O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.1080/19393555.2011.652290

2012-01-01

Abstract:ABSTRACT Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requirements. There is limited consensus to the precise meaning of the basic terminology used for use/misuse case concepts. This paper delves into the use of ontology for the formal representation of the use-misuse case domain knowledge for eliciting safety and security requirements. We classify misuse cases into different category to reflect different type of misusers. This will allow participants during the requirement engineering stage to have a common understanding of the problem domain. We enhanced the misuse case domain to include abusive misuse case and vulnerable use case in order to boost the elicitation of safety requirements. The proposed ontological approach will allow developer to share and reuse the knowledge represented in the ontology thereby avoiding ambiguity and inconsistency in capturing safety and security requirements. OWL protégé 3.3.1 editor was used for the ontology coding. An illustration of the use of the ontology is given with examples from the health care information system.

Wu Di,Jian Lin,Yabo Dong,Miaoliang Zhu

DOI: https://doi.org/10.1109/PDCAT.2005.247

2005-01-01

Abstract:Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. There are lots of research have been achieved to specify constraints for secure system developers. However more work is need urgently to met requirements for interoperability of machine and people understandable constraints specification in open and distributed environment. In this paper we propose another approach to specify constraints using Semantic Web technologies. The Web Ontology Language (OWL) specification of basic RBAC components and constraints are described in detail.

Oluwasefunmi 'Tale Arogundade,Zhi Jin,Xiaoguang Yang

DOI: https://doi.org/10.1504/ijics.2014.065168

2014-01-01

International Journal of Information and Computer Security

Abstract:Security requirements managers aim at eliciting, reusing and keeping their sets of requirements. They desire well defined, consistent and up to date requirements throughout the system lifecycle. This paper presents security ontology (SO) which can be used as a basis for eliciting risk-based security requirements. The ontology is based on the security relationship model described in the national institute of standards and technology special publication 800-12 but use-misuse case concepts and some extensions were used. We extended use case with some elements (action and object) to facilitate information system (IS) security policy instantiation after the system has been deployed. We incorporated risk and privilege concepts in order to represent risk knowledge in an unambiguous way and to enable ontology control security issues respectively. This ontology enriches the modelling and management of risk-based safeguard requirements within the requirements engineering discipline by organising the security knowledge to form heavy weight ontology which include concepts, concept taxonomies, relationships, properties, axioms and constraints. This ontology provides capabilities such as IS security management, traceability and reuse. OWL protégé 3.3.1 editor was used for the ontology coding. The results of its adoption in capturing safeguard requirements of healthcare IS were also discussed.

Hu Xuan,Wang Yichen,Liu Bin,Lu Minyan

2009-01-01

Abstract:Nowadays, there are many researches on the ontology-based software requirements elicitation approach. However, there are still some disadvantages. One of the disadvantages is lacking of researches on military aircraft systems (MAS) ontology. Another is lacking of ontology-based software safety requirements elicitation approaches. This paper adopts ontology to construct the safety requirements knowledge multi-ontology framework (SRKMOF) of MAS. Moreover it introduces the software safety requirements error pattern (SSREP) which can be merged into the foregoing framework to enrich ontology knowledge. Furthermore the multi-ontology based safety requirements elicitation approach can be obtained. The SSREP can be weaved into the task ontology (TO) by aspect-oriented method (AOM). Finally, a case study is presented to validate the effectiveness of the proposed safety requirements elicitation approach. The results show that the number of safety requirements errors in safety requirements document obtained by the proposed approach is less than the comparative approach. It shows that the proposed approach is effective.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.4018/jisp.2011100102

2011-01-01

International Journal of Information Security and Privacy

Abstract:This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

HU Heng-jie,GU Xin-jian,LV Yan,LIU Zheng,XU He-hang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.12.030

2009-01-01

Abstract:It's hard to search the needed knowledge in the Internet, because the same knowledge usually have different descriptions and name when knowledge management system takes mass knowledge in the Internet as source. Knowledge was described with ontology and different descriptions of the same knowl-edge were connected by using the similar ontology to resolve the problem. A prototype of web knowledge management system based on ontology (O-WKMS) was developed in order to reduce the difficult of ontol-ogy establishment and decrease the ontology maintenance costs. The system structure model and process model were presented. The technology {or ontology establishment of collaborative based on self-organiza-tion principle was described in detail, and ontology-based semantic search was realized with Lucene engine. Primary application shows that the enterprise's knowledge base can be further ordered and the efficiency for web knowledge discovery, management and retrieval can be improved with the knowledge ontology establishment of collaborative and self-organization mode.

