How to develop based on UCO?

[machi1271]

Hi guys,

I want to develop my own security ontology based on the UCO, but I'm new to it, and I don't know how to get it done.

Could anyone give me some tips about:

1. how to develop on UCO, via Protege or some other software, and is there any document?
2. how to import UCO model into a graph database, such as Neo4j;

Regards

[plbt5]

Hi @machi1271

Assuming you are knowledgable about ontology, still some hints first:

• [ ] Please make sure that you have got sufficient background knowledge about top-level ontologies (a.k.a. foundational ontologies), what they are and how to use them.
• [ ] Please make sure you know the principles that lay the groundwork for UFO to some extent.
  • [ ] Apart from papers that address them (you can find them by searching for papers authored by Giancarlo Guizzardi), e.g., Ontological Foundations for Conceptual Modeling with Applications,
  • [ ] you might find the PhD thesis from the same author useful, but
  • [ ] don't forget to visit ontouml.readthedocs.io

Only then you can appreciate UFO sufficiently to actually create your ontology based on it. Naturally, you can apply the ontoUML editor as a side tool while educating yourself:

• Start with this video on how to install the ontoUML editor as plugin to Virtual Paradigm.

I hope this helps. If so, please close this issue.

Best Paul (another user of ontoUML as opposed to a contributor to it)

[packet-rat]

Paul,

Just FYSA, it’s Visual Paradigm. I used to use Visual Paradigm UML and BPML quite extensively in a previous life.

Thanks for the ONTOUML tip!

Patrick Maroney Principal - Cybersecurity Chief Security Office AT&T Services, Inc.

From: Paul Brandt @.> Date: Friday, March 24, 2023 at 11:41 AM To: ucoProject/UCO @.> Cc: Subscribed @.***> Subject: Re: [ucoProject/UCO] How to develop based on UCO? (Issue #529)

Hi @machi1271https://urldefense.com/v3/__https:/github.com/machi1271__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crWvoYivE$

Assuming you are knowledgable about ontology, still some hints first:

• Please make sure that you have got sufficient background knowledge about top-level ontologies (a.k.a. foundational ontologies), what they are and how to use them.
• Please make sure you know the principles that lay the groundwork for UFO to some extent.
  • Apart from papers that address them (you can find them by searching for papers authored by Giancarlo Guizzardi), e.g., Ontological Foundations for Conceptual Modeling with Applicationshttps://urldefense.com/v3/__https:/link.springer.com/chapter/10.1007/978-3-642-31095-9_45__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crYgNHMkA$,
  • you might find the PhD thesis from the same authorhttps://urldefense.com/v3/__https:/ris.utwente.nl/ws/portalfiles/portal/6042428/thesis_Guizzardi.pdf__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crvHuvgPo$ useful, but
  • don't forget to visit ontouml.readthedocs.iohttps://urldefense.com/v3/__https:/ontouml.readthedocs.io/__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crySe5-sQ$

Only then you can appreciate UFO sufficiently to actually create your ontology based on it. Naturally, you can apply the ontoUML editor as a side tool while educating yourself:

• Start with this video on how to install the ontoUML editorhttps://urldefense.com/v3/__https:/www.youtube.com/watch?v=8B10cS24_D8__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crRQDdHR8$ as plugin to Virtual Paradigm.

I hope this helps. If so, please close this issue.

Best Paul (another user of ontoUML as opposed to a contributor to it)

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/ucoProject/UCO/issues/529*issuecomment-1483013566__;Iw!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crcfRe86A$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AAYSFYOX72DNUZJ4ZOPUBEDW5W6APANCNFSM6AAAAAAWGGWVHQ__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crYZfL1rs$. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[vulnmaster]

Hi @machi1271,

Can you share the focus of the security ontology that you would like to create? Within the Cyber Domain Ontology project, which includes UCO, we have a number of application ontologies that are released or in the works.

See the CASE Ontology (https://caseontology.org) for our digital forensics focused application ontology that builds upon UCO.

See the Adversary Engagement Ontology (https://adversaryengagementontology.org) for our cyber denial and deception operations ontology that builds upon UCO. This is brand new this month and is about to undergo a public comment period.

These will give you some good examples of how to build upon UCO. We have other application ontologies that are in the works for risk analysis and cyber threat intelligence.

Hope this helps.

Cory Hall MITRE

[ajnelson-nist]

Hello all,

@plbt5 accidentally steered this conversation off-topic. @machi1271 asked for UCO (Unified Cyber Ontology) information, and @plbt5 responded about UFO (Unified Foundational Ontology). These are independent projects, and I'll respond on the UCO side of the question.

For how to develop UCO:

• Issue 449 implemented catalog-v001.xml files compatible with Protégé. These will be available in UCO 1.2.0, coming in the next few days. Documentation on using those files is included in this update to this repository'sCONTRIBUTE.md.
• Other documentation on UCO, and more generally Cyber Domain Ontology (CDO) ontology [sic.] development practices, has been growing in this document.

As you develop your own security ontology concepts, I encourage you to review whether the concepts already have some form of implementation. This can be done with a text search feature, such as in Protégé, GitHub's Search-in-repository function, grep over a local Git clone, search in the built ontology documentation[^1], or other features like what you're exploring with Neo4J. We don't currently have documentation on using UCO with Neo4J. If you're interested in contributing experience notes on that kind of development workflow, it would be welcome discussion.

One way to determine whether there is a need for some concept as you develop ontologies is to try encoding the data you need as RDF Literals (e.g. time stamps, strings housing names) in a small example graph, ponder some kind of predicate that you think should be the property that houses that literal, and then ponder the object and class (rdf:type) of the object that would have that predicate and literal. Comfort with SPARQL will help you understand whether you're approaching a workable design. There are demonstration queries in this folder in CASE-Corpora, or the "Urgent Evidence" narrative on the CASE website that show a few kinds of things you can find with SPARQL.

If you have other questions, please feel free to ask. Otherwise, I'm guessing we've answered your questions in this thread, and if we don't hear from you in a few weeks we'll mark the Issue closed.

[^1]: Though that link is to CASE's built documentation, UCO's is coming soon, as noted here.

[plbt5]

@ajnelson-nist Thanks for identifying and clarifying my off-topic response. I sincerely apologize @machi1271 and others for introducing this confusion.

[ajnelson-nist]

@machi1271 ,

The CASE and UCO documentation sites now provide ontology resources that are compatible with the tool you noted, Protégé. If you load any of the ontology IRIs or owl:versionIRI values, you should see it work as expected. Here is a screenshot of https://ontology.unifiedcyberontology.org/uco/action/1.2.0:

If there is a specific concept or mechanism you'd like to explore further (we still do not have demonstrations with Neo4J), we look forward to seeing them as separate Issues.

--Alex