Ontology Evolution in the Context of Model-Based Secure Software Engineering

  • Jens BürgerEmail author
  • Timo Kehrer
  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 385)


Ontologies as a means to formally specify the knowledge of a domain of interest have made their way into information and communication technology. Most often, such knowledge is subject to continuous change, which demands for consistent evolution of ontologies and dependent artifacts. In this paper, we study ontology evolution in the context of a model-based approach to engineering of secure software, where ontologies are used to formalize the security context knowledge which is needed to come up with software systems which can be considered secure. In this application scenario, techniques for detecting ontology changes and determining their semantic impact are faced with a couple of challenging requirements which are not met by existing solutions. To overcome these shortcomings, we adapt a state-based approach to model differencing to OWL ontologies. Our solution is capable of detecting semantic editing patterns which may be customly defined using graph transformation rules, but it does not depend on information about editing processes such as persistently managed change logs. We showcase how to leverage semantic editing patterns for the sake of system model co-evolution in response to changing security context knowledge, and demonstrate the feasibility of the approach using a realistic medical information system.


Software engineering Model-based security Security context knowledge Ontology evolution Semantic editing patterns 


  1. 1.
    Baader, F., Horrocks, I., Sattler, U.: Description logics. In: Staab, S., Studer R. (eds.) Handbook on Ontologies, pp. 3–28. Springer, Heidelberg (2004).
  2. 2.
    Bürger, J., Jürjens, J., Ruhroth, T., Gärtner, S., Schneider, K.: Model-based security engineering: managed co-evolution of security knowledge and software models. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) FOSAD 2012-2013. LNCS, vol. 8604, pp. 34–53. Springer, Cham (2014). Scholar
  3. 3.
    Bürger, J., Jürjens, J., Wenzel, S.: Restoring security of evolving software models using graph transformation. Int. J. Softw. Tools Technol. Transf. 17(3), 267–289 (2014). Scholar
  4. 4.
    Bürger, J.: Recovering security in model-based software engineering by context-driven co-evolution. Ph.D. thesis, University of Koblenz-Landau (2019)Google Scholar
  5. 5.
    Bürger, J., Strüber, D., Gärtner, S., Ruhroth, T., Jürjens, J., Schneider, K.: A framework for semi-automated co-evolution of security knowledge and system models. J. Syst. Softw. 139, 142–160 (2018)CrossRefGoogle Scholar
  6. 6.
    Djedidi, R., Aufaure, M.A.: Ontology change management. In: I-SEMANTICS, pp. 611–621 (2009)Google Scholar
  7. 7.
    Djedidi, R., Aufaure, M.A.: Ontology evolution: state of the art and future directions. In: Ontology Theory, Management and Design: Advanced Tools and Models. IGI Global (2010)Google Scholar
  8. 8.
    Gärtner, S., Ruhroth, T., Bürger, J., Schneider, K., Jürjens, J.: Maintaining requirements for long-living software systems by incorporating security knowledge. In: 22nd IEEE International Requirements Engineering Conference. IEEE (2014)Google Scholar
  9. 9.
    Gruber, T.R.: A translation approach to portable ontology specifications. Knowl. Acquis. 5(2), 199–220 (1993)CrossRefGoogle Scholar
  10. 10.
    Heckman, S., Stolee, K., Parnin, C.: 10+ years of teaching software engineering with iTrust: the good, the bad, and the ugly. In: International Conference on Software Engineering Education and Training, pp. 1–4. IEEE (2018)Google Scholar
  11. 11.
    Hesse, T.M., Gärtner, S., Roehm, T., Paech, B., Schneider, K., Bruegge, B.: Semi-automatic security requirements engineering and evolution using decision documentation, heuristics, and user monitoring. In: International Workshop on Evolving Security and Privacy Requirements Engineering, pp. 1–6. IEEE (2014)Google Scholar
  12. 12.
    Javed, M., Abgaz, Y.M., Pahl, C.: A pattern-based framework of change operators for ontology evolution. In: Meersman, R., Herrero, P., Dillon, T. (eds.) OTM 2009. LNCS, vol. 5872, pp. 544–553. Springer, Heidelberg (2009). Scholar
  13. 13.
    Javed, M., Abgaz, Y.M., Pahl, C.: Ontology change management and identification of change patterns. J. Data Semant. 2(2–3), 119–143 (2013)CrossRefGoogle Scholar
  14. 14.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  15. 15.
    Kehrer, T., Alshanqiti, A., Heckel, R.: Automatic inference of rule-based specifications of complex in-place model transformations. In: Guerra, E., van den Brand, M. (eds.) ICMT 2017. LNCS, vol. 10374, pp. 92–107. Springer, Cham (2017). Scholar
  16. 16.
    Kehrer, T., Kelter, U., Ohrndorf, M., Sollbach, T.: Understanding model evolution through semantically lifting model differences with SiLift. In: International Conference on Software Maintenance (2012)Google Scholar
  17. 17.
    Kehrer, T., Kelter, U., Pietsch, P., Schmidt, M.: Adaptability of model comparison tools. In: International Conference on Automated Software Engineering, pp. 306–309. IEEE (2012)Google Scholar
  18. 18.
    Kehrer, T., Kelter, U., Taentzer, G.: A rule-based approach to the semantic lifting of model differences in the context of model versioning. In: International Conference on Automated Software Engineering (2011)Google Scholar
  19. 19.
    Khattak, A.M., Batool, R., Pervez, Z., Khan, A.M., Lee, S.: Ontology evolution and challenges. J. Inf. Sci. Eng. 29(5), 851–871 (2013)Google Scholar
  20. 20.
    Kögel, S., et al.: Learning from evolution for evolution. Managed Software Evolution, pp. 255–308. Springer, Cham (2019). Scholar
  21. 21.
    Maedche, A., Motik, B., Stojanovic, L., Studer, R., Volz, R.: Managing multiple ontologies and ontology evolution in ontologging. In: Musen, M.A., Neumann, B., Studer, R. (eds.) IIP 2002. ITIFIP, vol. 93, pp. 51–63. Springer, Boston, MA (2002). Scholar
  22. 22.
    Otero-Cerdeira, L., Rodríguez-Martínez, F.J., Gómez-Rodríguez, A.: Ontology matching: a literature review. Expert Syst. Appl. 42(2), 949–971 (2015)CrossRefGoogle Scholar
  23. 23.
    OWL Working Group, W.: OWL 2 Web Ontology Language: Document Overview. W3C Recommendation (2009)Google Scholar
  24. 24.
    Papavassiliou, V., Flouris, G., Fundulaki, I., Kotzinos, D., Christophides, V.: On Detecting high-level changes in RDF/S KBs. In: Bernstein, A., et al. (eds.) ISWC 2009. LNCS, vol. 5823, pp. 473–488. Springer, Heidelberg (2009). Scholar
  25. 25.
    Papavassiliou, V., Flouris, G., Fundulaki, I., Kotzinos, D., Christophides, V.: High-level change detection. ACM Trans. Database Syst. (TODS) 38(1), 1 (2013)CrossRefGoogle Scholar
  26. 26.
    Plessers, P., De Troyer, O.: Ontology change detection using a version log. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 578–592. Springer, Heidelberg (2005). Scholar
  27. 27.
    Plessers, P., De Troyer, O., Casteleyn, S.: Understanding ontology evolution: a change detection approach. Web Semant.: Sci. Serv. Agents World Wide Web 5(1), 39–49 (2007)CrossRefGoogle Scholar
  28. 28.
    Popov, A.: RFC 7465: Prohibiting RC4 cipher suite, February 2015. Accessed 24 Apr 2020
  29. 29.
    Ruhroth, T., Gärtner, S., Bürger, J., Jürjens, J., Schneider, K.: Versioning and evolution requirements for model-based system development. In: International Workshop on Comparison and Versioning of Software Models (2014)Google Scholar
  30. 30.
    Steinberg, D., Budinsky, F., Merks, E., Paternostro, M.: EMF: Eclipse Modeling Framework. Pearson Education, London (2008)Google Scholar
  31. 31.
    Strüber, D., et al.: Henshin: a usability-focused framework for EMF model transformation development. In: de Lara, J., Plump, D. (eds.) ICGT 2017. LNCS, vol. 10373, pp. 196–208. Springer, Cham (2017). Scholar
  32. 32.
    Vanhoef, M., Piessens, F.: All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS. In: USENIX Security Symposium, pp. 97–112 (2015)Google Scholar
  33. 33.
    Wardhana, H., Ashari, A., Sari, A.K.: Review of ontology evolution process. J. Comput. Appl. 45, 26–33 (2018)Google Scholar
  34. 34.
    Zablith, F., et al.: Ontology evolution: a process-centric survey. knowl. Eng. Rev. 30(1), 45–75 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Knipp Medien und Kommunikation GmbHDortmundGermany
  2. 2.University of Koblenz-LandauKoblenzGermany
  3. 3.Humboldt-Universität zu BerlinBerlinGermany
  4. 4.Fraunhofer Institute ISSTDortmundGermany

Personalised recommendations