r i n t r o d u c e s a n d a d v o c a t e s a n o n t o l o g i c a l s e m a n t i ca p p r o a c h t o i n f o r m a t i o n s e c u r i t y . B o t h t h e a p p r o a c h a n d i tsr e s o u r c e s , t h e o n t o l o g y a n d l e x i c o n s , a r c b o r r o w e d f r o m t h ef i e l d o f n a t u r a l l a n g u a g e p r o c e s s i n g a n d a d j u s t e d t o th e n e e d so f th e n e w d o m a i n T h e a p p r o a c h p u r s u e s t h e u l t im a t e d u a lg o a l s o f i n c l u s i o n o f n a t u ra l l a n g u a g e d a t a s o u r c es a s a ni n t e g r a l p a r t o f t h e o v e r a l l d a ta s o u r c e s i n i n f o r m a t i o n s e c u r i t ya p p l i c a t i o n s , a n d f o r m a l s p e c i f i c a t i o n o f th e i n f o r m a t i o ns e c u r i ty c o m m u n i t y k n o w - h o w f o r th e s u p p o r t o f r o u t i n e a n dt i m e - e f f i c i e n t m e a s u r e s t o p r e v e n t a n d c o u n t e ra c t c o m p u t e ra t t a c k s . A s t h e f i r s t o r d e r o f t h e d a y , t h e a p p r o a c h i s s e e n b yt h e i n f o r m a t i o n s e c u r i t y c o m m u n i t y a s a p o w e r f u l m e a n s t oo r g a n i z e a n d u n i f y t h c te r m i n o l o g y a n d n o m e n c l a t u r e o f th ef i e l d .KeywordgD o c u m e n t a t i o n , S e c u r i t y , H u m a n F a c t o r s , S t a n d a r d i z a t i o n ,L a n g u a g e s , T h e o r y ,1. O N T O L O G I C A L N E E D S I N

I N F O R M A T I O N S E C U R I T Y . T A K E O N EO n e o f t h e m a n y i n t er e s ti n g r e s u lt s e m a n a t i n g f r o m t h e l q S P W -2 0 0 0 d i s c u s s i o n s i n B a l l y c o t t o n w a s t h e r e a l i z a t i o n t h a t t h ef i e l d w o u l d g a i n c o n s i d e r a b ly b y a d o p t i n g o n t o l o g y a s at h e o r e t ic a l f o u n d a t i o n a n d a m e t h o d o l o g i c a l t o o l. B e s i d e s m yo w n p a p e r o n t h e i n t e r f i ~ e b e t w e e n n a t u r a l l a n g u a g ep r o c e s s i n g an d i n f o r m a t i o n s a c ur i ty , o n l y o n e o t h e r p a p e r( T e m p l e t o n a n d L e v i t t 2 0 0 l - - h e r e a n d e l se w h e r e , a d m i t te d l yc o n f u s i n g l y , 2 0 0 1 i s th e y e a r o f p u b l i c a t i o n o f t h e N S P W -2 0 0 0 p r o c e e d i n g s ) m e n t i o n e d t h e t e r m b y n a m e , b u t s e v e r a lo t h e r s o u t l in e d t h e is s u e s a n d v o i c e d c o n c e r n s , f o r w h i c h t h eo n t o l o g i c a l a p p r o a c h w i l l b e a v a l u a b l e r e s o u r c e i ns y s t e m a t i z i n g t h e p h e n o m e n a in t he p u r v i e w , e n a b l i n g t h em o d u l a r a p p r o ac h , a n d p r e d i c t in g n e w p h e n o m e n a - - s u c h a s

Pe rmi s s i on t o ma ke d i g i t a l o r hard c op i e s o f a l l o r pa r t o f t h i s work fo rpe r sona l o r c la s s room use i s g ra n t e d wi t hou t f e e p rov i de d t he / c op i e s a reno t ma de o r d i s l r ibu t e d fo r p rof i t o r c om me rc i a l a dva n l a gc a nd t ha t c op i e sbear thi s not ice and the ful l c i t a t ion on thc f i rs t page . To copy otherwise ,or republi sh, to post on servers or to redi s t r ibute to l i s ts , requk es priorspe c i f i c pe rmi s s i on a nd / or a t i c .NSP;F'OI, Se pt e mbe r 10-13 h . 2002 , C l oudc m f l , Ne w Me xi c o , US A.C opyr i gh t 2002 AC M 1-58113-457-6 / 01 / 0009 . . . $5 .00 .

t y p e s o f a t t a ck o r a n y n u m b e r o f o t h e r s . O n e g i v e - a w a y s i g nt h a t o n t o l o g y i s c a l le d f o r i s t h e i n t r o d u c t i o n o f a ta x o n o m ya n d t h e d e p e n d e n c e o f t h e a p p r o a c h o n i t . S i m i l a r l y , a ni m p o r t a n t " s i d e s h o w " o n a n o n y m i t y a t t he r e c en t I H W - 0 1( P f i t z m a n n a n d K f h n t o p p 2 0 0 I ) w a s a t t e m p t i n g s u i ta b l c a n da c c e p t a b l e d e f i n i t i o n s f o r a n o n y m i t y , u n l i n k a b i l i t y ,u n o b s e r v a h i l i ty , a n d p s c u d o n y m y a n d c x p e r i e n c i n gd i f f i c u l t / a s t h a t p r e v e n t e d t h e h i g h - p o w e r e d g r o u p o fr e s e a r ch e r s to r ea c h c o n s e n s u s l a r g e l y b e c a u s e o f t h eu n a v a i l a b i l i t y o f t h e o n t o l o g i c a l t o o l t o t h e g r o u p. I n a ni m p o r t a n t i n i t i a t i v e t h e y c a l l " t h e c o m m o n l a n g u a g e f o rc o m p u t e r s e c u r i t y in c i d e n t i n f o r m a t i o n , " H o w a r d a n d M e u n i c r( 2 0 0 2 ) c o n v i n c i n g l y d i s c u s s t h e n e c e s s i ty t o s t r u ct u re t h ei n c i d e n t r e p o r t s t o e n h a n c e r a p i d r e s p o n s e s . " T h e t w o p a r t s o ft h is c o m m o n l a n g u a g e a r e