Junwu Zhu,Bin Li,Fei Wang,Sicheng Wang

DOI: https://doi.org/10.4156/jdcta.vol4.issue5.5

2010-01-01

Abstract:With the rapid development of mobile phone, the users have been increasing sharply, and the knowledge about mobile phone involves more widely subjects and its quantity is greater and larger. As a consequence, the discriminations of recognition are more obviously among the agents related to mobile phone. The organization mode of the unstructured and non-formal mobile knowledge is seriously hampering the knowledge sharing and human-computer interaction. How to make these knowledge be shared and reused is still a difficult problem what the knowledge engineers and semantic web have been facing, therefore, this paper presents the construction of the MO (Mobile Ontology) which lays a solid foundation of sharable and reusable knowledge. Firstly, the mobile ontology base is created by the Protege4.1, which make the descriptions of the concept, attribute, and instance of the mobile knowledge formally, so as to the mobile knowledge can be machine-readable and reasoning-automated. Finally, this paper shows the knowledge retrieval of mobile ontology base based on SPARQL, which is helpful for the designers, repairers and users of mobile to get the knowledge from ontology base. The experiment indicates that the proposed method improve the efficiency and reliability of the knowledge retrieval, and provide the necessary vocabulary for the semantic web of the mobile domain.

HJ Chen,ZH Wu

DOI: https://doi.org/10.1109/tai.2003.1250191

2003-01-01

Abstract:Human experience is a special kind of knowledge, which captures previously experienced, similar problem situations (case) for human problem solving. This paper describes a case-based approach for knowledge sharing and management with regard to the semantic web settings. We define a RDF-based Case Markup Language (CaseML) for experience knowledge representation and develop a generic architecture for the case based reasoning in the open, distributed environment with the emphasis on the integration of case knowledge with web ontologies. An application scenario from traditional Chinese medicine field is introduced to evaluate our methodology. With our application experience, we claim that, in contrast with logic-based knowledge representation formalisms, case is a more suitable for knowledge sharing in the semantic Web, because case based reasoning is similarity-based and there is weak demand on semantic consistent in such reasoning processes.

Bin Wen,Ziqiang Luo,Peng Liang

DOI: https://doi.org/10.1109/wisa.2012.14

2012-01-01

Abstract:Requirements is the formal expression of user's needs. Also, requirements elicitation is the process of activity focusing on requirements collection. Traditional acquisition methods, such as interview, observation and prototype, are unsuited for the service-oriented software development featuring in the distributed stakeholders, collective intelligence and behavioral emergence. In this paper, a collaborative requirements elicitation approach based on social intelligence for networked software is put forward, and requirements-semantics concept is defined as the formal requirements description generated by collective participation. Furthermore, semantic wikis technology is chosen as requirements authoring platform to adapt the distributed and collaborative features. Faced to the wide-area distributed Internet, it combines with the Web 2.0 and the semantic web to revise the experts requirements-semantics model through the social classification. At the same time, instantiation of requirements model is finished with semantic tagging and validation. Apart from the traditional documentary specification, requirements-semantics artifacts will be exported from the elicitation process to the subsequent software production process, i.e. services aggregation and services resource customization. Experiment and prototype have proved the feasibility and effectiveness of the proposed approach.

Bingyang Wei,Jing Sun,Yi Wang

DOI: https://doi.org/10.18293/seke2018-114

2018-01-01

Abstract:Multiple-viewed requirements modeling allows requirement engineers to acquire the requirements of a system from different perspectives. Requirements are then specified in various UML models. Maintaining the requirements knowledge encoded in UML notations is tedious and error-prone, since most UML CASE tools provide poor support for reasoning and query. Ontology is a formal notation for describing concepts and their relations in a domain. Since requirement is a kind of knowledge, we propose to use knowledge engineering approach for managing the consistency and completeness of UML models. In this paper, an ontology for UML diagrams is coded in a semantic web language, OWL (Web Ontology Language). The transformation of UML Class Diagram, Sequence Diagram and State Diagram to OWL knowledge base is presented. In the end, a semantic query language, SPARQL, is used to query the knowledge base. We demonstrate the feasibility of this approach through an example software system.

