Ontology-based context-sensitive software security knowledge management modeling

Received Mar 3, 2020 Revised May 12, 2020 Accepted May 27, 2020 The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology.


INTRODUCTION
The digital age has witnessed a large number of businesses being aided and automated by using state-of-the-art web development technologies. E-commerce based applications and their integral contribution to transforming business processes remain an unparalleled success. However, this rising trajectory is beset with an alarming increase in security attacks on such applications [1][2]. The rise in the number of security attacks has led to huge losses for the organizations that are dependent on e-commerce based applications for generating revenue [3]. Security attacks affect the functionality of the application which leads to the unavailability of the service on the internet. This, in turn, has a direct impact on customer satisfaction. Most of the security attacks are experienced as a result of software flaws or vulnerabilities left untended during the software development process. Many Software development processes have not been able to ensure security within the product in the past [4]. Also, the team involved in developing software often lacks the required expertise for generating secure systems.
However, the recent research initiatives have given considerable attention to this lacuna and are working towards security practices that need to be made efficacious during the software development process itself. Software security is a term used to describe security during the whole development procedure of software. To enhance the security of any software, it is imperative to ensure that the software engineers are equipped with the necessary information and mandatory skills for the development of secure software [5]. Only with this elemental knowledge can the software engineers tackle security attacks and deal with security errors in a correct manner. Further, the software engineer's expertise needs to be complemented by security artifacts which assist in understanding the security of the software. To enable the practitioners to gain insight  ISSN: 2088-8708 Int J Elec & Comp Eng, Vol. 10, No. 6, December 2020 : 6507 -6520 6508 into the security of the software, there is a need for an automated system that manages the security knowledge and depending on the cases, presents recommendations to the software engineer.
To cite a pertinent example, SHIELDS project targets constructing a secure software engineering environment which is assisted by the repository of the software security knowledge [6]. With the help of the repository, security models can be shared and stored representing the expertise of the specialists. The project provides a modeling tool but lacks the relationship between artifacts and knowledge of software security. Hence, the authors in [7] proposed a management system that manages knowledge and artifacts of software security generated during the development process. The system assists practitioners who may not have the requisite expertise by helping them to analyze heterogeneous cases of software security. However, the work lacks application context-related cases. Modeling software security knowledge in a context-sensitive manner using ontologies can be found in [8] where software security-related knowledge is extracted by assessing the application context at hand.
Anticipating the need for inclusion of application context sensitivity within the case-based management systems, as in [9], is the most efficacious solution. The authors of this paper propose a context-sensitive case-based software security management system. Further, this work prioritizes the artifacts involved in decision making by practitioners for security management. This study is categorized as follows: The second segment on Literature Review discusses the related and relevant work done in this domain. The third segment highlights the need for and significance of the proposed ideation. The segments thereafter discuss the implementations and conclusion.
Literature Review. With the help of semantic tools to assist the security of software, several efforts have been made to achieve ontology-based modeling. Ontologies have clear and formal specifications [6]. Also, ontology is recognized universally as a tool for the modeling of context information. Ontology is being used to provide application context related to security information as in [7,10]. Some of the pertinent work has been discussed in Table 1. This work presents a framework for generic Ontology-based user modeling. Also, this work discusses selected inferences of ontology-based user modeling from a different perspective including semantic-enhanced knowledge management and personal knowledge management.

[6]
An Ontology-Based Context Model for Managing Security Knowledge in Software Development In this paper, the authors have identified the problems associated with necessities on the knowledge desired to make an ICS security assessment. After the problem definition, ICS security knowledge and development life cycle framework for security assessment is developed.

[7]
Knowledge management in software engineering The study proposed that security knowledge must first integrate features that state what contextual features are to be controlled and signify the knowledge of security in a layout. Further, the layout is logical and satisfactory for the practitioners. Hence, the work proposed to achieve ontology with the context-based approach.
Literature review of the research work and articles in the area of software security, knowledge management, and ontological approaches have paved the ideas for combining and analyzing three of these with a focused temperament on software security. The ontology-based approach is easy to implement by the developers in the security of software. Also, the review has revealed the fact that knowledge management for developers is the prime necessity nowadays where knowledge is everywhere, but it remains unorganized.

PROPOSED METHOD 2.1. Needs and significance
In 2006, authors determined that the most significant resources for context modeling are found in the ontology-based models [11]. The study listed six criteria that would be best for context modeling and these six were: richness and quality of information, distributed composition, level of formality, incompleteness, and ambiguity, partial validation and applicability to existing environments [12][13][14][15]. In addition, the study analyzed the markup scheme, key-value, logic-based, graphical, and object-oriented models. The interrelation between software security management and context-driven ontologies has been shown in Figure 1. Figure 1. Interrelation between software security management and context-driven ontologies Figure 1 shows the relationship between software security management, context-driven ontology, and ontology for security management. The concept of ontology plays an important role in the semantic web and particularly in universal computing and next-generation mobile communication systems [16][17][18][19][20]. Ontology can provide a better way of creating associations. It creates real-life scenarios into machine understandable relationships. Further, a context-driven modeling approach for security management also needs a framework that is based on ontology. It will help in diversifying the interrelationships of artifacts depending on security management. The data thus coming from varied sets of information foundations leads to improved user experience.
The problem of security management is also due to the extensive knowledge available on web-based resources which most of the developers use for gaining their knowledge for security services. Hence, an ontology-based and context-sensitive software security management framework would facilitate in gaining an accurate approach for the software developers. This immense challenge needs the specific usage of the tools of ontology and languages which have been introduced in the next section of this paper. Formalizing attributes related to context-driven security modeling and ontology security management criteria to conform the heterogeneity, vagueness, and some quality-related issues. After the critical analysis of the available literature, the authors came up with the two important models of ontology-based context model, which are: Software security domain model and the Application context model. Hierarchy has been shown in Figure 2 and indicated in the ensuing section:

Software security domain model
The ontology-based context model consists of two types. One of them is the software security domain model. The software security domain model is designed with the consideration of the central idea of reviewing important security knowledge resources and is also concerned with the security knowledge repositories such as CWE, stack overflow open question-answer platform, OWASP checklists, and SEI CERT coding guideline, etc. [21,22]. After this analysis, we divided this analysis further into four security development phases. Elucidation of the major terms used in our ontology is as follows: a. Security requirement Designing secure software depends on the security requirements which set a premise for the security guidelines for the developers [23,24]. Developers need support in deciding the security requirements which further plays a decisive role in the context-based ontology security model. b. Production practices Practices that involve designing and coding of a system are termed as production practices and these include design and coding practices [23]. Design practices of security represent practices approved in the system design time. Adopting security design practices may reduce the security risk associated with the production phase. Coding Practices represent a set of rules that are adopted at the code level. Knowledge and context of both levels affect the overall ontology-based context modeling. Verification and Validation ensure that the developed product satisfies the given requirements and that the right product has been developed. These practices include two major processes which are code review and testing process. Description of both is given below: -Code Review Practice: This practice focuses on identifying security mistakes by the inspection of software at the source code level with the help of different tools such as manual code analysis. This practice also helps to ensure the strengthening of verification and validation practices and, hence, seems important for the building of an ontological based context model [23]. -Testing Practice: This practice focuses on the testing of software while executed in order to find security problems and errors. Most of the errors and problems are found in this level of testing. Hence, it is significant to deliberate it in the preparation of the ontology-based context model [22]. -Security Error: Security error is a noticeable fault during the development of software that may become the cause of a future software weakness [12]. In our ontology, a software security error can be: -Design Flaw: Design flaw is an unsuitable logical judgment at the design level. A flaw can be instantiated in code but can be a result of a mistake at the design level. These flaws can create major bugs in the future. Hence, looking over these flaws is as important as the manual review of the code [12]. -Coding Error: A code error or a mistake (bug) occurs at the code level. Code error can change the results that were expected to be something else. The fault of the systems is created by a number of coding errors [24]. Both the design flaws and coding errors play a significant role in creating a big security error which further may harm the ontology-based context model. d. Application context model The knowledge and application of software security are essential to be put in a framework to develop a context-based ontological model. In our study, we are describing the different attributes that take part in deciding the application in software security for its context. Capturing this context is significant during the process of ontology modeling where context representation depends on the features and relationships created between them. The features are described as follows: -Software Security Paradigm: The software security paradigm represents the groups of software applications that share some common characteristics. Security paradigm refers to where all the security engineering concepts pertaining to the development of security are applied. For example, Web application security, desktop application security, mobile security, etc., [17]. -Subject Area: It signifies domains that a security application belongs to. For instance, Banking, Defense systems, health, Travel, etc. It signifies the vital elements of the security attributes of the software. The security feature is related to the software as well [25]. -Security Language: It signifies the programming language used to improve a secure application.
For example, Java, JavaScript, and other high-level security languages [26].

