Ontology-based context-sensitive software security knowledge management modeling

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology

How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data).

Sharing data between organizations is challenging because it is difficult to ensure that those consuming the data accurately interpret it. The promise of the next generation WWW, the semantic Web, is that semantics about shared data will be represented in ontologies and available for automatic and accurate machine processing of data. Thus, there is inter-organizational business value in developing applications that have ontology-based enterprise models at their core. In an ontology-based enterprise model, business rules and definitions are represented as formal axioms, which are applied to enterprise facts to automatically infer facts not explicitly represented. If the proposition to be inferred is a requirement from, say, ISO 9000 or Sarbanes-Oxley, inference constitutes a model-based proof of compliance. In this paper, we detail the development and application of the TOVE ISO 9000 Micro-Theory, a model of ISO 9000 developed using ontologies for quality management (measurement, traceability, and quality management system ontologies). In so doing, we demonstrate that when enterprise models are developed using ontologies, they can be leveraged to support business analytics problems - in particular, compliance evaluation - and are sharable

The P3 platform: an approach and software system for developing diagrammatic model-based methods in design research

Many issues in design and design management have been explored by building models which capture the relationships between different aspects of the problem at hand. These models require computer support to construct and analyse. However, appropriate modelling tools can be time-consuming to develop in a research environment. Reflecting upon five design research projects, this paper proposes that such projects can be facilitated by recognising the iterative and tightly-coupled nature of research and tool development, and by attempting to minimise the effort of solution prototyping within this process. Our approach is enabled by a software platform which can be rapidly configured to implement many conceivable modelling approaches. This configurability is complemented by an emerging library of modelling and analysis approaches tailored to explore design process systems. The platform-based approach enables any mix of modelling concepts to be easily created. We propose it could thus help researchers to explore a wide range of questions without being constrained to existing conventions for modelling – or for model integration

Use of ontology in identifying missing artefact links

The techniques of requirement traceability have evolved over recent years. However, as much as they have contributed to the software engineering field, significant ambiguity remains in many software engineering processes. This paper reports on an investigation of requirement traceability artefacts, stakeholders, and SDLC development models. Data were collected to gather evidence of artefacts and their properties from previous studies. The aim was to find the missing link between artefacts and their relationship to one another, the stakeholders, and SDLC models. This paper undertakes the first phase of the main research project, which aims to develop a framework for guiding software developers to actively manage traceability. After inquiring into and examining previous research on this topic, the links between artefacts and their functions were identified. The analysis resulted in the development of a new model for requirement traceability, defined in the form of an ontology portraying the contributively relations between software artefacts using common properties with the aid of Protégé Software. This study thus provides an important insight into the future of the requirement artefacts relation, and thereby lays an important foundation towards increasing our understanding of their potential and limitations

SysML for embedded automotive Systems: a practical approach

International audienceWhile SysML (System Modeling Language) is a leading topic for System Engineering (SE) in all domains, there is no pragmatic implementation of SE for automotive embedded systems and products. In this paper, a proposal is developed to meet the needs of Valeo product lines

Semantic interoperability for an integrated product development process: a systematic literature review

International audienceGlobal competitiveness challenges manufacturing industry to rationalise different ways of bringing to the market new products in a short lead-time with competitive prices while ensuring higher quality levels and customisation. Industries need to effectively share heterogeneous information during Product Development Process (PDP) within and across their institutional boundaries to be competitive. However, problems with misinterpretation and mistakes have been identified during information exchange due to the semantic interoperability obstacles. Thus, this research proposes a systematic literature review to identify the main researches and the milestones reference works on semantic interoperability field. A rigorous methodology was conducted in different databases, covering the articles published in scientific journals from 2005 to 2015 as a preliminary study had indicated that the incidence of articles related to the subject was more frequent from the second half of the 2000s. The research structure consisted of four steps: Survey-searching, analysis and selection of recent researches; Categorization-categorization of the selected papers; References citation frequency analysis-the selected papers were analysed and the main researches and milestones references were identified; and Main researches critical analysis – the main researches were analysed for their contributions and limitations, their contributions and limitations, resulting in 14 selected scientific articles and 8 identified milestones references. It is evident that this field has interesting perspectives on future research opportunities on semantic interoperability of information issues across PDP, contributing to the new concepts of future factories

Logical Approach: Consistency Rules between Activity Diagram and Class Diagram

Requirements engineering (RE) is a fundamental in software development process. Requirements engineering encompasses activities ranging from requirements elicitation and analysis to specification, verification and validation. Poor requirements have been proved to be a major cause of software problems such as cost overruns, delivery delays, failure to meet expectation and degradation. Requirements validation especially models validation has gained quite an interest from a lot of researchers. In recent times, several researchers have expressed a great deal of interest in requirements validation, specifically models validation. The field of research related to consistency checking has undergone a considerable boom from time to time. Numerous methods, approaches and techniques have been recommended to address the requirements inconsistency issues, particularly in models validation. In the software development industry, UML modelling has been extensively used. The different forms of the UML model that characterise the system from various perspectives somehow establish a relation among the models to keep them inseparable from one another. This is the reason why the inconsistency becomes unavoidable. The inconsistency in the models arises when there is an overlap of the elements of the various models representing the different parts of the system and an absence of cooperation. In this paper, the emphasis is given on the consistency rules that exist between the two models. The focus is also on the class diagrams and activity, and the conversion of the rules into logical predicates, where the logical predicates are assessed with a sample case study that constitutes of the two models

Using Ontologies in Formal Developments Targeting Certification

This is the author accepted manuscript. The final version is available from Springer Verlag via the DOI in this recordIFM 2019: 15th International Conference on integrated Formal Methods, 4-6 December 2019, Bergen, NorwayA common problem in the certification of highly safety or security critical systems is the consistency of the certification documentation in general and, in particular, the linking between semi-formal and formal content of the certification documentation. We address this problem by using an existing framework, Isabelle/DOF, that allows writing certification documents with consistency guarantees, in both, the semi-formal and formal parts. Isabelle/DOF supports the modeling of document ontologies using a strongly typed ontology definition language. An ontology is then enforced inside documents including formal parts, e.g., system models, verification proofs, code, tests and validations of corner-cases. The entire set of documents is checked within Isabelle/HOL, which includes the definition of ontologies and the editing of integrated documents based on them. This process is supported by an IDE that provides continuous checking of the document consistency. In this paper, we present how a specific software-engineering certification standard, namely CENELEC 50128, can be modeled inside Isabelle/DOF. Based on an ontology covering a substantial part of this standard, we present how Isabelle/DOF can be applied to a certification case-study in the railway domain.IRT System