Skip to content

par-tec/security-ontologies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
dsomm
dsomm
 
 
external
external
 
 
ld-vowl
ld-vowl
 
 
sparql
sparql
 
 
tests
tests
 
 
vocabularies
vocabularies
 
 
.bandit
.bandit
 
 
.bandit.yaml
.bandit.yaml
 
 
.gitignore
.gitignore
 
 
.isort.cfg
.isort.cfg
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.yamllint
.yamllint
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Threat taxonomy v 2016.xlsx
Threat taxonomy v 2016.xlsx
 
 
Untitled.ipynb
Untitled.ipynb
 
 
Untitled1.ipynb
Untitled1.ipynb
 
 
d4f-notebook.py.ipynb
d4f-notebook.py.ipynb
 
 
docker-compose.yml
docker-compose.yml
 
 
enisa_xls.py
enisa_xls.py
 
 
iso27001.ipynb
iso27001.ipynb
 
 
iso27001.py
iso27001.py
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
samm-notebook.py.ipynb
samm-notebook.py.ipynb
 
 
samm.py
samm.py
 
 
threat_examples.py.ipynb
threat_examples.py.ipynb
 
 
tox.ini
tox.ini
 
 
utils.py
utils.py
 
 

Repository files navigation

Security Ontologies

This repo hosts an experiment on security ontologies.

Here I collect information from different sources and try to describe them in RDF.

Original data sources are referenced in the ontology description, eg. for SAMM, see the SAMM GitHub repository and the associate license.

pre-commit

Pre-commit checks your files before committing. It can lint, format or do other checks on them.

Once you install it via

    pip3 install pre-commit --user

You can run it directly via

    pre-commit run --all-files

Or install it as a pre-commit hook

    pre-commit install

.github/workflows

Querying

List threats, categories and details.

prefix pt: <https://par-tec.it/onto/enisa/>

select distinct * where {
?t a pt:Threat;
  rdfs:label ?l ;
  rdfs:subClassOf ?th .

?th rdfs:label ?thl .

?td rdfs:subClassOf ?t ;
    rdfs:label ?tdl .

} LIMIT 1000

List SAMM types and details.

prefix dct: <http://purl.org/dc/terms/>
prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>

select distinct * where {

_:b a <https://owaspsamm.org/model/BusinessFunction>;
        rdfs:label ?name ;
        dct:description ?description
.

}

List Practices and related Functions

PREFIX dct:	<http://purl.org/dc/terms/>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX samm: <https://owaspsamm.org/model/>

SELECT DISTINCT ?function, ?practice, ?practice_description
WHERE {

_:b1 a samm:Practice;
 rdfs:label ?practice ;
 dct:description ?practice_description ;
 samm:hasFunction [
        rdfs:label ?function
]

} ORDER BY (?function) LIMIT 1000

Practices containing the word metric

PREFIX dct: <http://purl.org/dc/terms/>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX samm: <https://owaspsamm.org/model/>

SELECT *
WHERE {

?s a samm:Practice ;
  rdfs:label ?practice ;
  rdfs:comment ?comment
 . ?comment  bif:contains " 'metric*' "
}

Identify transitive relationship between Streams and Functions

PREFIX dct: http://purl.org/dc/terms/ PREFIX rdfs: http://www.w3.org/2000/01/rdf-schema# PREFIX samm: https://owaspsamm.org/model/

SELECT DISTINCT ?stype, ?ftype where {

?s a samm:BusinessFunction; a ?stype . ?f (<>|!<>)* ?s; a ?ftype . FILTER(STRSTARTS(STR(?ftype), "https://owaspsamm.org")) }

About

Sparql endpoint

par-tec.github.io/security-ontologies/sparql/

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

3 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages