As computers are used in nuclear safety systems, security engineering is becoming more and more important in the nuclear industry. Like all highly technical endeavours, the development of nuclear safety systems is a knowledge intensive task. Unfortunately, not only do nuclear scientists and software engineers lack the security knowledge, they are also not familiar with the new security requirements. Besides, few young people are studying nuclear science, nuclear engineering and related fields. Therefore, knowledge management can play a central role in encapsulating, storing and spreading the related discipline and knowledge more efficiently in the nuclear industry. In this paper, we propose a security knowledge framework to gather and store security knowledge from those regulatory-based security activities. We adopt an object-oriented paradigm which is easy for software engineers to understand and to express tacit and explicit knowledge. Its aim is intended to decouple between platform-independent security knowledge and platform-specific security controls. Finally, an example is presented to demonstrate the feasibility of linking between security controls and knowledge ontology in our framework.
