Visible to the public Recovering Semantic Traceability Links between APIs and Security Vulnerabilities: An Ontological Modeling Approach

TitleRecovering Semantic Traceability Links between APIs and Security Vulnerabilities: An Ontological Modeling Approach
Publication TypeConference Paper
Year of Publication2017
AuthorsAlqahtani, S. S., Eghan, E. E., Rilling, J.
Conference Name2017 IEEE International Conference on Software Testing, Verification and Validation (ICST)
KeywordsAPI, APIs, code reuse, code sharing, Computational modeling, Databases, global software ecosystem, Information Reuse, information silos, Knowledge modeling, ontological modeling approach, Ontologies, ontologies (artificial intelligence), ontology-based knowledge modeling approach, project boundaries, proprietary knowledge representation, pubcrawl, reasoning, reasoning services, Resiliency, safety-critical software, security, security knowledge, security vulnerability, semantic traceability link recovery, Semantic Web, Semantics, Software, software engineering community, software houses, software industry globalization, software knowledge, software products, Source code analysis, traceability improvement, trust improvement, Unified modeling language, vulnerabilities and patches

Over the last decade, a globalization of the software industry took place, which facilitated the sharing and reuse of code across existing project boundaries. At the same time, such global reuse also introduces new challenges to the software engineering community, with not only components but also their problems and vulnerabilities being now shared. For example, vulnerabilities found in APIs no longer affect only individual projects but instead might spread across projects and even global software ecosystem borders. Tracing these vulnerabilities at a global scale becomes an inherently difficult task since many of the existing resources required for such analysis still rely on proprietary knowledge representation. In this research, we introduce an ontology-based knowledge modeling approach that can eliminate such information silos. More specifically, we focus on linking security knowledge with other software knowledge to improve traceability and trust in software products (APIs). Our approach takes advantage of the Semantic Web and its reasoning services, to trace and assess the impact of security vulnerabilities across project boundaries. We present a case study, to illustrate the applicability and flexibility of our ontological modeling approach by tracing vulnerabilities across project and resource boundaries.

Citation Keyalqahtani_recovering_2017