Ying Lu,Qiming Li,Zhipeng Zhou,Yongliang Deng

DOI: https://doi.org/10.1016/j.ssci.2015.05.008

IF: 6.392

2015-01-01

Safety Science

Abstract:Safety management is the most important part of the construction management on building engineering which has dynamic work environment and complicated construction procedure. Safety checking which identifies hazards before they occur is a core process of safety management on construction sites. However, the traditional construction safety checking which is operated by the experienced manager is manual and time-consuming. In order to integrate new technology into the construction safety checking system, a meta model for construction safety checking i.e. CSCOntology (Construction Safety Checking Ontology) has been developed in this paper. This model is formalized using an ontology language, OWL for encoding knowledge over the Web. Safety checking constraints which can extract from construction safety regulation provisions are represented with a rule language, SWRL. Then the construction safety checking processes are implemented in the JESS, a rule engine for the Java platform by transforming OWL knowledge into JESS facts, and SWRL constraints into JESS rules. A real-world example has been demonstrated in Protege 3.4 beta to show the proposed safety checking process, according to the regulation examples taken from "29 CFR 1926 OSHA Construction Industry Regulations". (C) 2015 Elsevier Ltd. All rights reserved.

Chenghong Zhang,Songran Liu,Zhengchuan Xu,Zhuojun Gu,Xiaoling Wang

DOI: https://doi.org/10.1109/snpd.2008.95

2008-01-01

Abstract:Inter-organizational knowledge sharing is a crucial way for organizations to acquire knowledge in collaborative commerce (C-Commerce). However, the knowledge sharing cross organization is more complex than that inside organizations. In this work, we propose a knowledge representation mechanism by extending OWL and knowledge query language. Besides, we classify the knowledge into fact, rule and case. We use RDF/OWL for knowledge representation, and design a query language based on Sparql. A knowledge sharing system is implemented based on our proposed semantic technologies.

Bingyang Wei,Jing Sun

DOI: https://doi.org/10.1142/s0218194021500170

IF: 1.007

2021-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Context and motivation: Multiple-viewed requirements modeling method describes the system to-be from different perspectives. Some requirements models are then specified in various UML diagrams. Question/problem: Managing those models can be tedious and error-prone, since a lot of CASE tools provide poor support for reasoning and consistency checking. Principal ideas/results: Ontology is a formal notation for describing concepts and their relations in a domain. Since software requirements are a kind of knowledge, we propose to adopt a knowledge engineering approach for managing the consistency of requirements models. In this paper, an ontology for three most commonly used UML diagrams is developed in Web Ontology Language (OWL). The transformation of UML class, sequence and state diagrams to OWL knowledge base is presented. Owing to the underlying logical reasoning capability of OWL, a semantic query language, SPARQL (SPARQL Protocol and RDF Query Language), is used to query the knowledge base for consistency checking. Contribution: This paper introduces a semantic web-based knowledge engineering approach to represent and manage software requirements knowledge in OWL. By experimenting with a concrete software system, we demonstrate the feasibility and applicability of this knowledge approach.

Markus Voggenreiter,Ulrich Schöpp

DOI: https://doi.org/10.1145/3510457.3513065

2022-04-19

Abstract:Integrating security activities into the software development lifecycle to detect security flaws is essential for any project. These activities produce reports that must be managed and looped back to project stakeholders like developers to enable security improvements. This so-called Feedback Loop is a crucial part of any project and is required by various industrial security standards and models. However, the operation of this loop presents a variety of challenges. These challenges range from ensuring that feedback data is of sufficient quality over providing different stakeholders with the information they need to the enormous effort to manage the reports. In this paper, we propose a novel approach for treating findings from security activity reports as belief in a Knowledge Base (KB). By utilizing continuous logical inferences, we derive information necessary for practitioners and address existing challenges in the industry. This approach is currently evaluated in industrial DevOps projects, using data from continuous security testing.

Software Engineering

HJ Chen,ZH Wu

DOI: https://doi.org/10.1109/icsmc.2003.1245752

2003-01-01

Abstract:Semantic web provides us with a new paradigm of web based knowledge sharing and management. In this paper, an Open Knowledge Service Architecture (OKSA) is described, which emphasizes how to organize, discover, utilize, and manage web knowledge resources. Three kinds of Knowledge Service(KS) are identified, they are: OntoKS for retrieving, browsing and managing web ontologies, RuleKS for facilitating the building of rule-based expert system and CaseKS for case-based experience knowledge management. These KSes provides value-added web services from distributed web knowledge resources. We use an application scenario from the Traditional Chinese Medicine area to clarify the design rationale of the KS model.

