MODDALS Methodology for Designing Layered Ontology Structures

Global ontologies include common vocabularies to provide interoperability among different applications. These ontologies require a balance of reusability-usability to minimise the ontology reuse effort in different applications. To achieve such a balance, reusable and usable ontology design methodologies provide guidelines to design and develop layered ontology networks. Layered ontology networks classify into different abstraction layers the domain knowledge relevant to many applications (common domain knowledge) and the domain knowledge relevant only to certain application types (variant domain knowledge). This knowledge classification is performed from scratch by domain experts and ontology engineers. This process is a heavy workload, making it difficult to design the layered structures of reusable and usable global ontologies. Considering how common and variant software features are classified when designing Software Product Lines (SPLs), we argue that SPL engineering techniques can facilitate the domain knowledge classification taking as reference existing ontologies. This paper presents a methodology that provides guidelines to design the layered structure of reusable and usable ontology networks called MODDALS. In contrast to previous methods, MODDALS applies SPL engineering techniques to systematically (1) identify the ontology common and variant domain knowledge and (2) classify it into different abstraction layers taking as reference existing ontologies. This approach complements domain experts’ and ontology engineers’ expertise, preventing them from classifying the domain knowledge from scratch facilitating the design of the layered ontology structure. MODDALS methodology is evaluated in the design of the layered structure of a reusable and usable global ontology for the energy domain. The results show that MODDALS enables to classify the domain knowledge taking as reference existing ontologies

Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements