Skip to main content
SpringerLink
Log in

THEMIS: Threat Evaluation Metamodel for Information Systems

  • Conference paper
Intelligence and Security Informatics (ISI 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3073))

Included in the following conference series:

  • 1634 Accesses

Abstract

THEMIS (Threat Evaluation Metamodel for Information Systems) is a description logic-based framework to apply state, federal, and international law to reason about the intent of computer network attacks with respect to collateral consequences. It can be used by law enforcement agencies and prosecutors to build legally credible arguments, and by network designers to keep their defensive and retaliatory measures within lawful limits. THEMIS automates known quantitative measures of characterizing attacks, weighs their potential impact, and places them in appropriate legal compartments. From the perspective of computer networks, we develop representations and a way to reason about the non-network related consequences of complex attacks from their atomic counterparts. From the perspective of law, we propose the development of interoperable ontologies and rules that represent concepts and restrictions of heterogeneous legal domains. The two perspectives are woven together in THEMIS using description logic to reason about and guide defensive, offensive, and prosecutorial actions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Automated incident reporting (airCERT). Technical report, Carnegie Mellon Software Engineering Institute, Cert Coordination Center

    Google Scholar 

  2. The rule markup initiative (2004), http://www.ruleml.org/

  3. The Semantic Web (2004), http://www.w3.org/2001/sw/

  4. Joint US/EU ad hoc Agent Markup Language Committee. SWRL: A semantic web rule language combining OWL and RuleML (2003), http://www.daml.org/2003/11/swrl/

  5. Ammann, P., Wijesekera, D., Kaushak, S.: Scalable, graph based network vulnerability analysis. In: Proc. of the 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)

    Google Scholar 

  6. Ashley, K.D.: Modeling Legal Argument: Reasoning with Cases and Hypotheticals. Bradford Books/MIT Press, Cambridge, MA (1990)

    Google Scholar 

  7. Berners-Lee, T., Hendler, J., Lassila, O.: The Semantic Web. Scientific American (2001)

    Google Scholar 

  8. Branting, K.: Reasoning with portions of precedents. In: Proc. 3rd Intl. Conf. on Artificial Intelligence and Law, pp. 145–154. ACM Press, New York (1991)

    Google Scholar 

  9. Chen, H., Finin, T., Joshi, A.: Using OWL in a pervasive computing broker. In: Workshop on Ontologies in Open Agent Systems, AAMAS, citeseer.nj.nec.com/583175.html

  10. Grosof, B.N.: Representing e-business rules for the semantic web: Situated courteous logic programs in RuleML. In: Proc. Workshop on Information Technologies and Systems, WITS 2001 (2001)

    Google Scholar 

  11. Auguston, M., Rowe, N., Michael, J.B., Riehle, R.D.: Software decoys: Intrusion detection and countermeasures. In: Proc. Workshop on Information Assurance, pp. 130–139. IEEE, Los Alamitos (2002)

    Google Scholar 

  12. Michael, J.B.: On the response policy of software decoys: Conducting softwarebased deception in the cyber battlespace. In: Proc. of the 26th Annual International Computer Software and Applications Conference, pp. 957–962. IEEE, Los Alamitos (2002)

    Chapter  Google Scholar 

  13. Michael, J.B., Fragkos, G., Auguston, M.: An experiment in software decoy design: Intrusion detection and countermeasures via system call instrumentation. In: di Vimercati, S.D.C., Samarati, P., Gritzalis, D., Katsikas, S. (eds.) Security and Privacy in the Age of Uncertainty, pp. 253–264. Kluwer Academic Publishers, Norwell (2003)

    Google Scholar 

  14. Michael, J.B., Fragkos, G., Wijesekera, D.: Measured responses to cyber attacks using schmitt analysis: A case study of attack scenarios for a software-intensive system. In: Proc. Twenty-seventh Annual Int. Computer Software and Applications Conf., pp. 621–627. IEEE, Los Alamitos (2003)

    Google Scholar 

  15. Michael, J.B., Wingfield, T.C.: Lawful cyber decoy policy. In: di Vimercati, S.D.C., Samarati, P., Gritzalis, D., Katsikas, S. (eds.) Security and Privacy in the Age of Uncertainty, pp. 483–488. Kluwer Academic Publishers, Norwell (2003)

    Google Scholar 

  16. The Honeynet Project. Know your Enemy - Revealing the Security Tools Tactic, and Motives of the Blackhat Community. Addison-Wesley (2002)

    Google Scholar 

  17. Rissland, E.L., Ashley, K.D.: A case-based system for trade secrets law. In: Proc. 1st Intl. Conf. on Artificial Intelligence and Law, pp. 61–67. ACM Press, New York (1987)

    Google Scholar 

  18. Schmitt, M.N.: Computer network attack and the use of force in international law: Thoughts on a normative framework. Information Series, vol. 1. Research Publication (1999)

    Google Scholar 

  19. Skalak, D.B., Rissland, E.L.: Argument moves in a rule-guided domain. In: Proc. 3rd Intl. Conf. on Artificial Intelligence and Law, pp. 1–11. ACM Press, New York (1991)

    Google Scholar 

  20. Undercoffer, J.L., Joshi, A., Finin, T., Pinkston, J.: A target-centric ontology for intrusion detection: Using DAML+OIL to classify intrusive behaviors. Knowledge Engineering Review – Special Issue on Ontologies for Distributed Systems (2004)

    Google Scholar 

  21. Visser, P., Bench-Capon, T.: The formal specification of a legal ontology. In: Legal Knowledge Based Systems; foundations of legal knowledge systems. Proceedings JURIX 1996. R.W. (1996), citeseer.ist.psu.edu/visser96formal.html

  22. Visser, P., Bench-Capon, T.: A comparison of two legal ontologies. In: Working papers of the First International Workshop on Legal Ontologies, University of Melbourne, Melbourne (1997), citeseer.ist.psu.edu/visser97comparison.htm

    Google Scholar 

  23. Wingfield, T.: The Law of Information Conflict: National Security Law in Cyberspace. Aegis Research Corp. (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science and Engineering, USC, Columbia, S.C., 29208

    Csilla Farkas

  2. The Potomac Institute for Policy Studies, Arlington, Va., 22203

    Thomas C. Wingfield

  3. Dept. of Computer Science, Naval Postgraduate School, Monterey, Calif., 93943

    James B. Michael

  4. Dept. of Information and Software Engineering, GMU, Fairfax, Va., 22030

    Duminda Wijesekera

Authors
  1. Csilla Farkas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas C. Wingfield
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James B. Michael
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Duminda Wijesekera
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Management Information Systems, Eller College of Management,, The University of Arizona, AZ 85721, USA

    Hsinchun Chen

  2. San Diego Supercomputer Center, 9500 Gilman Drive, CA 92093-0505, La Jolla, USA

    Reagan Moore

  3. MIS Department, University of Arizona, AZ 85721, Tucson, USA

    Daniel D. Zeng

  4. Tucson Police Department, 270 S. Stone Avenue, AZ 85701, Tucson, USA

    John Leavitt

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Farkas, C., Wingfield, T.C., Michael, J.B., Wijesekera, D. (2004). THEMIS: Threat Evaluation Metamodel for Information Systems. In: Chen, H., Moore, R., Zeng, D.D., Leavitt, J. (eds) Intelligence and Security Informatics. ISI 2004. Lecture Notes in Computer Science, vol 3073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25952-7_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25952-7_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22125-8

  • Online ISBN: 978-3-540-25952-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation