Recovering Semantic Traceability Links between APIs and Security Vulnerabilities: An Ontological Modeling Approach
Title | Recovering Semantic Traceability Links between APIs and Security Vulnerabilities: An Ontological Modeling Approach |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Alqahtani, S. S., Eghan, E. E., Rilling, J. |
Conference Name | 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST) |
Keywords | API, APIs, code reuse, code sharing, Computational modeling, Databases, global software ecosystem, Information Reuse, information silos, Knowledge modeling, ontological modeling approach, Ontologies, ontologies (artificial intelligence), ontology-based knowledge modeling approach, project boundaries, proprietary knowledge representation, pubcrawl, reasoning, reasoning services, Resiliency, safety-critical software, security, security knowledge, security vulnerability, semantic traceability link recovery, Semantic Web, Semantics, Software, software engineering community, software houses, software industry globalization, software knowledge, software products, Source code analysis, traceability improvement, trust improvement, Unified modeling language, vulnerabilities and patches |
Abstract | Over the last decade, a globalization of the software industry took place, which facilitated the sharing and reuse of code across existing project boundaries. At the same time, such global reuse also introduces new challenges to the software engineering community, with not only components but also their problems and vulnerabilities being now shared. For example, vulnerabilities found in APIs no longer affect only individual projects but instead might spread across projects and even global software ecosystem borders. Tracing these vulnerabilities at a global scale becomes an inherently difficult task since many of the existing resources required for such analysis still rely on proprietary knowledge representation. In this research, we introduce an ontology-based knowledge modeling approach that can eliminate such information silos. More specifically, we focus on linking security knowledge with other software knowledge to improve traceability and trust in software products (APIs). Our approach takes advantage of the Semantic Web and its reasoning services, to trace and assess the impact of security vulnerabilities across project boundaries. We present a case study, to illustrate the applicability and flexibility of our ontological modeling approach by tracing vulnerabilities across project and resource boundaries. |
URL | http://ieeexplore.ieee.org/document/7927965/ |
DOI | 10.1109/ICST.2017.15 |
Citation Key | alqahtani_recovering_2017 |
- software houses
- safety-critical software
- security
- security knowledge
- security vulnerability
- semantic traceability link recovery
- Semantic Web
- Semantics
- Software
- software engineering community
- Resiliency
- software industry globalization
- software knowledge
- software products
- Source code analysis
- traceability improvement
- trust improvement
- Unified modeling language
- vulnerabilities and patches
- ontological modeling approach
- APIs
- code reuse
- code sharing
- Computational modeling
- Databases
- global software ecosystem
- Information Reuse
- information silos
- Knowledge modeling
- API
- Ontologies
- ontologies (artificial intelligence)
- ontology-based knowledge modeling approach
- project boundaries
- proprietary knowledge representation
- pubcrawl
- reasoning
- reasoning services