1. a s e t o f " h i g h - l e v e l " i n c i d e n t - r e l a t e d t e rm s , a n d1 . a m e t h o d o f c l a s s i f y i n g i n c i d e n t i n f o r m a t i o n ( at a x o n o m y ) . . .[ T ] h e t w o p a r ts o f t h e c o m m o n l a n g u a g e ( t h e t e r m s a n d t h et a x o n o m y ) ar e c l o s e l y r el a t ed . T h e t a x o n o m y p r o v i d e s as t ru c t u r e t h a t s h o w s h o w m o s t o f c o m m o n l a n g u a g e t e r m s a r er e l at e d . T h e c o m m o n l a n g u a g e i s i n t e n d e d t o h e l p y o ui m p r o v e y o u r a b i l it y to

t a lk m o r e u n d e r s t a n d a b l y w i t h o t h e r s a b o u ti n c i d e n t s , g a t h e r , o r g a n i z e , a n d r e c o r d i n c i d e n t i n f o r m a t i o n , e x t r a c t d a t a f r o m i n c i d e n t i n f o r m a t i o n , s u m m a r i z e , s h a r e , a n d c o m p a r e i n c i d e n t i n f o r m a t i o n , u s e i n c i d e n t i n f o r m a t i o n t o e v a l u a t e an d d e c i d e o np r o p e r c o u r s e s o f ac t i o n , a n d u s e i n c i d e n t i n f o r m a t i o n to d e t e rm i n e ef f e c ts o fa c t io n s o v e r t i m e . "

T h i s p a s sa g e s u m m a r i z e s v e r y w e l l w h a t a n o n t o l o g y f o r t h ed o m a i n o f i n f o r m a t i o n s e c u r i t y c a n d o b e c a u s e , c o u p l e d w i t ht h e o n t o l o g y - b a s e d l e x i c o n , i t p r o v i d e s " t h e t w o p a r t s o f th ec o m m o n l a n g u a g e " f o r t h e f i el d , an d m u c h m o r e .1. W H A T IS O N T O L O G Y ?N o t to b e c o n f u s e d w i t h t h e p h i l o s o p h i c a l d i s c i p li n e o fm e t a p h y s i cs , l o n g t h e l a u g h i n g s t o c k o f e m p i r i c i s tp h i l o s o p h y a n d r e c e n t l y e x p e r i e n c i n g a s p e c t a c u l a r c o m e b a c k ,o n t o l o g y i s a c o n s t r u c t e d m o d e l o f r e a l it y , a t h e o ry o f t h ew o r l d - - m o r e p r a c t ic a l ly , a t h e o ry o f a d o m a i n . I n s t il l m o r ep r a c t i c a l t e r m s , i t is a h i g h l y s t r u c t u r e d s y s t e m o f c o n c e p t s

5 3


2/7

covering the processes, objects, and attributes of a domain inall of their pertinen t comp lex relations, to the grain sizedetermined by such considerations as the need of anapplication or computational complexity. Thus, an ontologymay divide the root concept ALL i:nto EVENTs, OBJECTs, andPROPERTYs (Fig. 1); EVENTs into MENT A~EV ENTs ,PHYSICAL-EVENTs, and SOCIAL-EVENTs (Fig. 2), O B J E C T sinto Ib/TANGIBLE-OBJECTs, MENTAL-OBJECTs , PHYSICAL-OBJECTs and SOCIA L-OBJ ECTs (Fig. 3), PROPE~TYs intoR E L A T I O N s (hi-ormultiplace at:tributes) and A T T R I B U T E s(one-place) (Fig. 4, 5)---and so on, to finer and finer details.

~-;-~ALLi--..C~ EVENT

OB. l---CTL.-C~ PROPERTYF/g ure 1. ALL tree:, 1 level down.

-~c~ EVENTi-..-~ MENTAL-EVENTi-..-~ PHYSI(.AL- EVENT~----~ SOCIAL-EVENTFigure 2. EVE NT tr~e, I level down.

4 ~ O B 3 E C T!-.--C~l NTANG I. B L E - OBJ EC Ti . . . .~ ME NTAL- OB_]E CTI.-..CC4P HY SI CAL.- OB] ECTL . . . ~ S O C IAL - O B-]E CTFigure 3. OBJ EC T tl~e, I level down.

-4~PROPERTYI.-.-C~ ATTRII]UTEi '~ ONTOLOGY-SLOTL.,~ RELATION

Figure 4. PRO PER TY tree, 1 level down.

