2. Critical
Infrastructure
TerrorismCrimeCyber Natural
Disasters
Integrating Framework for Threats and Risks
What we need is an integrating framework that
supports automated data mapping
Sharing &
Analytics
Sharing &
Analytics
Sharing &
Analytics
Sharing &
Analytics
Sharing &
Analytics
An integrating framework that helps us deal with all aspects of a risk or incident
A federation of risk and threat information sharing and analytics capabilities
OMG Threat & Risk for STIDS 2015 211/18/2015
4. Goal: Conceptual (Semantic) Models are
Understandable and Precise
• Capture, disambiguate and precisely describe stakeholder
business semantics
• Represent business semantics so stakeholders can
understand and validate them
• Leverage business semantics with automation for
efficiency and reduced risk
• Top down and bottom up discovery and formalization
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 4
5. Do it with standards!
Semantic Modeling for
Information Federation
In-Process OMG Standard basis for the Federation Engine and CCM
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 5
http://smif.modeldriven.org
7. Semantic Reference Models Provide
Unambiguous Shared Meaning
▪ Without shared meaning there can be no communication, analytics, or
collaboration.
▪ Ambiguity in shared meaning introduces risk, redundancy, time and costs.
▪ A model of unambiguous shared meaning can reduce time, cost and risk
when that model is realized as part of enterprise capabilities.
▪ Example: FIBO – the Financial Industry Business Ontology, provides such
unambiguous shared meaning that can be leveraged in the financial industry.
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 7
8. Reference Concepts and Data – Examples
Humans share
a concept of
“mass” or
weight – all
physical things
have a mass.
Mass in data elements
• May have different labels
• Use different units
• May be required, optional or
excluded
• May be past, current, expected,
recommended or allowed
• May be represented using
various data types (int, real,
string, etc.)
But it’s the same mass of the
same individual!
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 8
<weight>119</weight>
This is not a weight, it
is a representation of
a weight in XML –
data about the person
9. Customer
Data
Same customer, different needs
9
Customer
Definition(s)
Stakeholders
Customer DB
Customer
Analytics
Customer
Reporting
New customer
message
Customer
Maintenance
Customer
Acquisition
Process
Customer
Rules
Concepts of
“customer” can be
fuzzy. The
semantic model
relates and
differentiates
them.
Customer
Value Chain
10. Semantic Mediation based on reference concepts
We need to understand
▪ What the shared concepts are
▪ How the various information
syntaxes represent those
concepts
▪ What the are rules for
translating between schema
in various context, based on
shared meaning
▪ Data represents concepts
10
Reference
Concepts
Information
Syntax
RepresentsInformation
Syntax
Information
Syntax
Semantic
reference modelMapping Rules
Data & Message
Models
NMWS 2018, Copyright (c) Model Driven Solutions Inc.
11. Simple Use Case
▪ There are databases for individual, corporate and institutional clients,
departments, contractors and employees scattered across multiple databases in
multiple applications of a financial institution
▪ Each of these entities can impact the enterprise in some way, some may sign
documents for others.
▪ For compliance, the enterprise needs a unified view of basic information about
these entities, legal name – official address, etc.
▪ But, different applications and databases use different terms and technologies –
they are dis-integrated!
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 11
12. FIBO provides a model library of concepts we
may need
We pick those
concepts we need for
our purpose
We may also add
extensions
(I don’t expect you to read
this model, it is just for
illustration)
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 12
13. FIBO Concepts needed for this capability
as a table of definitions (Example subset)
Concept FIBO Definition
legal person any entity which can incur legal obligation and can be sued at law
legal entity a partnership, corporation, or other organization having the capacity to negotiate
contracts, assume financial obligations, and pay off debts, organized under the laws of
some jurisdiction
natural person A person of maturity who in the eyes of the law is able to assume obligations.
signatory Some agent who has the capacity to sign contracts on the part of some legal person
designates signatory designates a party able to sign contracts on the part of the legal person (property)
has legal name the name used to refer to an person or organization in legal communications (property)
Most business stakeholders can understand these definitions, directly out of FIBO.
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 13
14. Here is a UML model of FIBO concepts for this
need.
CCM Is the Conceptual UML tool used for FIBO!
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 14
15. FIBO with Extension Concepts
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 15
OWL Concepts are made more conceptual and extended for a stakeholder
16. Concepts to Capabilities
Choosing the technologies
▪ FIBO comes “out of the box” as OWL (Web Ontology Language) and UML.
▪ OWL can be used directly in OWL based semantic applications
▪ Other technologies can be “provisioned” from the models using automation
▪ No one technology will be right (or approved!) for all purposes
▪ Implementation technologies will change
▪ Supporting & integrating legacy systems and enterprise frameworks is essential
▪ The choice of technology independence is the only reasonable choice
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 16
17. Concept models provide Unambiguous Shared
Meaning regardless of the technology.
