Assert4soa cluster meeting

Ontologies in ASSERT4SOAOntologies in ASSERT4SOA

D. Presenza (ENG)D. Presenza (ENG)

July 4, 2011- AmsterdamJuly 4, 2011- Amsterdam

j

� ASSERT Ontology & Design Questions

� the Community

� the Domain

� the Formalism

� the Structure

� An ASSERT-O Example

� Reasoning support

� Conclusions

2 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011

Outline

j

Ontologies in ASSERT4SOA

� ASSERT4SOA is investigating the use of OWL-DL to deliver

an ontology aimed to:

� describe security properties of software services. (Objective 1)

� support the interoperability and comparison of the different

kinds of certificate managed by the ASSERT4SOA software

framework (Objective 2)


j

Design Questions

� “An ontology is a formal explicit specification of a shared

conceptualization of a domain.” [Gruber 1993]

� Community (who is going to share it?)

� Domain (what is being conceptualised?)

� Formalism (which formalism for it?)


j

ASSERT Ontology who: the Community


ASSERT4SOAOntology

Service Providers

Service Counsumers

CertificationAuthorities

EvaluationBodies

j

ASSERT Ontology what: the Domain


Web Service

ASSERT

Security Property

about certifies

proof

Web Service Model

j

ASSERT Ontology what: the Domain (SotA)

� Semantic Web Services technologies� OWL-S

� WSMO

� SAWSDL

� …

� Security Ontologies defining Security Objectives (a.k.a . Properties)� Naval Research Laboratory (NRL) Security Ontology [Kim et al. 2005]

� Information Security Ontology [Herzog et al. 2007]

� SecurityOntology [Fenz & Ekelhart 2009]

� …

� Certification & Accreditation Ontologies� DISTCAP Problem Domain Ontology (PDO) [Lee et al. 2006]

� Common Criteria (CC) Ontology [Ekelhart et al. 2007]

� …


j

ASSERT Ontology how: the Formalism

� OWL 2 is a class of languages (OWL 2 Full, OWL 2 DL) defined by W3C to formalise ontologies.

� OWL 2 DL semantic is an extension of SROIQ description logic.

� Datatypes and punning

� OWL 2 DL, as many Description Logics (DLs), is a decidable fragment of First Order Logic (FOL):

� Class Expression Satisfiability

� Class Expression Subsumption (is a concept a subset of another concept ?)

� Instance Checking (is a particular instance a member of a given concept ?)

� Boolean Conjunctive Query Answering


j

ASSERT4SOA Ontology: structure


ASSERT4SOA Top Ontology

ASSERT-EOntology

ASSERT-MOntology

ASSERT-OOntology

ASSERT-*Certificate instances

ASSERT-* specific Terms/Concepts e.g. Test Unit, Role, Agent, …

General Terms/Concepts e.g. Event, Document, Actor, Time-Span, …

WP3 Objective 1WP3 Objective 2

j

ASSERT4SOA Ontology: structure


ASSERT4SOA Top OntologyGeneral Terms/Concepts e.g. Event, Document, Actor, Time-Span, …

Open CYC 2 (OWL-DL)

WSDL CCWS-Policy

A4S FL

j

Ontology-base Certificate (ASSERT-O): an Example

� Web Service� ClassAssertion( :certificateXYZ : ASSERT_O)

� ObjectPropertyAssertion( :scheme :certificateXYZ : CommonCriteriaCertificate)

� ObjectPropertyAssertion( : about :certificateXYZ :remoteSecureStorage)

� Security Property Assertion� ClassAssertion( :remoteSecureStorage : AuthenticityPreservingSystem)

� Service/System Model� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R1)

� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R2)

� ObjectPropertyAssertion( : trusts :R1 :R2)

� ObjectPropertyAssertion( : performs :R1 :A)

� ObjectPropertyAssertion( : performs :R2 :B)

� ObjectPropertyAssertion( : precedes :A :B)

� …


j

ASSERT-O: an Example


� ObjectPropertyAssertion( :scheme :certificateXYZ : CommonCriteriaCertificate)









� …


Security Property described asOWL-DL Class within the ASSERT-O Ontology

j



� ObjectPropertyAssertion( :scheme :certificateXY : CommonCriteriaCertificate)










OWL-DL description of Web Service (i.e. remoteSecureStorage)

j



� ClassAssertion( :certificateXYZ : CommonCriteriaCertificate)









� …


OWL-DL Properties described within ASSERT-O Ontology

j

ASSERT Ontology: Reasoning


Web Service

ASSERT

Security Property

about certifies

proof

Web Service Model

ASSERT -* Mapping(Class Expression Subsumption)

Property Relations Discovery(Class Expression Subsumption)

Model/Property Consistency (Instance Checking)

j

ASSERT Ontology: Reasoning


Web Service

ASSERT

Security Property

about certifies

proof

Web Service Model

ASSERT -* Mapping(Class Expression Subsumption)

Property Relations Discovery(Class Expression Subsumption)

Model/Property Consistency (Instance Checking)

Objective 2

Objective 1

j

ASSERT Ontology: Lifecycle


Security Property

Security Pattern

provides

Web Service Model

pattern

structure

Security Control

ASSERT

about certifies

proof

Web Service

j

ASSERT Ontology: Contributors


Security Property

Security Pattern

provides

Web Service Model

pattern

structure

Security Control

ASSERT

about certifies

proof

Web Service

j

Conclusions

� ASSERT4SOA is investigating the use of OWL-DL to deliver

an ontology aimed to:

� describe security properties of software services. (Objective 1)

� support the interoperability and comparison of the different

kinds of certificate managed by the ASSERT4SOA software

framework (Objective 2)

� Certificates, Security Properties and model of Services

represented by means of OWL-DL class/properties

� Use off-the-shelf OWL-DL reasoners to map certificates,

discover relations, check consistency.


j

End of Presentation


� Thank you!

j

Backup slide SROIQ & “punning”

� “Punning”� ClassAssertion( : Father :John)

� ClassAssertion( :SocialRole : Father)

� Description languages are distinguished by the

constructs they provide.


SSSS AL: Attributive LanguageC: NegationR+: Transitive roles (predicates)

--“hasAncestor”

RRRR Intersection of Roles (predicates)

OOOO one-of The class MyBirthDayGuests contains only Bill, John, Mary

IIII Inverse roles (predicates) Property “hasChild” is ithe nverse of “hasParent”

QQQQ Qualified number number restriction The class of persons having at least two male childs

Assert4soa cluster meeting

Education

Transcript of Assert4soa cluster meeting