Ontology-Driven Modeling Framework for SOA Security Patterns

Tracking #: 1539-2751

Authors: 
Ashish Kumar Dwivedi
Santanu Kumar Rath

Responsible editor: 
Marta Sabou

Submission type: 
Full Paper
Abstract: 
Securing an application based on Service Oriented Architecture provides defenses against a number of threats arising from exposing applications and data to the Internet. A good number of security guidelines are available to apply security in web applications. But these guidelines are sometimes difficult to understand and generate inconsistencies. Security guidelines are often represented as security patterns to build and test new security mechanism. These patterns are nothing but design guidelines, but they have certain limitations in terms of consistency and usability. Hence, application of security patterns may be even insecure. To resolve this problem, a suitable modeling and analysis technique need to be required. In study, an ontology-based modeling and refinement framework is proposed for the web service security. In order to maximize comprehensibility, UML (Unified Modeling Language) notations are used to represent structural and behavioral aspects of a SOA-based system. Subsequently, a Web Ontology Language (OWL) is considered to model SOA security patterns. For analyzing security requirements, description logic is used. The proposed approach is evaluated in the context of e-Health-Care system by applying the modeling framework to provide the semantic infrastructure for SOA-based security critical system.
Full PDF Version: 
Tags: 
Reviewed

Decision/Status: 
Reject

Solicited Reviews:
Click to Expand/Collapse
Review #1
Anonymous submitted on 25/May/2017
Suggestion:
Major Revision
Review Comment:

Content
The paper presents an ontology based modeling framework for security patterns in a service oriented architecture.
Authors also claim to evaluate their approach in e-Health care system.

General comments
The main issue I have with this paper is related to its focus and its actual research contribution: it tries to cover many issues, introducing several related concepts, languages and technologies (starting from very well known concepts such as UML, patterns till to MDE, web service security, OWL, DL and so on) in many different sections of the paper so that the reader is difficult to understand what is the contribution of the work.
The second issue is related to the use case presented: it is a very generic one and does not clearly show the added value of the proposed approach. In addition the example does not clearly show how the proposed methodology helps the developers in designing a secure system or in spotting eventual security breaches of their design.

Specific comments
- Sec. 3.1 (pp. 5-6): a (security) pattern is introduced. My doubt is: is that an actual (security) pattern? In my opinion it is more a general discussion about security, because it does not specify any specific security requirements of web service and their solution such as confidentiality, authentication, authorization and integrity just to cite a few.
- Sec. 3.1.2 (pp. 7-8 and Fig. 3): the dynamic aspect of a SOA security pattern
represented in Fig.3 refers to a specific use case. What happens if, for instance, the adopted authentication protocol has a different behavior? How the modeling framework cope with this variability?
- Sec 3.2: the methodology described in sec. 3.2 is hard to follow. Probably it would be useful to use some concrete examples of transformations and refinements described, in order to help the reader to better understand.
- Sec 4: the example does not clearly show how the proposed methodology helps the developers in designing a secure system or in identifying eventual security breaches of their design.
- sec 4.2.1: This section should contain only the application of the presented methodology instead of introducing new basic concepts and/or approach as it does (explanation of URI, of OWL classes and properties concepts, basic concepts of Description Logic).
- Fig. 12: ontologies are not represented in a standard way (it seems more a class diagram)

Review #2
By Elmar Kiesling submitted on 01/Jun/2017
Suggestion:
Major Revision
Review Comment:

The authors propose a hybrid approach for the composition of SOA security patterns, combining model-driven and ontology engineering techniques in a comprehensive framework.

The contribution of the paper lies less in insights about security engineering in service-oriented architectures, but rather in a methodology that may in the future leverage the advantages of two approaches that have largely been developed independently in different research communities. This may facilitate a model-driven approach that relies on both UML models and a semantic model representation in an OWL ontology, using the latter to query suitable patterns for given security requirements as well as formal verification of the constructed compositions. The paper provides a detailed overview of the proposed approach and an illustrative application in the health domain, but falls a bit short in highlighting the benefits of the comprehensive "ontology driven security framework" and methodology that introduces substantial additonal modeling effort. This could be improved both in the introduction and in the context of the illustrative application.

The paper is ambitious in what it sets out to do and reports on original and innovative work at the interface of ontology engineering and metamodeling in a security context. It fits well within the scope of the journal and could introduce new ideas on how to combine ontology engineering with model-driven engineering techniques into the Semantic Web community.

Overall, the paper makes a relevant contribtion in bridging the gap between model and ontology engineering approaches through a development methodology that combines the strengths of each approach.

However, the goals and contributions should be laid out more clearly (after reading the abstract, it wasn't entirely clear to me what this paper sets out to do).

Critically, the quality of writing and exposition must be improved substantially which requires major revisions throughout the paper before it can be considered for publication (see detailed comments below). Therefore, I recommend that the paper should not be accepted without major revision.