Formally, then, an ontology is a tangled hierarchy ofconceptual nodes, each of which (:an be represent ed as:concept-name(property-slot property-value)+In other words, a concept has one or (usually) more properties.Every concept but the root AL L has the property IS-A, and the

value of the property is the parent of this concept, the highernode---so the concept MENTAL-PROCESS, a child o fPROCESS, is, on partial view, as follows:mental-processis-a process (property-slot property-value)+

(~ALL.....~EVENT!--"C~ MENTAL-EVENTi--.-~ PHYSICAL-EVENT-L..~ SOCIAL-EVENT

.....C=~OB-]ECT!-"-C~ NTANGIBLE-OBJECTi.-..C~ MENTAL-OBI ECTi----C~3 PHYSIAL- OB3ECTL..t'~3 SOCIAL- OB-]ECT

.....~PROPERTYi----~ ATTRI BUTE!..-.~ ONTOLOGY-SLOT.....~ RELATION

Figur e S. ALL tree, 2 levels down.

The value of the IS-A property may be a disjunction of two ormore concepts. Thus, a concept may have multi ple parents andmultiple inheritance. It shares the latter formal feature with theobject-orient ed programmi ng languages, which are indeedsuitable for implementing ontological procedures. The object-or iented approach lacks the conceptual conten t of ontology,so it is not sufficient for addressing the information securityneeds discussed here. To our (limited) knowledge, no object-oriented proposal of this kind has been made. The distinctionbetwe en form and content is crucial for understandi ng theproposed ontological paradigm, and it often escapes theformalism-based disciplines. The discussion at the Workshopcontributed significantly to clarifying this distinction, and wehope that this article ithe next step in the same direction. It isalso possib le to present this format of ontol ogy as alatt ice--- in fact , the ontolo gies consti tut e a special subset ofla tt ices. Again, however , i t is the content of ontologies thatmakes them useful for information security, independently ofthe choice o f formats.Obviously, an ontology provides a powerful taxonomic toolfor an unlimited set of phenomena because each property-slotdetermines the class of concepts that have the property andeach value a subclass of that c lass. A typical onto logy hashundred s of proper ties. It is not ewor thy also that, with anontology (as with the object-or iented approach) , one escapesthe problems of cross-classi fication, whe n decidi ng which of,say, the two features to apply first has a theoretical andmethodological price tag.

54


3/7

B u t a n o n t o l o g y is m u c h m o r e t h an t h a t - - p r i m a r i l y b e c a u s e o fi n h e r i ta n c e . I n h e r i t a n c e is t h e d o w n - p r o p a g a t i o n o f p r o p e r t i e s ,w i t h t h e i r v a l u e s f i l l e d , f r o m p a r e n t s t o c h i l d r e n a n d f u r t h e rd e s c e n d an t s . W h e n w e l o o k a t a t a b l e w e m a y n o t i c e t h a t i t i sm a d e o f w o o d , i s o v a l - s h a p e d , a n d h a s f o u r l e g s . E a c h o f t h e s ep r o p e r t y v a l u e s c o u l d b e d i f f e r e n t w i t h a d i f f e r e n t t a b l e, s ot h e s e p r o p e r t i e s b e l o n g t o t h i s p a r t i c u l a r o b j e c t . B u t w e k n o wm u c h m o r e a b o u t t h e p r o p e r t i e s o f t h i s t a b l e : W e k n o w t h a t iti s d e s i g n e d t o b e u s e d f o r v a r i o u s p u r p o s e s , u s u a l l y i n st r o o m ,u s u a l l y l o n g - t e r m , u s u a l l y r a t h e r e x p e n s i v e l y , a n d i t w o u l dh a v e b e e n b o u g h t i n a f u r n i tu r e s t o r e - - - a l l o f t h a t w e k n o w b yv i r t u e o f a t a b l e b e i n g f u r n i t u r e , i . e. , t h e c o n c e p t F U R N I T U R Ei s a p a r e n t o f t h e c o n c e p t T A B LF ~ W e a l s o k n o w t h a t t h e t a b l ew a s s p e c i a l l y m a n u f a c t u r e d b y s t h u m a n o r h u m a n s ( w h o m a yh a v e d e s i g n e d a n d / o r o p e r a t e d m a c h i n e s i n th e p r o c e s s o fm a n u f a c t u r i n g t h e t a b l e ) r a t h e r t h a n b e i n g a n a t u r a l l yo c c u r r i n g o b j e c t - - t h i s w e k n o w b e c a u s e T A B L E i n h e r i te d t h a tp r o p e r t y f r o m A R T I F A C T , t h e p a r e n t o f F U R N I T U R E. F i n a l l y ,w e k n o w t h a t t h e t a b l e h as t h re e s p a t i a l a n d o n e t e m p o r a ld i m e n s i o n , i . e . , t h a t t h e t a b l e o c c u p i e s a c e r t a i n s p a c e a t ac e r t a i n t i m e - - - b e c a n s e i ts o n t o l o g i c a l a n c e s t o r A R T I F A C T i s ac h il d o f P H Y S I C A L - O B J E C T .T h i s s i m p l e e x a m p l e o f h o w t h e v a r i o u s p r o p e r t i e s o r i g i n a t ew i t h t h e c o n c e p t i t s e l f o r ar e i n h e r i t e d f l o r a a n o n t o l o g i c a la n c e s t o r ca n b e r e p e a t e d w i t h c o m p u t e r a t t a c k s o r a n y o t h e rt y p e s o f p h e n o m e n a , n o t n e c e s s a r i l y r e l a t e d t o n a t u r a ll a n g u a g e a n d c e r ta i n l y i n d e p e n d e n t o f a n y s p e c i f i c l a n g u a g e ,a n d e v e r y p a r t i c i p a n t c a n p r o d u c e s u c h e x a m p l e s f r o m h i s o rher own r e s e a r c h p u r v i e w . I n f a ct , w e w o u l d c h a l l e n g e a n yp a r t i c i p a n t t o d e c l a r e a n d d e f e n d a v i e w t h a t h i s o r h e ra p p r o a c h h a s n o o n t o l o g i c a l m a t e r i a l i n i t. W e , o n t h e o t h e rh a n d , w o u l d l i k e t o b e c h a l l e n g e d t o - d e m o n s t r a te t h e b e n e f i t so f t h e o n t o l o g i c a l r e s o u r c e f o r a n y a p p r o a c h , a n d w e w o u l dp r o c e e d to d o s o b y a s k i n g t h e c h a l l e n g e r a sh o r t l i s t o fp e r t i n e n t q u e s t i o n s a b o u t t h e n a t u r e o f t h e p h e n o m e n a t h ea p p r o a ch d e a l s w it h . A n y s i m i l a r i t y to t h e c o m p o s i t i o np r o b l e m , a s c a r y p r o s p e c t f o r a n o t h e r w i s e m o s t w e l l - d i s p o s e da n o n y m o u s r e v i e w e r , i s n o t i n t e n d e d h e r e a n d , w e b e l ie v e , n o tp r e s e n t, a n d t h e d i s c u s s i o n d i d n o t b r i n g u p a n y u n f a m i l i a rf o r m u l a t i o n o f t h a t p r o b l e m .3. O N T O L O G I C A L N E E D S I N