SQL
XML
Business
Rules
Graph
Databases
Big
Data
Analytics
Automation can help create or map schema and data based on the FIBO models
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 17
Java
18. Leveraging a core federating technology
Federating
Technology
SQL
SQL
SQL
XML
Big
Data
Inputs
Outputs
Generated
Typically a graph database
(Including Semantic Web/RDF)
or a relational DBMS
May have programming language API
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 18
19. 19
Federation Engine ™ Implementation Preview
“SMIF Full”
RDF Repository
SMIF
UML Models
Java API
UML
Facet
Eclipse
UML
Java
Facet
RDF/OWL
Facet
Java
Rules
ERGO
Rules
Facet
SQL
Facet
XML
Facet
JSON
Facet
Planned
API Generated
from SMIF Model
by API
Each facet provides an adapter
between external data and a
SMIF counterpart at any meta-
level. A SMIF Object may have
multiple facets.
Mappings & federations are
(conceptually) between SMIF
objects.
Analytics
Implements SMIF
Semantics as
Java code
TABLE
Facet
ERGO
(Flora-2)
Rules
Engine
Formal Semantics
20. Generation of a Java API makes ontologies more
accessible to developers
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 20
public interface TradingPartner extends LegalEntity{
public static final String Type_TYPE =
"https://www.myEnterprise/spec/TradingPartner";
// Traverses “has trade agreement” returns many “Trade Agreement”
public Iterator<TradingAgreement> getAll_hasTradeAgreement();…
Java API
Produced by
Federation
Engine
Java interfaces can be used with any
back-and datastore via adapter
facets
21. Java interface for Legal Person
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 21
public interface LegalPerson extends ...TopLevel.Entity { …
public static final String LegalPerson_TYPE = ".../LegalEntity/LegalPerson";
public static LegalPerson make_LegalPerson(Resourced resource);
public ...LegalEntity.PostalAddress get_legalAddress()
public ...LegalEntity.LegalPerson.legalAddress_Interface traverse_legalAddress()
public ...LegalEntity.LegalPerson.legalAddress_Interface set_legalAddress(Resourced resource,
...LegalEntity.PostalAddress value)
public ...LegalEntity.Name get_legalName()
public ...LegalEntity.LegalPerson.legalName_Interface traverse_legalName()
public ...LegalEntity.LegalPerson.legalName_Interface set_legalName(Resourced resource,
...LegalEntity.Name value)
public Iterator<...LegalEntity.Signatory> getAll_designatesSignatory()
public Iterator<...LegalEntity.SignatoryAssignment.designatesSignatory_Interface> traverseAll_designatesSignatory()
…}
Traversals
through
relationships
22. Java Interface for Signatory Assignment
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 22
public interface SignatoryAssignment extends ...Associations.Association {
...
public static SignatoryAssignment make_SignatoryAssignment(
…Resourced resource,
...LegalEntity.Date dateOfAssignment_value,
...LegalEntity.Date dateOfCancellation_value,
...Signatory designatesSignatory_value,
...LegalPerson maySignFor_value ) throws ModelException;
...
public ...Date getValue_dateOfAssignment()
public ...Date getValue_dateOfCancellation();
void set_dateOfCancellation(...LegalEntity.Date dateOfCancellation_value);
...
}
23. Bi-directional transformation between UML and
OWL is provided by CCM
….
<owl:ObjectProperty rdf:about="&MyEnterprise;hasTradingPartner">
<rdfs:domain rdf:resource="&MyEnterprise;TradeAgreement"/>
<rdfs:range rdf:resource="&MyEnterprise;TradingPartner"/>
<rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string">has trading partner</rdfs
</owl:ObjectProperty>
<owl:Class rdf:about="&MyEnterprise;TradeAgreement">
<rdfs:subClassOf rdf:resource=“;fibo;Agreement"/>
<rdfs:subClassOf>
<owl:Restriction>
<owl:onProperty rdf:resource="&MyEnterprise;hasTradingPartner"/>
<owl:minQualifiedCardinality rdf:datatype=“&XSD;nonNegativeInteger">1</owl:minQualified
<owl:onClass rdf:resource="&MyEnterprise;TradingPartner"/>
</owl:Restriction>
</rdfs:subClassOf>
<rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string">Trade Agreement</rdfs:la
</owl:Class>
….
