Just by chance, I stumbled over a set of computer security ontologies that the US Navy Center for High Assurance Computing Systems has apparently been working on as a part of a SOA security project 4SEA. From that page:
The NRL Security Ontology was designed with the following objectives in mind:
- Describe security related information applicable to all types of resources
- Provide the ability to annotate security related information in various levels of detail for various environments (both commercial and military)
- Create ontologies that are easy to extend and provide reusability
- Facilitate mapping of higher-level (mission-level) security requirements to lower-level (resource-level) capabilities
It's a bit difficult to tell where they are going with this, but with the emphasis on web services, UDDI and MDA, it looks similar to Data Centric Security.