A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations

G. Elahi, E. Yu, N. Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

43 Citations (Scopus)
2 Downloads (Pure)


Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples. Financial support from Natural Science and Engineering Research Council of Canada and Bell University Labs is gratefully acknowledged.
Original languageEnglish
Title of host publicationConceptual Modeling - ER 2009 (28th International Conference on Conceptual Modeling, Gramado, Brazil, November 9-12, 2009. Proceedings)
EditorsA.H.F. Laender, S. Castano, U. Dayal, F. Casati, J. Palazzo Moreira de Oliveira
Place of PublicationBerlin
ISBN (Print)978-3-642-04839-5
Publication statusPublished - 2009

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


Dive into the research topics of 'A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations'. Together they form a unique fingerprint.

Cite this