SMIF UML
FIBO-OWL
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 23
24. Here is the “legal
entity” concept in a
popular ontology tool
– “Protégé”
Most ontologists can utilize
OWL for semantic applications
or linked open data
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 24
25. Mapping to (XML Schema example)
<complexType name="LegalPerson">
<sequence>
<element name="hasLegalName" type="string"></element>
<element ref="le:designatesSignatory"></element>
</sequence>
</complexType>
<complexType name="LegalEntity">
<complexContent>
<extension base="le:LegalPerson“/>
<sequence>
<element ref="le:designatesSignatory“/>
</sequence>
</extension>
</complexContent>
</complexType>
<complexType name="NaturalPerson">
<complexContent>
<extension base="le:LegalPerson">
<attribute name="isSignatory" type="boolean"></attribute>
</extension>
</complexContent>
</complexType>
<element name="hasLegalName" type="string"></element>
The FIBO model plus technology
specific choices generates and/or
maps to technology artifacts
Filtered reference concepts
Resulting XML Schema
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 25
26. Is processed by
ERGO rule in
manually produced
“Ergo Semantics”
Experimental: Mapping to logic based rules
engine (Flora-2 / ERGO)
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 26
UML
Generalization
“Fact”
Maps To Instance Of
SMIF Model
Generalization
LegalEntity_LegalEntity#LegalEntity_hasSupertype_LegalPerson:Types#Generalization[
Generalization#hasSubtype -> LegalEntity#LegalEntity:Types#Type,
Generalization#hasSupertype -> LegalEntity#LegalPerson:Types#Type].
?subtype :: ?supertype :- ?proposition:Types#Generalization[
Generalization#hasSubtype -> ?subtype,
Generalization#hasSupertype -> ?supertype ], inContext(?proposition).
LegalEntity#LegalEntity :: LegalEntity#LegalPerson.
Implies ERGO
Formal Semantics
ERGO
Supertype
Fact is an
generated
association
instance.
Facts can be
contextual,
but we will not
think about
that yet..
In instance of
Generalization
defined in
SMIF
27. Take away: Multiple
technologies can be utilized
as a “hub” based on a
conceptual model
Mapping semantics defines views of model for a specific purpose
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 27
28. Mapping Semantics
Concepts and context provide the foundation, but one more piece is required for mapping and federation
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 28
28
Reference
Concepts
Information
Syntax
RepresentsInformation
Syntax
Information
Syntax
Data Represents Concept
29. Legacy models: Representing the STIX
physical model
omplexContent>
<xs:extension base="stixCommon:IndicatorBaseType">
<xs:sequence>
<xs:element name="Title" type="xs:string" minOccurs="0">
<xs:annotation>
<xs:documentation>The Title field provides a simple title for this Indicator.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Type" type="stixCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Specifies the type or types for this Indicator.</xs:documentation>
<xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The defa
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabula
</xs:annotation>
</xs:element>
<xs:element name="Alternative_ID" type="xs:string" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Specifies an alternative identifier (or alias) for the cyber threat Indicator.</
XML Schema is
reverse
engineered into
UML. Next
version of STIX
will have native
UML model.29 11/18/2015
31. Data represents concept
Green line is “Represents”
Represents
Mapping
Rule
STIX XSD
Concepts
OMG
Threat &
Risk for
STIDS
2015
31 11/18/2015
32. 3/201432
Copyright (c) 2012-2014 Data Access
Technologies, Inc. as Model Driven
Solutions
Mapping Rules Example
Elements
and
Patterns of
Concepts
Elements
and
Patterns of
Data
33. NMWS 2018, Copyright (c) Model Driven Solutions Inc. 33
SMIFConceptModelingProfile
34. Concept Libraries
Don’t start with a blank model! Many concepts can be reused across domains (but not all of them).
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 34
39. Model Driven Solutions
▪ Client focused actionable architecture consulting services – enterprise and government
▪ Technology development – open source and commercial
▪ Training and mentoring
▪ Federated data as a service (in progress)
▪ Industry leadership
▪ Object Management Group
▪ Board of directors
▪ Multiple standards groups – Executable Models, Federation, UML, Threat Management, Finance, Others
▪ FIBO
▪ Leadership team
▪ Ontologists
▪ Executable UML
▪ Standards lead
▪ Authors of open source and Magicdraw implementations
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 39
http://www.modeldriven.com
Cory-c (at) modeldriven.com
40. Modeling constructs
used to define conceptual
reference models
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 40
42. ▪ Roles define what something is for or how it behaves in a certain context, not “what it
is”. A “relative thing”
▪ A role is a <<Facet Of>> what it can be a role of.
▪ An entity can play any number of roles and these roles may change over time.