## Suggested structural improvements

Organization of related work could be improved. The paper touches upon and integrates multiple areas, such as SOA security (not really covered in the related work, only on the modelling level), metamodelling, ontologies, formal verification etc. The related work section provides comprehensive pointers for many of these areas, but a little more structure (subsections, named paragraphs or introductory sentences) would make it easier to navigate.

The references provided in the related work section are useful, but parts of it seem a bit like an arbitrary collection without a coherent overarching structure (particularly at the beginning: UMLSec, SecureUML,..). IMO, aiming to list everything that has been done in the "UML/Metamodeling world" related to security seems excessive without an integrative framework that links the cited contributions more directly to the topic of the paper (i.e., SOA security), but this is more a matter of taste. It would help, however, to put the cited references closer into context.

The paper is fairly difficult to read, which is partly due to the quality of writing, but may also be due to the mix of terminology from multiple domains and a lack of conceptual clarity and a somewhat haphazard way in which concepts from the different paradigms are combined.

Finally, the text is partly redundant and a bit verbose in some parts of the paper (e.g., the itemization in the introduction repeats mostly what has already been stated in the preceding paragraph).

## Required corrections

Incomplete/Unintelligible/Not meaningful sentences throughout the paper, e.g., (illustrative rather than exhaustive list):
- p. 1: "Service Oriented Architecture (SOA) is a special form of distributed systems, sharing business logics, data through a programmatic interface across the Internet makes them vulnerable to different security threats."

- p. 1: "To overcome these problems, a good number of soft- ware design solutions are available which may reuse available security solutions by using security patterns."

- p. 3: "Developing a metamodel using Meta Object Facility (MOF) for a particular do- main, such as SOA security pattern is a difficult task, for defining syntax and semantics of the new entities."

- p. 3: "Formal modeling of the available SOA design patterns need to be required."

- p. 5: "Few of them are not based on ontology, which lack proper semantic notation, interoperability, and scalability. "

- p. 6: "A number of solutions are available for the above defined problems occurred in a particular context."

- p.21: "The proposed DL notations represent the formal re-lation and sensitive axioms for the SOA-based security critical system."

- p.22: "all OWL features can be ex-pressed in SPARQL" -> not clear what you mean by that (whatn does "expressing features"? mean)

- p.23: "reuse.. the reusability"

All acronyms used - including standard ones - should be properly defined (I may have overlooked the definitions, but it seems that CIM, PIM, and PSM, for instance, are not introduced anywhere)

Other corrections:

- Figure 5: "confirmsTo" -> "conformsTo"? (also in other parts of the paper)

- Introduction: W3C and IETF are not security standards, but organizations (that among many other things, publish security standards).

- * p. 3: *"ODM and OMG can be differentiated as descriptive and prescriptive models."* -- This is highly confusing because it suggests that ODM is descriptive and OMG is prescriptive (wheras actually ODM is a specification published by the OMG).

- missing pronouns throughout the paper (e.g. "An attacker can design threat..." -> "a threat", "using security pattern",...); some unnecessary ones ("In the Table 5" -> in Table 5")

- p.19 and others: wouldn't it be more accurate to state that an attacker can design an exploit, which results in a threat, rather than "design a threat"

- p.19: "the role of web services is more prominent in web services" -> more prominent than in what?

- the word "considered" is used incorrectly in various parts of the paper (e.g., p.20: "In this ontology ‘wssr' namespace is considered" does not make sense)

p.23: "Patterns, those have good error detection and correction ability, lower data redundancy, and easy implementation, are useful for the system." -> "Patterns that have good.."; also: what does for "the system" mean?

- some figures (e.g., Figure 11) appear distorted (changed aspect ratio?) and should be fixed.

## Other suggested improvements (style)

A lot of unnecessary weasel words and phrases that add little or no meaning are used. Those should be checked and unless they are necessary be avoided to improve clarity and make the text more concise.

Examples: special, mostly, a good number, already, some, a number of,..

Incorrect gerund constructs in many places:
e.g., Security standards can be repre- sented as security patterns for making them easier to understand -> in order to make them easier to understand.

Parts of Section 3 appear a bit verbose because they merely state literally what is illustrated in the figures, with hardly any actual explaination. The text would be more useful if it discussed motivations for design choices and explained the details rather than just reiterating what is shown in the figures. Also, IMO a running example might help to illustrate the concepts and make the content more accessible.

Review #3
Anonymous submitted on 16/Jun/2017
Suggestion:
Reject
Review Comment:

This manuscript focuses on the topic of SOA security patterns and proposes an ontology-based modelling framework for these patterns.

Although the paper’s topic is interesting and fits with the general direction of the journal, the paper is overly ambitious and, as a result, lacks a clear message and a convincing contribution. An evaluation is reduced to a case study in a single domain, which is not sufficient for a journal publication. Finally, the presentation of the paper, both in terms of conceptual organization and the level of used English, lags behind the SWJ standard.

For these reasons, the paper cannot be accepted in its current form.