I N F O R M A T I O N SECURITY. TAKE T W OW h a t w e a r e p r o p o s i n g h e r e i s e x t e n d i n g r e s e a r c h a n da p p l i c a t io n p a r a d i g m s i n in f o r m a t i o n s e c u r i t y b y i n c l u d i n gn a t u r a l l a n g u a g e d a t a s o u r c e s . T h e p r o p o s a l c o n c e n t r a t e s o nt w o i s s u e s :

I n c l u s i o n o f n a t u r a l l a n g u a g e d a t a so u r c e s a s a nintegral part o f t h e o v e r a l l d a t a s o u r c e s i ni n f o r m a t i o n s e c u r i t y a p p l i c a t i o n s , a n d f o r m a l s p e c i f i c a t i o n o f t h e i n f o r m a t i o n s e c u r i t yc o m m u n i t y k n o w - h o w f o r t h e s u p p o r t o f r o u t in e a n dt i m e - e f f i c i e n t m e a s u r e s t o p r e v e n t a n d c o u n t e r a c tc o m p u t e r a t t a c k s

W h e r e d o e s n a t u r a l l a n g u a g e d a t a p l a y a r o l e i n I n f o S e c ? H e r ea r e s o m e r e p r e s e n t a t i v e e x a m p l e s : s y s a d m i n l o g s a r e w r i t t e n i n a s u b l a n g u a g e o f stn a t u r a l l a n g u a g e ( a n d c a n b e a ll o w e d t o c o n t a i n m o r ec o m p l e x l a n g u a g e i f t h e p r o c e s s i n g s y s t e m s a r ec a p a b l e o f U ' e a t i n g i t ) ;

i n f o r m a t i o n h i d i n g ( s t e g a n o g r a p h y , N Lw a t e r m a r k in g ) d e p e n d s o n N L P ; d o w n g r a d i n g w i l l p r o v i d e a u t o m a t i c f i l t e r i n g o fs e n s i t i v e i n f o r m a t i o n f r o m d o c u m e n t s i n t e n d e d f o rd i s s e m i n a t i o n ; d o c u m e n t s i n n a t u r a l l a n g u a g e c a n b e s c a n n e d f o rd e t e c t i n g p o s s i b l e i n t e l l e c t u a l p r o p e r t y l e a k a g e ; i f a n I n f o S e c t a s k i n v o l v e s h u m a n a l o n g s i d e s o t t w a r ea g e n t s, N L P i s t h e m o s t e f f i c i e n t w a y o f i n t e r a g e n t