6511
-Secure Technology: It represents a collection of security tools and frameworks that are used along with programming languages to develop security, for example, Web security framework toolkit, SDK, OWASP guidelines [27]. -System Security Structure: It contains the secure structure in which the application has to be implemented. For example, Secure Database management system and other run time platforms -Security Tool: Security tools consist of the concrete structure that is implemented towards the specification of security in the application. For example, HTML Purifier [25]. Figure 2 shows the complete hierarchical structure including the interrelationships of the software security domain model and the application context model. Authors tried to create hierarchical relationships between both of these sub-attributes. Software security domain model and its attributes contain specific phases of security development such as security requirement, construction practices, verification, and validation practice and security error which further depend on their sub-attributes which are design practice, coding practice, code review practice, testing practice, design flaw, and coding error. Application context modeling contains artifacts such as software security paradigm, subject area, security language, secure technology, system security structure, and security tools.
The hierarchical structure of the ontology-based context model shows that different artifacts and factors decide the modeling of the context model. But their contribution to modeling is not known. To know the different contributions of each artifact, a qualitative analysis of the ontology-based context model is to be done.

Evaluation criteria a. Context-driven security modeling criteria
Model-driven or context-driven security is a contemporary topic for which the software developers are being asked to carry out security tests. But, quite often, security developers confront the dilemma of where to start and where to end this and in which context should they start their test. Context-driven security modeling is an apt solution for such questions and ambiguities [27]. The criteria on which the security-based context modeling should be done are also the reasons for this confusion. In this research, the authors are focusing on the criteria with their defined priority to ease the problems of developers. Table 2 shows the different criteria on which the context-driven modeling should be done.
Thus, the non-deterministic contextual information is what is available at any point in time. The ontologies and the value ranges cleared herein provide means to address these issues by confining the unpredictability of contextual data. Figure 3 shows the interrelationships between the artifacts of context driven security modeling. Table 2. Context-driven security modeling criteria Usability The usability of the software or application is the first which is affected while ensuring security. For this reason, researchers usually call security and usability two different sides of a coin. Hence, ensuring both is a challenge and priority as well [28]. Usability is termed as the ease of use and learnability of software. The degree of usability defines how easy it is going to be for the end-user to handle the system. Quality The quality of the application system is well affected by its security. Ensuring quality increases the reliability of the user to the system, as it believes that the specified requirements are fulfilled. For this reason, quality becomes an important and considerable artifact of context-driven security modeling [26]. Applicability A model is developed for a specific reason and its applicability for that reason should be higher. This attribute considers the usability and applicability of the context model within existing infrastructures [25]. Comparability Different applications of the same system give different results. Hence, it is essential to deliver a means to compare values including different units and encodings, etc., Thus, the comparability of the model should be considered while designing it [28]. Traceability To provide adequate information about the context and origin, the formulations of tools should be known to the developer. Here, the traceability of the system becomes important in the context-based ontological system [26]. Acceptability Acceptability deals with the accordance or agreement of measured or derived information with the well-defined context model. A model should define the range that a context value can take, or define a particular co-existence of values to be impossible [29]. Inference Inference can be defined as the conclusions drawn by evidence collected. In context model terms, the process of making context information is openly available from other context sources [30].
b. Ontology security management criteria The second set of criteria is used to assess the ontologies of security management including flexibility, extensibility, and completeness of the ontology, consistency, and granularity of the concepts and properties, as well as the flexibility applied. The description of each artifact is given in Table 3. The growing dependency on secure systems preserves the need for ontology development of security management. Ensuring the consistency of ontology developed for security management is important and largely depends  Table 3. Although every artifact contributes to the production of a better ontology for security management, still there are some artifacts that should be given preference over others. Hence to quantify the preference of artifacts, the authors propose a methodology followed with Fuzzy AHP to quantify the priority of ontology security management artifacts. Figure 4 shows the interrelationships of artifacts in the ontology of security management. Reuse of knowledge and specification process of security requirements during software development is an important concern [31]. Increasing the reusability improves the expansion of using the ontology among many other tasks. Flexibility Flexibility is essential in managing policies across multiple domains, flexibility in the level of abstraction, flexibility across different environments, etc. There are multiple scenarios faced in ontology security management that need flexibility. Hence, it appears to be an important cognition in ontology-based security management criteria [32]. Extensibility Extensibility refers to the possibility of extending new definitions to the ontology without altering the existing dependencies. The strength and new updates that an application can accept can be defined under extensibility [33]. Granularity Granularity is related to collating different concepts to create a better ontology for security management [34].

Consistency
A consistency check is about testing the existence of obvious or understood flaws in the signified ontological security management model [35].

Completeness
An ontology for security management is said to be complete if it covers the domain for which it is developed. Completeness of ontology depends on its boundaries and limits [36].

Redundancy
This artifact tests for the repetition of logical flows. This is challenging and time-consuming [37].

