EFW operations Nordic Cluster Meeting, Uppsala, Aug 2011 [email protected] Cluster EFW Operations.
Assert4soa cluster meeting
description
Transcript of Assert4soa cluster meeting
Ontologies in ASSERT4SOAOntologies in ASSERT4SOA
D. Presenza (ENG)D. Presenza (ENG)
July 4, 2011- AmsterdamJuly 4, 2011- Amsterdam
j
� ASSERT Ontology & Design Questions
� the Community
� the Domain
� the Formalism
� the Structure
� An ASSERT-O Example
� Reasoning support
� Conclusions
2 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Outline
j
Ontologies in ASSERT4SOA
� ASSERT4SOA is investigating the use of OWL-DL to deliver
an ontology aimed to:
� describe security properties of software services. (Objective 1)
� support the interoperability and comparison of the different
kinds of certificate managed by the ASSERT4SOA software
framework (Objective 2)
3 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
Design Questions
� “An ontology is a formal explicit specification of a shared
conceptualization of a domain.” [Gruber 1993]
� Community (who is going to share it?)
� Domain (what is being conceptualised?)
� Formalism (which formalism for it?)
4 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
ASSERT Ontology who: the Community
5 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
ASSERT4SOAOntology
Service Providers
Service Counsumers
CertificationAuthorities
EvaluationBodies
j
ASSERT Ontology what: the Domain
6 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Web Service
ASSERT
Security Property
about certifies
proof
Web Service Model
j
ASSERT Ontology what: the Domain (SotA)
� Semantic Web Services technologies� OWL-S
� WSMO
� SAWSDL
� …
� Security Ontologies defining Security Objectives (a.k.a . Properties)� Naval Research Laboratory (NRL) Security Ontology [Kim et al. 2005]
� Information Security Ontology [Herzog et al. 2007]
� SecurityOntology [Fenz & Ekelhart 2009]
� …
� Certification & Accreditation Ontologies� DISTCAP Problem Domain Ontology (PDO) [Lee et al. 2006]
� Common Criteria (CC) Ontology [Ekelhart et al. 2007]
� …
7 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
ASSERT Ontology how: the Formalism
� OWL 2 is a class of languages (OWL 2 Full, OWL 2 DL) defined by W3C to formalise ontologies.
� OWL 2 DL semantic is an extension of SROIQ description logic.
� Datatypes and punning
� OWL 2 DL, as many Description Logics (DLs), is a decidable fragment of First Order Logic (FOL):
� Class Expression Satisfiability
� Class Expression Subsumption (is a concept a subset of another concept ?)
� Instance Checking (is a particular instance a member of a given concept ?)
� Boolean Conjunctive Query Answering
8 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
ASSERT4SOA Ontology: structure
9 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
ASSERT4SOA Top Ontology
ASSERT-EOntology
ASSERT-MOntology
ASSERT-OOntology
ASSERT-*Certificate instances
ASSERT-* specific Terms/Concepts e.g. Test Unit, Role, Agent, …
General Terms/Concepts e.g. Event, Document, Actor, Time-Span, …
WP3 Objective 1WP3 Objective 2
j
ASSERT4SOA Ontology: structure
10 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
ASSERT4SOA Top OntologyGeneral Terms/Concepts e.g. Event, Document, Actor, Time-Span, …
Open CYC 2 (OWL-DL)
WSDL CCWS-Policy
A4S FL
j
Ontology-base Certificate (ASSERT-O): an Example
� Web Service� ClassAssertion( :certificateXYZ : ASSERT_O)
� ObjectPropertyAssertion( :scheme :certificateXYZ : CommonCriteriaCertificate)
� ObjectPropertyAssertion( : about :certificateXYZ :remoteSecureStorage)
� Security Property Assertion� ClassAssertion( :remoteSecureStorage : AuthenticityPreservingSystem)
� Service/System Model� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R1)
� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R2)
� ObjectPropertyAssertion( : trusts :R1 :R2)
� ObjectPropertyAssertion( : performs :R1 :A)
� ObjectPropertyAssertion( : performs :R2 :B)
� ObjectPropertyAssertion( : precedes :A :B)
� …
11 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
ASSERT-O: an Example
� Web Service� ClassAssertion( :certificateXYZ : ASSERT_O)
� ObjectPropertyAssertion( :scheme :certificateXYZ : CommonCriteriaCertificate)
� ObjectPropertyAssertion( : about :certificateXYZ :remoteSecureStorage)
� Security Property Assertion� ClassAssertion( :remoteSecureStorage : AuthenticityPreservingSystem)
