Secure ontologies for the Internet of Things: representing risk and security concepts using basic formal ontology

Abstract

The present report was produced as part of the Secure Ontologies for the Internet of Things (SOfIoTS) project,1 which forms part of the UK PETRAS research program.2 The report documents the effort to situate risk and security concepts within the overarching ontological framework of Basic Formal Ontology (BFO). In order to ensure compatibility with BFO, we draw on a number of existing ontologies. These include BFO, 3 the Common Core Ontologies (CCO), 4 and the Common Core Cyber Ontology (C3O). 5 Initial sections of the report document the various classes and relationships asserted in these ontologies. BFO is documented in Section 2; Sections 3– 10 document the CCO; and Section 11 documents the C3O. It should be noted that these ontologies are not documented in full. For reasons of brevity, we have limited the scope of the documentation to ontology elements that are of particular relevance to the SOfIoTS project. The aim of the SOfIoTS project is to advance our understanding of the current state-ofthe-art in respect of security provision in Internet of Things (IoT) ontologies. It also aims to extend the current state-of-the-art by specifying an ontological framework that can be integrated into the UK Digital Twin model. In respect of the latter aim, the present report documents classes and relationships that are intended to represent entities relevant to the domain of IoT security.