SOfIoTS: Ontological Framework, Demonstration Outcomes, and Recommendations for Further Work (D3/D4)

Abstract

The Secure Ontologies for the Internet of Things (SOfIoTS) project seeks to advance our understanding of the current state-of-the-art in respect of IoT security ontologies. It also aims to extend the current state-of-the-art by specifying an expansible IoT ontological framework that can be integrated with the UK Digital Twin model. The present report summarizes the progress made in respect of these objectives. In particular, we describe how a common upper-level ontology, called Basic Formal Ontology (BFO), can be used to model security concepts, IoT devices, digital twins, IoT data flows, and human factors. While BFO is not the only upper-level ontology that could be used for IoT security modelling, there are a number of reasons that make it a compelling choice for the SOfIoTS project. Aside from the fact that BFO is one of the most widely used upper-level ontologies, it also serves as the basis for the Industrial Ontologies Foundry (IOF). BFO also serves as the basis for a prominent cyber ontology initiative that subsumes work by The MITRE Corporation. Finally, there have been a number of attempts to apply BFO to Building Information Modeling (BIM), and BFO was one of the upper-level ontologies surveyed as the part of the effort to develop an Information Management Framework (IMF) for the UK National Digital Twin (NDT) initiative. Prior work has identified a number of recurring concepts across security ontologies. These include the concepts of threat, risk, vulnerability, asset, security mechanism, and so on. In the present report, we discuss how each of these concepts can be accommodated within a BFO-conformant ontology. As far as we are aware, this is the first attempt to provide an ontological characterization of securityrelated concepts from a BFO perspective. In addition to security concepts, we also discuss how IoT devices, digital twins, and IoT information flows can be represented in BFO. Again, as far as we are aware, this represents the first attempt to apply BFO to the realm of IoT devices and Cyber-Physical Systems. Finally, we explore how BFO could be applied to the modelling of human factors, focusing specifically on the notion of capabilities. We also outline an ontological approach to the representation of trustrelated concepts, drawing on research that is spread across a number of disciplines, including sociology and analytic philosophy. The present report makes a number of substantive contributions to the field of security modelling and IoT ontologies. These contributions include the following: • A mapping of the W3C Semantic Sensor Network (SSN) ontology to a mid-level extension of BFO. • An ontological approach to the modelling of IoT data flows. • A novel account of value that is inspired by recent work in cognitive neuroscience and generative AI. • A BFO-conformant approach to the representation of trust and trustworthiness • A BFO-conformant approach to the representation of digital twins. • An innovative proposal regarding the use of biophysical principles to inform the design of future Cyber-Physical Systems.