Readability
Readability can be related to usability and quality as well, but in the ontology of the security management model, readability prefers checking for security policies and guidelines that are being used in security management [38]. Scalability Scalability refers to determining the scale of ontology which could be large for major applications and limited for small scale applications. The scalability of ontology also defines its boundaries [38].

RESEARCH METHOD
Till now we have defined the specific artifacts of ontology-based context model and criteria of ontology-based security management and context-driven security modeling. 10, 7, and 7 attributes were found, respectively, which affect the ontology-based context modeling of security management. Now the pertinent question that arises is that among these numbers of attributes which is a more important concern and which one is not. To solve this issue, the authors came up with prioritizing these attributes according to their weight of contribution towards their respective models. To prioritize the attributes which are in a hierarchical format, authors are using the Fuzzy AHP method for decision making. With the help of Fuzzy AHP, there is a need to assess these attributes of ontology-based context-driven modeling for ensuring the security of software for satisfaction and ease of usage. The multi-criteria problem is decomposed into a hierarchy using AHP, and it was adopted by the author [31]. It is also used to measure the priority and importance of every attribute.
Further, AHP is considered as a better method than every other MCDM method such as ELECTRE. But, still, AHP cannot resolve the uncertainty and vagueness related to the mapping of a decision maker's awareness of exact numbers. To deal with uncertainty and vagueness authors have combined AHP and fuzzy into one. In this work, Fuzzy AHP is chosen for assessing the security of ontology because context-sensitive security management is proficient in handling multiple criteria decision-making problems very easily [33]. It is also capable of converting qualitative or linguistic inputs into quantitative or numerical results. Further, the results are an effective assessment of security management in the form of weight and ranking [34]. For assessing the ontology-based security model using experts' data and reaching an agreement among the experts, this work implements the Buckley method [32] and also uses the eigenvector method to estimate the weights of attributes. The first step is to create a pair-wise comparison method from expert's opinions because the AHP method only uses the pair-wise comparison matrix to estimate ambiguity in MCDM difficulties. The Fuzzy AHP method contains four major steps which are deliberated below: The first step is describing triangular fuzzy numbers for the paired linguistic values.

Miij= (Jij1, Jij2………… Jijk) 1/k (2)
Upij= max(Jijk) In the above equations, Jijk is showing the comparative value of ij with reference to expert k, where i and j signify a pair of criteria being judged by practitioners. Value ɳij is estimated based on the geometric mean of practitioner's views for a specific judgment. Further, after the construction of pair-wise comparisons a matrix different fuzzy operation is performed on it and then defuzzification is performed. This work used alpha cut method for defuzzification [18] where alpha cut method as formulated in (4)- (6).
where 0 ≤α ≤ 1 and 0 ≤β≤ 1. Such that, ɳα(Loij)= (Miij-Loij).α+Loij (5) ɳα(Upij)=Upij-(Upij-Miij).α (6) Where α and β in these equations are used for the preferences of experts and intolerance of experts respectively. The values of α and β vary between 0 and 1. The maximum or threshold value of α is any value taken from a scale of 0 to 1, which has its membership value greater than or equal to an alpha threshold value, represented by α. Crisp sets ρα,β (Ã) simply describe whether an element is either a member of the set or not. The single pair-wise comparison matrix is expressed in (8) [32].
After evaluating a single pair-wise comparison matrix, eigenvectors have to be determined. The next step is to determine the eigenvalue and eigenvector of the pair-wise comparison matrix. To determine the aggregated weight of particular criteria, the eigenvector is calculated.
Let us assume that µ is denoting the eigenvector while λ denotes the eigenvalue of fuzzy pair-wise comparison matrix ɳij. Then, In (8) symbol I signify the unitary matrix. By applying equations (1)(2)(3)(4)(5)(6)(7)(8), the weights of every attribute with respect to all other attributes may be attained. For checking the consistency and continuing the AHP process, check the consistency ratio (CR) [31]. If CR value is less than 0.1, the AHP analysis is correct otherwise analyze the AHP process again.

