THEMIS: Threat evaluation metamodel for information systems

Abstract

THEMIS (Threat Evaluation Metamodel for Information Systems) is a description logic-based framework to apply state, federal, and international law to reason about the intent of computer network attacks with respect to collateral consequences. It can be used by law enforcement agencies and prosecutors to build legally credible arguments, and by network designers to keep their defensive and retaliatory measures within lawful limits. THEMIS automates known quantitative measures of characterizing attacks, weighs their potential impact, and places them in appropriate legal compartments. From the perspective of computer networks, we develop representations and a way to reason about the non-network related consequences of complex attacks from their atomic counterparts. From the perspective of law, we propose the development of interoperable ontologies and rules that represent concepts and restrictions of heterogeneous legal domains. The two perspectives are woven together in THEMIS using description logic to reason about and guide defensive, offensive, and prosecutorial actions. © Springer-Verlag Berlin Heidelberg 2004.