c o m m u n i c a t i o n .I n t h e p a s t , t h e a b o v e t a s k s , i f a t a l l a t t e m p t e d , w e r e s u p p o r t e db y e i th e r k e y w u r d - b a s e d s e a rc h t e c h n o l o g y o r t h r o u g hs t o c h a st i c m e c h a n i sm s o f m a t c h in g a n d d e t e rm i n a t i o n o fd i f f e r e n c e s b e t w e e n t w o d o c u m e n t s . T h e s e a p p r o a c h e s h a v ea p p r o a c h e d t h e c e i l i n g o f t h e i r c a p a b i l i t i e s .W e p r o p o s e a n e w , c o n t e n t - o r i e n t e d , k n o w l e d g e - a n d m e a n i n g -b a s e d a p p ro a c h t o fo r m t h e b a s is o f t h e N I P c o m p o n e n t o f t h ei n f o r m a t i o n s e c u r i t y r e s e a r c h p a r a d i g m . T h e d i f f e r e n c eb e t w e e n t h i s k n o w l e d g e - b a s e d a p p r o a c h a n d t h e o l d " e x p e r ts y s t e m " a p p r o a c h i s t h a t t h e f o r m e r c o n c e n t r a t e s o nf e a s i b i l i t y , f o r e x a m p l e , b y u s i n g a g r a d u a l a u t o m a t i o na p p r o a c h t o v a r i o u s a p p l i c a t i o n t a s k s . T h e o n t o l o g i c a la p p r o a c h a l s o d e a l s , h o w e v e r , a l b e i t a t a m u c h m o r es o p h i s t i c a te d l e v e l w i t h e n c o d i n g a n d u s i n g t h e c o m m u n i t yk n o w - h o w f o r a u t o m a t i c t r a in i n g a n d d e c i s i o n s u p p o r ts y s te m s . T h e c u m u l a t iv e k n o w l e d g e o f t h e i n f o r m a t i o ns e c u r i t y c o m m u n i t y a b o u t t h e c l a s s i f i c a t i o n o f t h r e at s , t h e i rp r e v e n t i o n a n d a b o u t d e f e n s e a g a i n s t c o m p u t e r a t t a c k s s h o u l db e f o r m a l i z e d , a n d t h i s k n o w l e d g e m u s t b e b r o u g h t t o b e a r i nd e v e l o p i n g a n in d u s t r y- w i d e , c o n s t a n t l y u p g r a d e ab l m a n u a lf o r c o m p u t e r s e c u r i t y p e r s o n n e l t h a t m a y i n v o l v e a n u m b e r o fd e l i v e r y v e h i c l e s , i n c l u d i n g a n o n l i n e q u e s t i o n - a n s w e re n v i r o n m e n t a n d a k n o w l e d g e - b a s e d d e c i s i o n s u p p o r t s y s t e mw i t h d y n a m i c r e p l a n n i ng c a p a b i l i t i e s f o r u s e b y c o m p u t e rs e c u r i t y p e r s o n n e l . T h e u n d e r l y i n g k n o w l e d g e f o r b o t h o ft h e s e a v e n u e s o f i n f o r m a t i o n s e c u r i t y p a r a d i g m e x t e n s i o n c a n ,a s i t h a p p e n s , b e fo r m u l a t e d i n a si n g l e s t a n d a r d f o r m a t. T h ek n o w l e d g e c o n t e n t w i l l r e a d i l y e n j o y d u a l u s e i n b o t h N L d a t ai n c l u s i o n a n d d e c i s i o n s u p p o r t , a n d i t ' i s m a d e p o s s i b l et h r o u g h t h e u s e o f o n t o l o g i e s . F i g . 6 b e l o w s h o w s a g e n e r i cs c h e m e o f i n t e r a ct i o n o f th e o n t o l o g i c a l re s o u r c e s a p p l i e d t o ac o n c e p t u a l d o m a i n , s u c h a s i n f o r m a t i o n s e c u r i t y .

Figure 6. Applicsttion of the On tological Pa radigm to stD o m a i n .

55


4/7

The ontological paradigm is a lready used at NMSU CRL tosupport such basic NLP task~L as machine translation,information retrieval and extr~:tion, question answering,planning and summarization. Thel;e tasks have been integratedat CRL and CEItI AS, as well as other sites, such as Bell Labs, inend applications for data mining, informati on security,intelligence analysis, etc.We will now elaborate a bit err the three major benefit sment ion ed at the beginn ing. First, onto logy organizes andsystematizes all the phenomen a il3 the research purview (suchas types of computer attack) at any level of detail, and reducesa large diversity of items to a much smaller list of properties.Secondly, most approaches gain l~om induced modularity, forinstance, by relating certain measures to the detection ofcertain properties (e.g., if a corta:kn property of an attack callsfor a certain measure, a compl ex attack, with a set of properties,will call for the corresp onding sol: of countermeasures). Third,by prov idin g thc full combirJstorics of the compatibleproperties, an ontologically-ba:led approach may predictadditions to its purvi ew (for instzJtce, possible types of attackthat have not ever occur red yet).There are additional benefits to the implementability ofontolog y within an approach. O ntology lends i ts elf easily toan expansion, such as the addition o f a new property, witho utany modification of the existing ones. Of course, the additionof a new concept is an ev en easier thing. (A small pilot projecton extending the existing ontol ogy to the field of informat ionsecurity is, in fact, already underway at CERI AS.) A high lyformal object, ontology can be presented in the pseudocode,BNF, or other appropriate formalisms that lend themselv esmore easily to programmabiliW and computability. Thecurrent stage of develop ment in ontology makes a number ofimportant ready-made resources available to the researcher orpractitioner. These include:

ready-made ontologiee~, general or for specificdomains; formalisms, techniques, and interfaces for importingontologies ; aut omat ic and semi-aut~3m,,ti tools for det ect ing andacquiring new properties; instrumentation for acquir ing new concepts within adomain; techniques for ident ifying and adding a new domainor subdomain to an ontology.

It is note worth y that, while: intrig ued by all thosepossibil ities, the Workshop psxticipants felt that the firstorder of the day was to use the ontological approach to firm upand unify the concepts and *J,-rminology. We are alreadyimplementing this task within a CERIAS/EIi Lil ly pilot grantat Purdu e Uni ver sit y, start ing :.~rom a gloss ary of terms inAppend ix 2. Appendix 1 contains some di scussio n andexamples o f lexical and ontological entries acquired with thatproject.2 . C O N C L U S I O NWe have achieved considerabl( : progress on the interface ofnLtural language processing m3d information security (seeRaskin ct al. 2001; Atallah and Raskin 2001) on the basis ofthese ontol ogical resources, and natural language i nvo lvesmuch more comp lex ontolo .gies than many areas ofinfor matio n security require. This makes us think that the

community should discuss ontology as an extremelypromising new paradigm in the field. I hope that an energeticdiscus sion of the topic will support, enrich, and specify thisview and lead to collaborative research on the use of ontology.3 . A C K N O W L E D G M E N T SThis paper started out as a discussion proposal. Thediscussion at the Worksh op generated a lively discussion, andthe paper reflects the issues discussed and the answers to thequestions. It also reflects the more advanced stage of researchon the ont olog y for information security. The authors aregrateful to the editors o f this vo lume for their understandingthat an updated version of the paper will serve the communitybetter. We are also grateful to the Eli Lill y Foundation and toCERIA S for making the finds for the pilot grant available. Wegreatly appreciate the discussants' contributions at theWorkshop and Bob Blakley's incredibly detailed and accuraterendition of it for our benefit. We owe a special debt o fgratitude to the Workshop leadership, in particular, StoveGrecnwald and Cristina Serban, for the unprecedented specialpermission to Sergei Nirenburg, f rom his nearby base in LosCruces, NM, to join Victor Raskin for the presentation of theproposal--his energy made it much more successful.4 . RE F E RE N CE S[!] Atallah, M.j and Raskin, V. Natural language

