Requirements for an Ontology Supporting Certificates Interoperability

Requirements for an Ontology Supporting Certificates Interoperability

ASSERT4SOA Advanced Security Service cERTificate for SOA CP - STREP - Grant No. 257351 Requirements for an ontology supporting certificates interoperability Deliverable D3.1 Rev. 1.0 Legal Notice All information included in this document is subject to change without notice. The Members of the As- sert4Soa Consortium make no warranty of any kind with regard to this document, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The Members of the Assert4Soa Consortium shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Assert4Soa Project Title Assert4Soa - Advanced Security Service cERTificate for SOA Grant Number 257351 Project Type CP - STREP Requirements for an ontology supporting cer- Title of Deliverable tificates interoperability Subtitle of Deliverable Deliverable No. D3.1 Dissemination Level Public Internal Rev. No. 1.0 Contractual Delivery 30 September 2011 Date Actual Delivery Date 30 September 2011 Contributing WPs WP3 Editor(s) Claudia Pandolfo (ENG), Domenico Presenza (ENG) Author(s) Marco Anisetti (UNIMI), Claudio A. Ardagna (UNIMI), Ernesto Damiani (UNIMI), Stefa- nia D'Agostini (ENG), Valentina Di Giacomo (ENG), Claudia Pandolfo (ENG), Domenico Presenza (ENG), Antonino Sabetta (SAP), Gimena Pujol (UMA) Reviewer(s) Renato Menicocci (FUB), Zaharina Stoynova (SIT) D3.1 - Requirements for an ontology supporting certificates interoperability 3 / 69 Executive Summary The objective of this document is to present the requirements for an ontology suitable to support some of the functionalities envisaged for the ASSERT4SOA software infrastructure. Broadly speaking an ontology can be understood as a description, given in a formal language, of part of the world (a domain) with the purpose to give a firm basis to the language that a community of agents (either human or computational) shares to predicate about that part of the world. The ASSERT4SOA ontology is intended to support the unambiguous communi- cation between Service Consumers, Service Providers, Certification Authorities and Evaluation Bodies. Security requirements and Software services represent the core of the domain of the discourse described by the ASSERT4SOA ontology. In fact, from an abstract point of view, an ASSERT4SOA security certificate (i.e. an ASSERT in the project's terminology) is a machine-readable document stating that a security requirement (e.g. integrity of exchanged messages) is addressed by a software service. Moreover, all the three types of ASSERT (ASSERT-E, ASSERT-O, ASSERT-M) entail some partial model of the Software service which is the subject of the certificate. A challenge for the ASSERT4SOA ontology is to be enable the automatic answer- ing to the decision problems entailed by the main use cases of the ASSERT4SOA infrastructure (e.g. mapping between the different types of ASSERT, discovery relation between the definition security properties, checking consistency between a model of a service and the definition of a security property). This deliverable present a set of possible formal languages that could fit the purpose. This document is organised in two parts. The first part reports on the state of the art on enabling technologies (ontology-based reasoning, Semantic Web and Semantic Web services) and related work (Security ontologies). The second part presents the functional and non-functional requirements for the ASSERT4SOA ontology. Assert4Soa Contents 1 Introduction 5 1.1 Goals and scope . 5 1.2 Main use cases . 6 1.2.1 ASSERT Certified Service Lifecycle . 6 1.2.2 Authoring of a Security Property . 7 1.2.3 Development of a software implementing internal security controls 8 1.2.4 Check consistency between a security requirement and a service model . 9 1.2.5 Issue of a Security Certificate . 9 1.2.6 Implementation of external controls . 10 1.2.7 Compare requested with provided ASSERT . 11 I State of the art 13 2 Ontology-based Reasoning 14 2.1 Knowledge Representation and Reasoning . 14 2.2 Ontologies . 15 2.3 Formal languages for ontologies . 16 2.3.1 Frame Logic (F-logic) . 17 2.3.2 CyCL . 18 2.3.3 Description Logics (DLs) . 18 2.3.4 RDF and RDF Schema . 19 2.3.5 Web Ontology Language (OWL) . 20 2.3.6 Web Service Modeling Language (WSML) . 22 3 Semantic Web and Semantic Web services technologies 24 3.1 The Semantic Web . 24 3.2 Semantic Web Services . 24 3.2.1 OWL-S . 25 3.2.2 Web service Modeling Ontology (WSMO) . 26 3.2.3 Unified Service Description Language (USDL) . 27 3.2.4 Linked Open Services (LOS) . 28 3.2.5 Semantic Annotations for WSDL and XML Schema (SAWSDL) 28 3.2.6 DIANE . 29 3.2.7 SOAF . 30 D3.1 - Requirements for an ontology supporting certificates interoperability 3 / 69 Assert4Soa 4 Security ontologies 31 4.1 Existing ontologies . 31 4.1.1 OWL-S Security Ontologies . 31 4.1.2 NRL (Naval Research Laboratory) Security Ontology . 32 4.1.3 Common Criteria ontology . 33 4.1.4 Problem Domain Ontology (PDO) . 33 4.1.5 The Security Ontology . 