Applying the knowledge base of CWE weaknesses in software design

Abstract

The article deals with the issues of organizing software weaknesses by the software architect at the stage of its design using the developed ontological knowledge base of CWE weaknesses. The main goal of this research is to analyze the software defect system based on CWE and develop an ontology model (knowledge base) of this system for software architects. The use of artificial intelligence tools, in particular the development of knowledge bases based on weaknesses, will provide new opportunities for searching and researching software weaknesses. This model being developed will be useful for application by software developers, researchers in the field of software design and cybersecurity, as well as teachers of educational institutions that conduct courses in software development technology and information security. For developers, this model can serve as an assistant and reference when designing software, since weaknesses are organized by a well-known security tactic, helping the designer to embed security during the design process instead of detecting weaknesses after the software has been created. Researchers will be interested in studying and applying software weaknesses in their work. Teachers can use this model as a reference when studying and discussing security vulnerabilities in software design or architecture, as well as the types of errors that can be made during software development. The functions of the software architect are analyzed, and an example of the built ontological knowledge base of CWE weaknesses is given.

References

[1] Bhandari P., Singh M., Formal Specification of the Framework for NSSA (2nd International Conference on Intelligent Computing, Communication & Convergence. Procedia Computer Science 92, 2016), 23-29. DOI: 10.1016/j.procs.2016.07.318.
[2] Sanjay Kumar Malik, Rizvi Sam., An ontology framework for semantic web illustrating ontology merging (7th International Conference on Next Generation Web Services Practices, 2011), 227-232. DOI: 10.1109/NWeSP.2011.6088182.
[3] Khoroshevsky V.F. "Ontology Driven Software Engineering: Models, Methods", Implementations Ontology of designing 9:4(2019), 429-448 [in Russian]. DOI:10.18287/2223-9537-2019-9-4-429-448.
[4] H. Arman, A. Hodgson, N. Gindy, "An ontology-based knowledge management system to support technology Intelligence", International Journal of Industrial and Systems Engineering 5:3(2010), 377-389.
[5] "Software Architecture", https://softwarearchitectures.com
[6] "The national chamber of entrepreneurs of the Republic of Kazakhstan Atameken", https://atameken.kz.
[7] "OWL 2 Web Ontology Language", https://www.w3.org/TR/owl2-overview/
[8] Hitzler P, Krцtzsch V, Rudolph S. Foundations of Semantic Web Technologies (Chapman & Hal l. CRC, 2009).
[9] "SPARQL Query Language for RDF", https://www.w3.org/TR/rdf-sparql-query/
[10] "A free, open-source ontology editor and framework for building intelligent systems", http://protege.stanford.edu/
[11] Sartabanova Zh., Dimitrov V. Overview of the CWE software weaknesses system (Proceedings of the international scientific conference "Problems of applied mathematics and computer science", 2017), 309-311.
[12] "CWE (2020). Common Weakness Enumeration - A Community-Developed List of Common Software & Hardware Weakness Types", http://cwe.mitre.org/
[13] Sartabanova Zh., Dimitrov V. Modelling of CWEs on the CWE-287 example (CEUR Workshop Proceedings, 2464, 2019), 90-94.
[14] "Recommendation ITU-T X.1525", https://www.itu.int/rec/T-REC-X.1525-201504-I
How to Cite
SARTABANOVA, Zh. E.; DIMITROV, V. T.; SARSIMBAYEVA, S. M.. Applying the knowledge base of CWE weaknesses in software design. Journal of Mathematics, Mechanics and Computer Science, [S.l.], v. 108, n. 4, p. 72-80, dec. 2020. ISSN 2617-4871. Available at: <https://bm.kaznu.kz/index.php/kaznu/article/view/822>. Date accessed: 20 jan. 2021. doi: https://doi.org/10.26577/JMMCS.2020.v108.i4.06.
Keywords CWE, software weaknesses, ontology, knowledge bases, software architect, Protege, Semantic Web, SPARQL