Sujan Perera,Cory Henson,Krishnaprasad Thirunarayan,Amit Sheth,Suhas Nair

DOI: https://doi.org/10.1109/JBHI.2013.2282125

Abstract:Semantic computing technologies have matured to be applicable to many critical domains such as national security, life sciences, and health care. However, the key to their success is the availability of a rich domain knowledge base. The creation and refinement of domain knowledge bases pose difficult challenges. The existing knowledge bases in the health care domain are rich in taxonomic relationships, but they lack nontaxonomic (domain) relationships. In this paper, we describe a semiautomatic technique for enriching existing domain knowledge bases with causal relationships gleaned from Electronic Medical Records (EMR) data. We determine missing causal relationships between domain concepts by validating domain knowledge against EMR data sources and leveraging semantic-based techniques to derive plausible relationships that can rectify knowledge gaps. Our evaluation demonstrates that semantic techniques can be employed to improve the efficiency of knowledge acquisition.

Jian Xiang,Lin Liu,Wei Qiao,Jingwei Yang

DOI: https://doi.org/10.1109/compsac.2007.200

2007-01-01

Abstract:The service-oriented computing paradigm aims to support automated discovery and selection of web services according to user's requirements. At present, user's requirements are often represented in certain existing standard interoperable service description languages such as WSDL/OWL-S. However, general service requestors may find such languages hard to use directly due to the reason that service requirements are often partially elicited and fragmented. In this paper, we propose an automated service requirements elicitation mechanism (SREM) to help extract and accumulate relevant knowledge on service requirements. First, the SREM elicitation approach proposes to use a list of questions to narrow generic service requirements down to specific expressions of user preferences. Then, a service requirements and capability ontology is adopted to capture services requirements in breadth and precision. By integrating service requirements issued by different requestors, SREM provides non-trivial requirements guidelines and heuristic rules on service publication and discovery, also provided is a service requirements analysis mechanism that improves the accuracy of service discovery and efficiency of service composition continuously.

WEI Yuan-Yuan,QIAN Ping,WANG Ru-Jing,WANG Xue

DOI: https://doi.org/10.3969/j.issn.1003-3254.2012.10.052

2012-01-01

Abstract:With the development of the Semantic Web,the interoperability and sharing of expert system were put for-ward more advanced requests.The researches for new knowledge representation and knowledge base systems are im-portant trend.As a formal,explicit specification of a shared conceptualization,ontologies provide frames for inte-roperability between different systems and can solve the sharing and interoperability problem effectively.There were a variety of doubts in some beginners' mind with the concepts of knowledge base,ontology and expert system.Based on the author's understanding and practice,the systematic comparative analysis between knowledge base,ontology and expert system in the domain of knowledge engineering were proposed in this paper,in order to make these terms less confused and more clearly comprehensible.

Shuqin Zhang,Guangyao Bai,Hong Li,Peipei Liu,Minzhi Zhang,Shujun Li

DOI: https://doi.org/10.3390/s21227579

2021-11-15

Abstract:Nowadays, there are different kinds of public knowledge bases for cyber security vulnerability and threat intelligence which can be used for IoT security threat analysis. However, the heterogeneity of these knowledge bases and the complexity of the IoT environments make network security situation awareness and threat assessment difficult. In this paper, we integrate vulnerabilities, weaknesses, affected platforms, tactics, attack techniques, and attack patterns into a coherent set of links. In addition, we propose an IoT security ontology model, namely, the IoT Security Threat Ontology (IoTSTO), to describe the elements of IoT security threats and design inference rules for threat analysis. This IoTSTO expands the current knowledge domain of cyber security ontology modeling. In the IoTSTO model, the proposed multi-source knowledge reasoning method can perform the following tasks: assess the threats of the IoT environment, automatically infer mitigations, and separate IoT nodes that are subject to specific threats. The method above provides support to security managers in their deployment of security solutions. This paper completes the association of current public knowledge bases for IoT security and solves the semantic heterogeneity of multi-source knowledge. In this paper, we reveal the scope of public knowledge bases and their interrelationships through the multi-source knowledge reasoning method for IoT security. In conclusion, the paper provides a unified, extensible, and reusable method for IoT security analysis and decision making.

Ye Yanbing,Fei Qi,Ding Lieyun

DOI: https://doi.org/10.3963/j.issn.1007-144X.2006.03.023

2006-01-01

Abstract:The central role of case base in knowledge-intensive CBR knowledge base is analyzed.Oriented to the project definition problem solving,a Semantic Web based case base development strategy is proposed.The design rationale of project definition ontology is discussed.The ontology annotation based case represent method is illustrated through a simple instance.Furthermore,the advantage of Semantic Web based case base organization is introduced,which will establish an outstanding knowledge foundation for the CBR-based project definition problem solving system.