� Service/System Model� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R1)
� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R2)
� ObjectPropertyAssertion( : trusts :R1 :R2)
� ObjectPropertyAssertion( : performs :R1 :A)
� ObjectPropertyAssertion( : performs :R2 :B)
� ObjectPropertyAssertion( : precedes :A :B)
� …
12 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Security Property described asOWL-DL Class within the ASSERT-O Ontology
j
ASSERT-O: an Example
� Web Service� ClassAssertion( :certificateXYZ : ASSERT_O)
� ObjectPropertyAssertion( :scheme :certificateXY : CommonCriteriaCertificate)
� ObjectPropertyAssertion( : about :certificateXYZ :remoteSecureStorage)
� Security Property Assertion� ClassAssertion( :remoteSecureStorage : AuthenticityPreservingSystem)
� Service/System Model� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R1)
� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R2)
� ObjectPropertyAssertion( : trusts :R1 :R2)
� ObjectPropertyAssertion( : performs :R1 :A)
� ObjectPropertyAssertion( : performs :R2 :B)
� ObjectPropertyAssertion( : precedes :A :B)
13 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
OWL-DL description of Web Service (i.e. remoteSecureStorage)
j
ASSERT-O: an Example
� Web Service� ClassAssertion( :certificateXYZ : ASSERT_O)
� ClassAssertion( :certificateXYZ : CommonCriteriaCertificate)
� ObjectPropertyAssertion( : about :certificateXYZ :remoteSecureStorage)
� Security Property Assertion� ClassAssertion( :remoteSecureStorage : AuthenticityPreservingSystem)
� Service/System Model� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R1)
� ObjectPropertyAssertion( : hasRole :remoteSecureStorage :R2)
� ObjectPropertyAssertion( : trusts :R1 :R2)
� ObjectPropertyAssertion( : performs :R1 :A)
� ObjectPropertyAssertion( : performs :R2 :B)
� ObjectPropertyAssertion( : precedes :A :B)
� …
14 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
OWL-DL Properties described within ASSERT-O Ontology
j
ASSERT Ontology: Reasoning
15 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Web Service
ASSERT
Security Property
about certifies
proof
Web Service Model
ASSERT -* Mapping(Class Expression Subsumption)
Property Relations Discovery(Class Expression Subsumption)
Model/Property Consistency (Instance Checking)
j
ASSERT Ontology: Reasoning
16 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Web Service
ASSERT
Security Property
about certifies
proof
Web Service Model
ASSERT -* Mapping(Class Expression Subsumption)
Property Relations Discovery(Class Expression Subsumption)
Model/Property Consistency (Instance Checking)
Objective 2
Objective 1
j
ASSERT Ontology: Lifecycle
17 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Security Property
Security Pattern
provides
Web Service Model
pattern
structure
Security Control
ASSERT
about certifies
proof
Web Service
j
ASSERT Ontology: Contributors
18 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
Security Property
Security Pattern
provides
Web Service Model
pattern
structure
Security Control
ASSERT
about certifies
proof
Web Service
j
Conclusions
� ASSERT4SOA is investigating the use of OWL-DL to deliver
an ontology aimed to:
� describe security properties of software services. (Objective 1)
� support the interoperability and comparison of the different
kinds of certificate managed by the ASSERT4SOA software
framework (Objective 2)
� Certificates, Security Properties and model of Services
represented by means of OWL-DL class/properties
� Use off-the-shelf OWL-DL reasoners to map certificates,
discover relations, check consistency.
19 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
j
End of Presentation
20 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
� Thank you!
j
Backup slide SROIQ & “punning”
� “Punning”� ClassAssertion( : Father :John)
� ClassAssertion( :SocialRole : Father)
� Description languages are distinguished by the
constructs they provide.
21 Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
SSSS AL: Attributive LanguageC: NegationR+: Transitive roles (predicates)
--“hasAncestor”
RRRR Intersection of Roles (predicates)
OOOO one-of The class MyBirthDayGuests contains only Bill, John, Mary
IIII Inverse roles (predicates) Property “hasChild” is ithe nverse of “hasParent”
QQQQ Qualified number number restriction The class of persons having at least two male childs