Ontologies as a means to formally specify the knowledge of a domain of interest have made their way into information and communication technology. Most often, such knowledge is subject to continuous change, which demands for consistent evolution of ontologies and dependent artifacts. In this article, we study ontology evolution in the context of software security, where ontologies may be used to formalize the security context knowledge which is needed to properly implement security requirements. In this application scenario, techniques for detecting ontology changes and determining their semantic impact are required to maintain the security of a software-intensive system in response to changing security context knowledge. Our solution is capable of detecting semantic editing patterns, which may be customly defined using graph transformation rules, but it does not depend on information about editing processes such as persistently managed changelogs. We leverage semantic editing patterns for (i) generating system co-evolution proposals, (ii) adapting the configuration of standard security checks, and (iii) performing incremental security compliance analyses between co-evolved system models and the implementation. We demonstrate the feasibility of the approach using a realistic medical information system known as iTrust.

作为正式指定感兴趣领域知识的一种手段，本体已经进入了信息和通信技术。大多数情况下，此类知识会不断变化，这需要本体和相关工件的一致演化。在本文中，我们研究了软件安全上下文中的本体演化，其中本体可用于形式化正确实现安全要求所需的安全上下文知识。在这个应用场景中，需要检测本体变化并确定其语义影响的技术来维护软件密集型系统的安全，以响应不断变化的安全上下文知识。我们的解决方案能够检测语义编辑模式，可以使用图形转换规则自定义定义，但它不依赖于有关编辑过程的信息，例如持续管理的变更日志。我们利用语义编辑模式 (i) 生成系统共同进化提议，(ii) 调整标准安全检查的配置，以及 (iii) 在共同进化的系统模型和实现之间执行增量安全合规性分析。我们使用称为 iTrust 的现实医疗信息系统证明了该方法的可行性。