An Ontology-Based Context Model for Managing Security Knowledge in Software Development

Software security has been the focus of the security community and practitioners over the past decades. Much security information is widely available in books, open literature or on the internet. We argue that the generated huge mass of information has resulted in a form of information overload to software engineers who usually finish reading it without being able to apply those principles clearly to their own application context. Our research tackles software security issues from a knowledge management perspective. In this paper, we present an ontology approach to model the knowledge of software security in a context-sensitive manner, supporting software engineers and learners to enable the correlation process between security domain knowledge and their working context. We also propose a web-based application for security knowledge sharing and learning where the ontology is adopted as the central knowledge repository.

[1]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[2]  Michael Gruninger,et al.  ONTOLOGY Applications and Design , 2002 .

[3]  Shelley Powers Practical RDF - solving problems with the resource description framework , 2003 .

[4]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[5]  Renata Mendes de Araujo,et al.  Reinforcing Shared Context to Improve Collaboration , 2005, Rev. d'Intelligence Artif..

[6]  Christian Bonnet,et al.  The STAC (security toolbox: attacks & countermeasures) ontology , 2013, WWW '13 Companion.

[7]  Zahid Anwar,et al.  Ontology for attack detection: An intelligent approach to web application security , 2014, Comput. Secur..

[8]  Peyman Akhavan,et al.  Exploring the contextual dimensions of organization from knowledge management perspective , 2008 .

[9]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[10]  S. Kumar,et al.  Ontology for Detection of Web Attacks , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[11]  Dieter Fensel,et al.  Towards the Semantic Web: Ontology-driven Knowledge Management , 2002 .

[12]  Kenneth R. van Wyk,et al.  Secure Coding: Principles and Practices , 2003 .

[13]  Angela M. O'Donnell,et al.  Knowledge Maps as Scaffolds for Cognitive Processing , 2002 .

[14]  Bill Curtis,et al.  A field study of the software design process for large systems , 1988, CACM.

[15]  P. Brézillon Modeling and using context: Past, present and future , 2002 .

[16]  G. Goldkuhl,et al.  CONTEXTUAL KNOWLEDGE ANALYSIS - UNDERSTANDING KNOWLEDGE AND ITS RELATIONS TO ACTION AND COMMUNICATION , 2001 .

[17]  Brad A. Myers,et al.  Debugging reinvented , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[18]  Martin Wirsing,et al.  An Ontology for Secure Web Applications , 2015, Int. J. Softw. Informatics.

[19]  Jing Xie,et al.  Why do programmers make security errors? , 2011, 2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC).

[20]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[21]  Minzhe Guo,et al.  An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security , 2009 .

[22]  P. Brézillon,et al.  Making context explicit in communicating objects , 2002 .

[23]  Jin Song Dong,et al.  Semantic Space: an infrastructure for smart spaces , 2004, IEEE Pervasive Computing.

[24]  Flávia Maria Santoro,et al.  A Conceptual Framework for Analyzing the Use of Context in Groupware , 2003, CRIWG.

[25]  I. Rus,et al.  Guest Editors' Introduction: Process Diversity in Software Development , 2000, IEEE Softw..

[26]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[27]  Deborah L. McGuinness,et al.  Owl web ontology language guide , 2003 .

[28]  Flávia Maria Santoro,et al.  Context Models for Managing Collaborative Software Development Knowledge , 2004 .

[29]  Matt Bishop,et al.  A Clinic for "Secure" Programming , 2010, IEEE Security & Privacy.

[30]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[31]  Csongor Nyulas,et al.  WebProtégé: A collaborative ontology editor and knowledge acquisition tool for the Web , 2013, Semantic Web.

[32]  Veda C. Storey,et al.  An ontological analysis of the relationship construct in conceptual modeling , 1999, TODS.

[33]  S. Kanmani,et al.  Ontology-based representation of reusable security requirements for developing secure web applications , 2013 .

[34]  Dolores Perin,et al.  Facilitating Student Learning Through Contextualization , 2011 .

[35]  Ying Liang,et al.  A Security Ontology with MDA for Software Development , 2013, 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[36]  Scott Henninger,et al.  Case-Based Knowledge Management Tools for Software Development , 1997, Automated Software Engineering.

[37]  Mike Shema Hacking Web Apps: Detecting and Preventing Web Application Security Problems , 2012 .

[38]  M. Lindvall,et al.  Knowledge management in software engineering , 2002, IEEE Software.

[39]  P. Brézillon,et al.  Contextual knowledge sharing and cooperation in intelligent assistant systems , 1999 .

[40]  Nancy R. Mead,et al.  Software Security Engineering: A Guide for Project Managers , 2004 .

[41]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[42]  Victor R. Basili,et al.  Support for comprehensive reuse , 1991, Softw. Eng. J..

[43]  Roland Klemke Context Framework - an Open Approach to Enhance Organisational Memory Systems with Context Modelling Techniques , 2000, PAKM.