34 4.1.6 Linkpings Universitet Security Ontology (SecOnt) . 35 4.1.7 SEKT Ontology . 36 4.1.8 security Characterization Language (SCL) ontology . 36 4.2 Comparison of security ontologies . 37 II Requirements 39 5 Functional requirements 40 5.1 Overview . 40 5.2 Purpose . 40 5.3 Scope . 40 5.4 Level of Formality . 41 5.5 Intended Users . 41 5.6 Intended Uses . 41 5.7 Representational Requirements (Groups of Competency Questions) . 42 5.7.1 Requirements on security properties . 42 5.7.2 Requirements on certificates . 43 5.7.3 Requirements on service model ontology . 48 5.7.4 Requirements on Upper Ontology . 52 5.8 Pre-Glossary of Terms . 53 5.8.1 Terms . 53 6 Non functional requirements 61 6.1 Introduction . 61 6.2 Requirements on ontology protection . 62 6.2.1 Requirements for the Ontology Manager . 63 Bibliography 65 D3.1 - Requirements for an ontology supporting certificates interoperability 4 / 69 Assert4Soa Chapter 1 Introduction 1.1 Goals and scope The objective of this document is to present the requirements for an ontology suitable to support some of the functionalities envisaged for the ASSERT4SOA software infrastructure [4]. More specifically the expected role of an ontology within the ASSERT4SOA infrastructure is twofold: 1. to support the description of security properties of software services; 2. to support the interoperability and comparison of the different types of AS- SERT4SOA certificates (i.e. ASSERT-E, ASSERT-O, ASSERT-M). Broadly speaking an ontology can be understood as a description, given in a formal language, of part of the world (a domain) with the purpose to give a firm basis to the language that a community of agents (either human or computational) shares to predicate about that part of the world. The ASSERT4SOA ontology is intended to support the unambiguous communi- cation between Service Consumers, Service Providers, Certification Authorities and Evaluation Bodies. Such an ontology is needed not least because there is the need: • for Service Consumers and Service Providers to unambiguously communicate about the meaning of the terms (e.g. authenticity, confidentiality) denoting the security requirements fulfilled by a consumed/provided software service. This need is in common with Service Providers/Developers, Certification Authorities and Evaluation Bodies that have to unambiguously communicate about the security claim that is requested to be certified. • for Service Consumers and Certification Authorities to unambiguously com- municate about the assumptions and evidences (e.g. testing results, formal proofs) supporting the claim that a software service fulfils a security require- ment. Also this need is shared by Service Providers, Certification Authorities and Evaluation bodies in the context of a certification process. Security requirements and Software services represent the core of the domain of the discourse described by the ASSERT4SOA ontology. In fact, from an ab- stract point of view, an ASSERT4SOA security certificate (i.e. an ASSERT in the D3.1 - Requirements for an ontology supporting certificates interoperability 5 / 69 Assert4Soa project's terminology) is a machine-readable document stating that a security re- quirement (e.g. integrity of exchanged messages) is addressed by a software service. An ASSERT may also carry the description of the assumptions and evidences (e.g. results of tests performed) supporting the statement. All the three types of AS- SERT (ASSERT-E, ASSERT-O, ASSERT-M) entail, within the representation of the assumptions, some partial model of the Software service which is the subject of the certificate. The primary aim in describing a domain by means of a formal language is to allow automatic machine processing. Literature in the field offers a vast variety of languages for this purpose. Amongst the others, in the last decade, Description Logics have gained interest thanks to the adoption of one them by the W3C in the context of its Semantic Web initiative [8]. The interesting feature of Description Logics, and hence of the W3C OWL 2 DL language, is that they are a decidable fragment of the First Order Logic (FOL): inference problems like satisfiability, sub- sumption, instance checking and boolean conjunctive query answering expressed in the Description Logic underlying OWL 2 DL can be answered in polynomial time. These inference problems appear promising to back on the decision problems entailed by the main use cases of the ASSERT4SOA infrastructure (e.g. mapping between the different types of ASSERT, discovery relation between the definition security properties, checking consistency between a model of a service and the definition of a security property). This document is organised in two parts. The first part reports on the state of the art on knowledge representation based on ontology (Chapter 2), Semantic Web and Semantic Web services technologies (Chapter 3), and Security ontologies (Chapter 4).

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    73 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us