RESULTS AND DISCUSSION
For implementing the abovementioned methodology of Fuzzy AHP, we prepared three questionnaires for the ontology-based context model, context-driven security modeling criteria, and ontology security management criteria. These questionnaires were distributed to experts and the profile of experts included developers, researchers, and experts from organizations. 40 valid responses were collected and according to these data and implementing equations (1)-(8) on these data, the authors came up with the results that are as follows: Table 4 represents the combined pair-wise judgment matrix for level 1 of the hierarchal tree. For simplicity, the artifacts have been named as Software Security Domain Model (C1) and Application Context Model (C2). Table 5 represents the combined pair-wise judgment matrix for level 2 attributes. For ease, the attributes have been named as security requirement (C11), Construction practice (C12), Verification practice (C13), and Security error (C14). Table 6 represents the combined pair-wise judgment matrix for level 2 attributes. For ease, the attributes have been named as software paradigm (C21), subject area (C22), Language (C24), Secure Technology (C24), System Structure (C25), and Security tool as C26.    Table 7 represents the combined pair-wise judgment matrix for construction practice at level 3. Attributes have been named as Design practice (C121) and Coding Practice (C122). Table 8 shows the combined pair-wise comparison matrix for verification practice at level 3. Attributes have been renamed as code review practice (C131) and Testing Practice (C132). Table 9 represents the combined pair-wise judgment matrix for security error at level 3. Attributes have been named as Design flow (C141) and Coding error (C142).   Defuzzification is performed using (4)-(8) from the abovementioned methodology and defuzzified matrix of each pair-wise comparison matrix is shown from Table 10 to Table 15. Table 10 shows the defuzzifed matrix of level 1 attributes and local weights have been obtained as C1 is 0.6400 and C2 is 0.3600. Table 11 shows the defuzzifed matrix of level 2 attributes and local weights have been obtained as C11 is 0.3571, C12 is 0.2705, C13 is 0.1840, C14 is0.1884. After the calculation of local weights, the final weight of each attribute is to be calculated and Table 16 is showing the final weights and with the overall priority being calculated. Figure 5 denotes the graphical notation of the final weights of attributes of the ontology-based context model. It is clear from Figure 5 that the security requirement attribute is the most significant one and system security structure has got the lowest priority amongst all.  Figure 5. Graphical representation of final weights of ontology-based context model Table 17 enlists the combined pair-wise comparison matrix for the ontology security management perspective. For the ease of calculation, the artifacts have been named as Applicability (F1), Comparability (F2), Traceability (F3), Usability (F4), Quality (F5), Acceptability (F6) and Inference (F7). Solving the fuzzified values using (1)-(4) and defuzzying using (4)-(8), we got the defuzzified values in Table 18. Weights with the priority of each attribute are also shown in Table 18. Figure 6 maps the graphical representation of the attributes of ontology security management criteria. It is evident from Figure 6 that the Comparability has the highest priority and acceptability has the lowest priority among all.   Table 19 enunciates the aggregated pair-wise comparison matrix for context-driven security modeling criteria. The attributes have been named as Reusability (A1), Flexibility (A2), Extensibility (A3), Granularity (A4), Consistency (A5), Redundancy (A6) and Scalability (A7). Defuzzification is performed using (4)- (8). The overall weights along with their corresponding priority have been shown in Table 20. Figure 7 depicts the graphical representation of attributes of contextdriven security modeling criteria. It can be seen from Figure 7 that redundancy has the highest priority and consistency has the lowest priority among all.

Discussion
This research work is focused on providing help to those developers who have no idea of security knowledge management and who don't have any idea of where to begin and when to stop. The proposed work here has taken three important model frameworks which are: ontology-based context model, ontology security management criteria, and context-driven security modeling criteria. The core intent is to prioritize the attributes or artifacts contributing to these three models. This prioritization is performed using the famous multi-criteria decision-making technique-Fuzzy AHP. This prioritization and ranking help the developers to find the highest priority attribute and make them focus on that particular attribute for managing the knowledge on security guidelines and procedures. According to the results achieved, the following points of discussion that become nodal are: -Security requirement has the highest priority among all attributes of the ontology-based context model.
Hence it might be said that security requirements are responsible for a secure and proven good ontology-based context model. -Comparability is the highest priority attribute amongst all the attributes of ontology security management criteria. From this, it can be inferred that the comparability of an ontology security management is responsible for its successful implementation. Developers should focus on the comparability of security management while preparing ontology for any software. -Redundancy is found to be the highest weighted attribute amongst all attributes of context-driven security modeling criteria. For this, the developers should focus on minimizing redundancy to prepare a context-driven model. -Fuzzy AHP is found to give precise results. Though there has been no comparison made for results, it can be done in the future using other methods of decision making.

CONCLUSION
Context-driven ontology for security management is an effective mechanism to analyze the better framework, guidelines, or tools for assuring security. This paper presents a new way of analysis of ontology-based security management modeling using Fuzzy AHP as an analysis mechanism. Furthermore, this work can assist developers in prioritizing their ontology-based framework accordingly and save the time invested in and the cost incurred over software. It also helps in making better choices, since it allows the developers to assist themselves by ranking attributes according to their specification.