1. Ontologies in ASSERT4SOA
D. Presenza (ENG)
D. Presenza (ENG)
July 4, 2011- Amsterdam
July 4, 2011- Amsterdam
2. Outline
ASSERT Ontology & Design Questions
the Community
the Domain
the Formalism
the Structure
An ASSERT-O Example
Reasoning support
Conclusions
2 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
3. Ontologies in ASSERT4SOA
ASSERT4SOA is investigating the use of OWL-DL to deliver
an ontology aimed to:
describe security properties of software services. (Objective 1)
support the interoperability and comparison of the different
kinds of certificate managed by the ASSERT4SOA software
framework (Objective 2)
3 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
4. Design Questions
“An ontology is a formal explicit specification of a shared
conceptualization of a domain.” [Gruber 1993]
Community (who is going to share it?)
Domain (what is being conceptualised?)
Formalism (which formalism for it?)
4 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
5. ASSERT Ontology who: the Community
Service Certification
Counsumers Authorities
ASSERT4SOA
Ontology
Service
Evaluation Providers
Bodies
5 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
6. ASSERT Ontology what: the Domain
ASSERT
about certifies
Web Service Security Property
proof
Web Service Model
6 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
7. ASSERT Ontology what: the Domain (SotA)
Semantic Web Services technologies
OWL-S
WSMO
SAWSDL
…
Security Ontologies defining Security Objectives (a.k.a .
Properties)
Naval Research Laboratory (NRL) Security Ontology [Kim et al. 2005]
Information Security Ontology [Herzog et al. 2007]
SecurityOntology [Fenz & Ekelhart 2009]
…
Certification & Accreditation Ontologies
DISTCAP Problem Domain Ontology (PDO) [Lee et al. 2006]
Common Criteria (CC) Ontology [Ekelhart et al. 2007]
…
7 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
8. ASSERT Ontology how: the Formalism
OWL 2 is a class of languages (OWL 2 Full, OWL 2 DL)
defined by W3C to formalise ontologies.
OWL 2 DL semantic is an extension of SROIQ description
logic.
Datatypes and punning
OWL 2 DL, as many Description Logics (DLs), is a decidable
fragment of First Order Logic (FOL):
Class Expression Satisfiability
Class Expression Subsumption (is a concept a subset of another
concept ?)
Instance Checking (is a particular instance a member of a given
concept ?)
Boolean Conjunctive Query Answering
8 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
9. ASSERT4SOA Ontology: structure
General Terms/Concepts
ASSERT4SOA Top Ontology e.g. Event, Document,
Actor, Time-Span, …
ASSERT-E ASSERT-O ASSERT-M ASSERT-* specific
Ontology Ontology Ontology Terms/Concepts
e.g. Test Unit, Role, Agent, …
ASSERT-*
Certificate instances
WP3 Objective 2
WP3 Objective 1
9 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
10. ASSERT4SOA Ontology: structure
ASSERT4SOA Top Ontology
General Terms/Concepts
e.g. Event, Document, Actor, Time-Span, …
Open CYC 2 (OWL-DL)
WS-
WSDL CC A4S FL
Policy
10 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
11. Ontology-base Certificate (ASSERT-O): an Example
Web Service
ClassAssertion( :certificateXYZ :ASSERT_O)
ObjectPropertyAssertion( :scheme :certificateXYZ :CommonCriteriaCertificate)
ObjectPropertyAssertion( :about :certificateXYZ :remoteSecureStorage)
Security Property Assertion
ClassAssertion( :remoteSecureStorage :AuthenticityPreservingSystem)
Service/System Model
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R1)
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R2)
ObjectPropertyAssertion( :trusts :R1 :R2)
ObjectPropertyAssertion( :performs :R1 :A)
ObjectPropertyAssertion( :performs :R2 :B)
ObjectPropertyAssertion( :precedes :A :B)
…
11 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
12. ASSERT-O: an Example
Web Service
ClassAssertion( :certificateXYZ :ASSERT_O)
ObjectPropertyAssertion( :scheme :certificateXYZ :CommonCriteriaCertificate)
ObjectPropertyAssertion( :about :certificateXYZ :remoteSecureStorage)
Security Property Assertion
ClassAssertion( :remoteSecureStorage :AuthenticityPreservingSystem)
Security Property described as
OWL-DL Class
Service/System Model within the ASSERT-O Ontology