watermarking: Design, analysis, and a proof-of-conceptimplementation. In: Moskowitz, I.S. (ed.). Pro-proceedingsof th 4th Information Hiding Works hop. PittsburghUniv ersit y Center, Pittsburgh, PA, 2001, 193-208. Seealso http:I/chas.url.navy.mil/IHW2001/accepted.html orhttp .'//omni co .purdue .du/--vraski n/IHW.AtaR asEtA].pd/).[2] Kabay, M. and Bosworth, S. (eds.). Computer SecurityHandbook, 4th cd. John Wile y and Sons, New York, ]qY,2002.[3] Pfitzmann, A., and Kth ntop p, M. Anony mity,unobservabili ty, and psudonymy--A proposal forterminology, Position paper for a symposium onanonymity at IHW-01, 2001.ht tp "//www.]coehn to pp.de/ mari t/p ub/an o rdihw/An o n_T erminology_IHW.pdf.[4] Raskin, V., Atallah, M., McDo nou gh, C., and Nirenh urg, S.Natural language processing for information assuranceand security: An overvi ew and implementations. In:Proceedings ofNSPW -2000 . ACM Press, New York, NY,2001, 51-65.[5] Templeton, S., and Levitt, K. A requires/pro vides modelfor compute r attacks, l'bid, 31-38.5 . A D D I T I O N A L RE S O U RCE SFor a detailed descr ipt ion of the largest fully implementedontology, see Chapter 7 of S. Nirenburg and V. Raskin'sOntological Semantics, forthcoming, http://crl.nmsu.edu/S taff.pages /Teclmical /sargei/b ook/ind ex-book.h ml. Tobrowse the Web tool for largely the ~rne ontology, go tohttp:/ /messeue.nmsu.edu: 9021/, guest Iogin "purdue," guestpassword "ont.q90" (sorry, no editing privileges).For other useful sites on ontology, check out "Links to OtherOntology Sites" at http://erl.nmsu.edu/Research/Projects/mikro/Ihtmls/ontolo gy-htmls/onto. index.hUnl.

56


5/7

S e e a l s o w w w . f o i s . o r g f o r a n i m p o r t a n t f o r t h c o m i n gc o n f e r en c e , w h e r e s o m e o f t h e s i m i l a r p o s i t i o n s w i l l b ep r e s e n t e d t o t h e o n t o l o g i s t s .8 . A P P E N D I X8 .1 E x a m p l e s o f E n t r ie sA s s h o w n o n F i g . 6 a b o v e , o n t o l o g y a n d l e x i c o n s a r e t w o o ft h e s t a t i c r e s o u r c e s w i t h i n t h e o n t o l o g i c a l s e m a n t i c p a r a d i g m .F i g . 7 s h o w s a n e n t r y f o r c o m p u t e r - s e c u r i t y , c l e a r l y d i s p l a y i n gb o t h i ts o w n , l o c a l l y d e f i n e d p r o p e r t i e s a n d t h e o n e s i n h e r i t e df r o m i t s a n c e s t o r s .m D e f in e d In C O M P U T E R - S E C U R I T Ym D E F I N I T I O N V A L U E a f ie l d t h a t d e v e l o p s s ol = tw a r e to a s s u r ee n d s e c u r e I n f o r m a t i o n e n d p r o l :e e ta g a i n s t u n a u t h o r i z e d a c c e s sB I S - A V A L U E ~B C O M P U T E R - S C I E N C E , e e S O F T W A R E -E N G I N E E R I N GB In h e r l t e d f r o m F I E L D - O F - S T U D Ym T H E M E - O F S E M m , : . , I . ; ' T , F..,'2=:~,1 'I "' I ' E..E .'E' I'Fm HAS -PAR TS SEM * IC 'T I"~ !i I~ Im PA RT -O F SEM " I '~"T}-"II I I ,:-; "m I n h e r i t e d f ro m A B S I ~ R A C T - O B J E C Ts C A U S E D - B Y S E M f. I'~,'F[-..I:i ,.~-,"[ ] I n h e r i t e d f r o m M E N T A L - O B J E C Tm PA TH -O F SE M m ,.H - ' I , r~;E.~... ,C,:.:.TICI I , E.-~ i !T

F i g u r e 7 . O n t o l o g i c a l e n t r y f o r c o m p u t e r - s e c u r i t y .

