文章基本信息

标题：Managing Software Security Knowledge in Context: An Ontology Based Approach
本地全文：下载
作者：Shao-Fang Wen ; Basel Katt
期刊名称：Information
电子版ISSN：2078-2489
出版年度：2019
卷号：10
期号：6
页码：216-227
DOI：10.3390/info10060216
出版社：MDPI Publishing
摘要：Knowledge of software security is highly complex since it is quite context-specific and can be applied in diverse ways. To secure software development, software developers require not only knowledge about general security concepts but also about the context for which the software is being developed. With traditional security-centric knowledge formats, it is difficult for developers or knowledge users to retrieve their required security information based on the requirements of software products and development technologies. In order to effectively regulate the operation of security knowledge and be an essential part of practical software development practices, we argue that security knowledge must first incorporate features that specify what contextual characteristics are to be handled, and represent the security knowledge in a format that is understandable and acceptable to the individuals. This study introduces a novel ontology approach for modeling security knowledge with a context-based approach, by which security knowledge can be retrieved, taking the context of the software application at hand into consideration. In this paper, we present our security ontology with the design concepts and the corresponding evaluation process.
关键词：software security; knowledge management; security ontology; context-based software security ; knowledge management ; security ontology ; context-based