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R1)
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R2)
ObjectPropertyAssertion( :trusts :R1 :R2)
ObjectPropertyAssertion( :performs :R1 :A)
ObjectPropertyAssertion( :performs :R2 :B)
ObjectPropertyAssertion( :precedes :A :B)
…
12 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
13. ASSERT-O: an Example
Web Service
ClassAssertion( :certificateXYZ :ASSERT_O)
ObjectPropertyAssertion( :scheme :certificateXY :CommonCriteriaCertificate)
ObjectPropertyAssertion( :about :certificateXYZ :remoteSecureStorage)
Security Property Assertion
ClassAssertion( :remoteSecureStorage :AuthenticityPreservingSystem)
Service/System Model
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R1)
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R2)
ObjectPropertyAssertion( :trusts :R1 :R2)
ObjectPropertyAssertion( :performs :R1 :A)
ObjectPropertyAssertion( :performs :R2 :B)
ObjectPropertyAssertion( :precedes :A :B)
OWL-DL description of Web Service (i.e. remoteSecureStorage)
13 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
14. ASSERT-O: an Example
Web Service
ClassAssertion( :certificateXYZ :ASSERT_O)
ClassAssertion( :certificateXYZ :CommonCriteriaCertificate)
ObjectPropertyAssertion( :about :certificateXYZ :remoteSecureStorage)
Security Property Assertion
ClassAssertion( :remoteSecureStorage :AuthenticityPreservingSystem)
Service/System Model
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R1)
ObjectPropertyAssertion( :hasRole :remoteSecureStorage :R2)
ObjectPropertyAssertion( :trusts :R1 :R2)
ObjectPropertyAssertion( :performs :R1 :A)
ObjectPropertyAssertion( :performs :R2 :B)
ObjectPropertyAssertion( :precedes :A :B)
…
OWL-DL Properties described within ASSERT-O Ontology
14 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
15. ASSERT Ontology: Reasoning
ASSERT -* Mapping
(Class Expression Subsumption)
Property Relations Discovery
(Class Expression Subsumption)
ASSERT
about certifies
Web Service Security Property
proof
Model/Property Consistency
(Instance Checking)
Web Service Model
15 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
16. ASSERT Ontology: Reasoning
ASSERT -* Mapping
(Class Expression Subsumption)
Objective 2 Property Relations Discovery
(Class Expression Subsumption)
ASSERT
about certifies
Web Service Security Property
proof
Objective 1
Model/Property Consistency
(Instance Checking)
Web Service Model
16 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
17. ASSERT Ontology: Lifecycle
Web Service ASSERT Security Property
about certifies
proof provides
Security pattern
Control
Security
structure Pattern
Web Service Model
17 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
18. ASSERT Ontology: Contributors
Web Service ASSERT Security Property
about certifies
proof provides
Security pattern
Control
Security
structure Pattern
Web Service Model
18 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
19. Conclusions
ASSERT4SOA is investigating the use of OWL-DL to deliver
an ontology aimed to:
describe security properties of software services. (Objective 1)
support the interoperability and comparison of the different
kinds of certificate managed by the ASSERT4SOA software
framework (Objective 2)
Certificates, Security Properties and model of Services
represented by means of OWL-DL class/properties
Use off-the-shelf OWL-DL reasoners to map certificates,
discover relations, check consistency.
19 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
20. End of Presentation
Thank you!
20 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011
21. Backup slide SROIQ & “punning”
“Punning”
ClassAssertion( :Father :John)
ClassAssertion( :SocialRole :Father)
Description languages are distinguished by the
constructs they provide.
S AL: Attributive Language -
C: Negation -
R+: Transitive roles (predicates) “hasAncestor”
R Intersection of Roles (predicates)
O one-of The class MyBirthDayGuests contains only Bill,
John, Mary
I Inverse roles (predicates) Property “hasChild” is ithe nverse of
“hasParent”
Q Qualified number number restriction The class of persons having at least two male
childs
21 j
Ontologies in ASSERT4SOA ( D. Presenza), July 4th 2011