O n t o l o g y i s, o f co u r s e , l a n g u a g c - i n d c p e n d c n h i .e ., i t i s t h es a m e f o r a l l l a n g u a g e s . A n o n t o l o g i c a l l e x i c o n i s, o n t h ec o n t r a ry , l a n g u a g e - d e p e n d e n t , i .e . , e a c h l a n g u a g e r e q u i r e s i t so w n l e x i c o n , c o n t a i n i n g i t s o w n w o r d s a n d p h r a s a l s - - - t h e s a m em e a n i n g s , h o w e v e r , w i l l b e p r e s e n t i n th e l e x i c o n s b u td i s t r i b u t e d d i f f e r e n t l y a m o n g w o r d s . T h e E n g l i s h l e x i c o nc o n t a in s a l e x ic a l e n t r y f or o n e s e n s e o f t h e w o r d a n o n y m o u s( F i g . 8 ) ; t h i s s a m e m e a n i n g w i l l a p p e a r i n th e l e x i c o n s f o ro t h e r l a n g u a g e s , w h e r e i t w i l l b e o n e o f t h e s e n s e s o f o t h e rw o r d s , s u c h a s anonyme i n F r e n c h , anonimnyy i n R u s s i a n ,anonimi in H e b r e w , e t c.I n t h e e n l ry , t h e s y n - s t r u c p a r t d e f in e s t h e t w o s y n t a c t i cp a t t er n s , i n w h i c h t h e a d j e c t i v e - - - a n d v i r t u a l l y a l l E n g l i s ha d j e c t i v e s - - - m a y o c c u r , n a m e l y , t h e a t t r i b u t i v e , a s i n [ i t i s a n ]a n o n y m o u s m e s s a g e , a n d p r e d i c a t i v e , s u c h a s [ t h is m e s s a g e ] i sa n o n y m o u s .

A n o n y m o u s - A d j lc a t a d je y n - s t r u c

s e m - s t r u c1 2

r o o t $ v a r lc a t nm o d e r o o t a n o n y m o u sr o o t b i gc a t a d js u b j r o o t $ v a r l

c a t n

A $ v a r ls a m e v e n ta g e n t * u n k n o w n *F i g u r e 8 . E n g l i s h l e x i e a l e n t r y f o r anonymous.

8 .2 G l o s s a r y I t e m s B e i n g A d d e d t o t heO n t o l o g y a n d E n g l i s h L e x i c o nT o a d j u s t t h e l a te s t i m p l e m e n t a t i o n o f t h e o n t o l o g y t o t h ed o m a i n o f i n f o r m a t io n s e c ur i ty , w e h a v e b e e n i m p l e m e n t i n gt h e f i r st s t a g e o f c h e c k i n g a n d a d a p t i n g t h e e x i s t i n g c o n c e p t sa s w e l l a s a c q u i ri n g n e w c o n c e p t s i n t h e o n t o l o g y p a r t o f t h ep i l o t g r a n t p r o j e c t a n d c h e c k i n g a n d a d j u s t i n g l e x i c a l e n t r ys e n s e s a s w e l l a s a c q u i r i n g n e w e n t r i e s i n t h e E n g l i s h l e x i c o n .B e l o w i s t h e l i s t o f t h e w o r d s a n d p h r a s a l s t o b e a c q u i r e d b yt h e c o n c l u s i o n o f t h e p r o j e c t in A u g u s t 2 0 0 2 . F o r e a c h i t e m o nt h e l i s t , w e m a k e s u r e t h a t t h e r e i s a n e n t r y i n t h e E n g l i s hl e x i c o n w i t h t h e a p p r o p r i a t e s e n s e a n d t h a t t h e c o n c e p t sr e q u i r e d f o r d e f i n i n g s u c h a n e n t r y a r e i n p l a c e in t h eo n t o l o g y .T h e l i st h a s b ee n c o m p i l e d ~ o m t h e i n d i ce s o f s t a n d a r di n t r o d u c t i o n s t o t h e f i e l d o f i n f o r m a t i o n s e c u r i t y a s w e l l a ss o m e e x i s t i n g g l o s s a r i e s t h a t w e r e a v a i l a b l e t o u s. T h e l i s td o e s n o t c la i m t o b e f u l l y r e p r e s e n t a t i v e , l e t a l o n e e x h a u s t i v e ,e n d i t i s p r i n t e d h e r e t o :

g i v e t h e c o m m u n i t y a s e n s e o f t h e s c o p e o f t h ec u r r e n t p r o j e c t , a n d t o s o l i c i t s u g g e s t i o n s f o r a d d i t i o n a l s o u r c e s a s w e l la s i n d i v i d u a l i t e m s f o r i n c l u s i o n .

A b s o l u t e r a te A n a l o g A u d i t o p t i o n s B r e a kA c c e s s c o n t ro l A n a l y z a b i l i t y A u t h e n t i c a t e B r u t e f o rc e a t ta c kA c c e s s c o n t ro l l i st A n k l e b i t e r A u t h e n t i c a t i o n B u f f e rA c c e s s c o n t ro l m a t r ix A n o n y m i t y A u t h e n t i c i t y B u f f e r o v e r fl o wA c c e s s l o g a p p l e t A u t o m a t i c r e t a l ia t i o n C a e s a r c i p he rA c c e s s t r ip l e A r b i t e r A v a i l a b i l i t y C a l l b r a c k e tA c c o u n t a b i l i t y A S - 4 0 0 B a c k d o o r C a p a b i l i t ya c c u r ac y A s s o c i a t i v i t y B a c k u p C a r e e i c r i m i na lA d d r e s s A s s u r a n c e B a s e r e g i st e r c a t e g o r yA d j u d i c a b l e A s s y m e t r i c e n c r y p t i o n B a s t i o n h o s t C E RTA g g r e g a t e q u e r y A t t a c k B l o c k c i p h e r C e r t i f i ca t eA g g r e s s i v e s c h e d u l e r A t t r i b u t e B o o t s e c t o r v i r u s C e r t i f i c a t e d i s t r i b u t i o nA l g o r i t h m A u d i t B o o t s t r a p v i r u s c e n t e rA m a t e u r A u d i t l o g B o u n d s r e g i s t e r C e r t i f i c a t e r e v o c a t i o n l i s t

