STONEWORK

Semantic Threat Ontology and Research Framework

v0.4.0  ·  OWL 2  ·  MIT

Description

STONEWORK is an OWL 2 ontology and research framework for modeling cyber threat intelligence concepts, objects, relationships, workflows, and knowledge. It is the primary ontology in the CyberTerrain ecosystem — the ground-truth model that all other CyberTerrain work is built on.

STONEWORK defines classes for security controls, weaknesses, products, tactics, techniques, procedures, threat scenarios, risk, likelihood, and impact, and establishes a semantic interoperability layer that aligns with established CTI framework ontologies — including STIX (via STONES), ATT&CK, CAPEC, CWE, CVE, and CPE — treating each as an authoritative reference vocabulary rather than a base to extend.

Documentation

Full ontology documentation including class hierarchy, object properties, and datatype properties is available as a browsable specification.

Ontology Metadata

IRI https://cyberterrain.org/ns/stonework#
Version IRI https://cyberterrain.org/ns/stonework/0.4.0
Version 0.4.0
Creator Hohimer Intelligence Strategies LLC
License MIT License
Aligns with STONES (STIX), ATT&CK, CAPEC, CWE, CVE, CPE

Downloads

Core Ontology
stonework.ttl

Usage

Reference the ontology in your Turtle files:

@prefix stonework: <https://cyberterrain.org/ns/stonework#> .

Or import it in OWL:

owl:imports <https://cyberterrain.org/ns/stonework#> .

Related Framework Ontologies

STONEWORK does not import these ontologies — it aligns with them as independently maintained reference vocabularies, in the same way CVE, CWE, and CAPEC function as framework ontologies in their own right.

STONES https://cyberterrain.org/ns/stones#