57


6/7

Certification authorityCertified codeCertified mailCGI scriptChange logChannelChecksumChinese wall policyChineseWaU Mode lcipherCipher block chainCiphertextClassificationClearanceClientClique problemCodecollis ionColumnar transpositionCommitCommitmentCommon criteriaCommutativityCompartmentComplexityCompositeCompressionComputing systemConcealConcurrency-controlConfidentialityConfigurationmanagementConfusionConnectivityConservative schedulerConstrained data itemContract signingControlControlled sharingCookieCopyCopyrightODRBACoreCore dumpCorrectCouplingCover storyC o v r tCovert channelCovert timing channelCrackercredentialsCriteria creepcryptanalysisCryptanalystCryp to graphyCryptologyCryp to sy stemCycleDataData encyption standardDatabase

Database managementsys tomDatagramDecidabilityDecipherDecodeDceryptDegausserdependabilityDiagramDiffusionDigestDigitalDigital signatureDigital signature schemeDirectoryDisasterDisclosureDistribu tivityDivisible byDomainDominanceDongleDouble transpositionDriverEffectively s e c u r eEffectivenessEgoismEgoless programmingElectronic-code-book-modeElementEncapsulationEncipherEncodeEncryp tEquivalentError codeError propagationEthicEtiquetteEvaluationEvidenceExecutiveExhaustive attackExpandabilityExposureFabricationFair useFairnessFence reigsterFieldField checkFile protectionFilterFireFirewallFloodFloodingFrequency distributionFront endGuardGuas tHack

HardwareHashHeatHierarchyHostIdentityImpersonateIndex of coincidenceInductanceInferenceInformationInformation hidingInformation le akIntegrityIntegrityInterceptInternal consistencyInterpretation driftInterruptionIntruderInverse divideInverse roodIsolationJoinKasiski methodKernelKeyKey distribution serverKeylcss cipherKnapsackLattice modelLayeringLeast privilegeLicenseLimited privilegeLinkLocal name spaceLogicLogic analyzerLogic bombLuciferMacroMacro virusMaintainMalicious codeMaster keyMeasure of roughnessMechanismMemory-resident virusMental pokerMessage digestMicrowaveModernModificationModular arithmeticModuleModulusMonitorMonoalphabctic cipherMultiplexMutual suspicionNeed-to-knowNetworkNode

NondeterminismNo tarizationNotaryNoveltyNucleusObjectObject request brokerOblivious transferOne-timeOpen designOptical fiberOracle machineOriginalityPacketPacket snifferPagingParasitic virusParityPasswordPatentPayloadPeer code reviewPeer design reviewPermissionPermutationPGP (pretty goodprivacy)PhysicalPlaintextPolicyPolyalphabetic cipherPolymorphic (virus)PolynomialPortP r e c i s eP r i m e n u m b e rPrivacyProbable passwordProblemProduct cipherProgramProjectPropertyProtectProtected objectProtocolQueryRabbitRandom access memoryRead only memoryReceiverRecordRecoverReducibili tyRedundancyRelationRelative primeReliableReligionRelocationRepeaterReplayResident virusResident virus

5 8


7/7

R e s o u r c eR e u s eR e v e r s e e n g i n e e rR i n g b r a c k e tR i s kR o g u e p r o g r a mR o u t i n gS a l a m i a t t a c kS a t e l l i t eS a t i s f i a b i l i t y p r o b l e mS c h e m aS e c r e c ySecu reS e c u r i t y a u d i tS e g m e n tS e g m e n t a t i o nS e l f - e n f o r c i n g p r o t o c o lS e m a n t i c s u g a rS e n d e rS e n s i t i v eS e n s i t i v e d a t aS e p a r a t i o nS e r v e rS e r v i c e p r o g r a ~

S e s s i o nS e s s i o n k e yS h a d o w p r o g r a m c o p yS h a r e d f i l eS h a r e d rcsource matrixS h e l l t h e f tS h r e d d e rShr ink -wrapped so i~ 'wareS i d e e f f e c tS i m p l e s u b s t i tu t i o nS i n g l e - u s e r s y s t e mS o c k e tS o f t w a r eS o l v a b l e p r o b l e ms p o o fS t r e a m c i p h e rS t u bS u b j e c tS u b s c h e m eS u b s t i t u t i o n sS u p p r e s sS u r g eS y m m e t r i cS y m m e t r i c k e y e x c h a n g e

t a m p e rT a m p e r p r o o f n e ssT a r g e tT e m p o r a lT e r m i n a lT e s tThef~T h r e a tT i m e b o m bT i m e s t a m pT o p o l o g yT r a d e s e c r e tT r a f f i c k e yT r a n s f o r m a t i o n p r o c e d u r eT r a n s i e n t v i r u sT r a n s m i s s i o n m e d i u mT r a n s p o s i t i o nT r a p d o o rT r i g r a mT r i p w i r eT r o j a n h o r s eT r u s t e dU n b y p a s s a b i l i t yU n c o n d i t i o n a l l y s e c u r e

U n d e r s t a n dU n i c i t y d i s t an c eU n i xU s a g e r e s t r i c t i o nU s e rV a l i d a t i o nV e r i f i c a t i o nV e m a m c i p he rV i e wV i g e n e r e t a b l ea uV i r t u a lV i r m a l i z a t i o nV i r u sV i r u s s c a n n e rV i r u s s i g n a t u r eV u l n e r a b i l i t yW i n d o wW i r e t a pW o r k s t a t i o nW o r mW r i t e - d o w n

5 9

Ontology in Information Security 2001 Raskin

Documents

Transcript of Ontology in Information Security 2001 Raskin