▪ Roles can be contextual and specialize other roles
▪ Roles are usually established by relationships
5/24/2018 42Threat & Risk
Roles
43. ▪ Phases (or states) are classifications of objects over their lifetime. A “Relative thing”
▪ Examples: Child, Teenager, Adult or Invoiced, Late, Paid
▪ May be combined with other types using unions and intersection (e.g. teenage driver)
5/24/2018 43Threat & Risk
Phases
44. ▪ Relationships are meaningful atomic concepts involving a set of other entities or relationships. A “Mediating
thing”.
▪ There can be any number of related “ends”, but two ends is most common
▪ Relationships are atomic & static “Situations”, the involved ends do not change over the lifetime of the
relationship. The context and “truth value” of the relationship may change.
▪ Relationships are temporal – exist for a timeframe. The timeframe of a relationship may or may not match the
timeframe of the “ends”
▪ Relationships may be involved in other relationships and may have characteristics
▪ We refer to these independent relationships as “first class” relationships.
Oct. 2017 44
Relationships
45. 5/201745
Copyright (c) 2012-2017 Data Access
Technologies, Inc. as Model Driven
Solutions
Every Concept has a Definition
Social Agent
Model-Generated Definition:
A kind of Actor. A valid occurrence may have the following properties:
•constrained by any number of occurrences of Policy.
Definition: An actor that may have responsibilities - people and
organizations. Actors in general may include automated entities and
even, in some context, animals. Social agent excludes these other
kinds of actors by including (at this time) only people and
organizations.
What responsibilities a particular person or organization may have at
any particular time is the subject of law and social constructs. A social
agent is distinguished in that a person or organization may have such
responsibilities in their lifetime.
[NIEM] EntityType
[DOLCE] Social Agent
Classes, relationships,
relationship-ends and properties
are all individual concepts
Social Agent:
46. ▪ Properties encompass the “ends” of associations and relationships, and characteristics
▪ Like everything else – properties have types (property types) and instances (called
bindings)
▪ Properties can be specialized and restricted
▪ Models typically define property types
▪ Specialized properties may be “virtually derived”, not define a new concept but restrict
an existing one. These have no name or the same name as their super-property
▪ Property specialization is either a “subset” or redefines (equivalent set)
Oct. 2017 46
Specializing properties
47. ▪ Subset properties define subtypes of other property types (ends of associations or
relationships, characteristics, etc).
▪ Extent of subset property is a subset of super-property
▪ May tighten constraints – multiplicity, type, etc.
Oct. 2017 47
Subset properties
48. ▪ Redefined properties define subtypes of other property types (ends of associations or
relationships, characteristics, etc) and replace the super-property in the given
context.
▪ Extent of redefined property is the same as the extent of super-property
▪ May tighten constraints – multiplicity, type, etc.
Oct. 2017 48
Redefined Properties
Restriction Example
50. ▪ For numeric characteristics, we want to know
what it means (e.g. Temperature), not the
kind of number (Real).
▪ <<Quantity Kind>> is an aspect common to
mutually comparable quantities represented
by one or more units.
▪ A “unit value” represents a quantity kind,
there are multiple units representing
temperature.
▪ A physical representation would then
represent the unit as some kind of number in
a specified unit.
5/24/2018 50Threat & Risk
Quantity Kinds & Units
52. Oct. 201752
Modeling with first class roles &
relationships
(Note that relationships can be
temporal – be “true” only for a time
period)
53. Value propositions for change
▪ Data is an enterprise asset, not just an application enabler.
▪ Reduction of business risk .
▪ Reduction of I.T. related risk, including cyber security.
▪ Improved integration between systems and with external stakeholders.
▪ More effective I.T. – more capabilities / $, reduced time to market and overhead.
▪ Scalability of I.T. processes to enable business growth and change.
▪ Single source of the truth for data and designs.
▪ Reduction of data, process, rule and implementation redundancy.
▪ Enterprise analytics for better decision making.
▪ Self-service data and services to support enterprise needs.
NMWS 2018, Copyright (c) Model Driven Solutions Inc.
53
54. ▪ Expressions
• Define computations
▪ Patterns
• Define sets of entities and relationships with variables, acts as a type.
• May be asserted for a type or context
• Used as the basis for mapping
• In UML, uses structured classifiers
▪ Rules
• Define constraints or implications for a context. E.g. Multiplicity.
▪ Mapping Rules
• Defines how an information model relates to a conceptual reference model
▪ Based on pattern matching
• Multiple mappings are combined to federate or translate information
Oct. 2017 54
Additional Capabilities, not detailed here
56. Open Source & SaaS Capabilities
▪ Open source “Federation Engine” and “Federated Data as a Service” implementing FIBO
automation is in progress
▪ The Model Driven Solutions “Federation Engine”
▪ Supports multiple technologies: XML, SQL, JAVA, Flora-2/ERGO, RDF
▪ Watch http://www.smif.modeldriven.org
▪ Or contact me: cory-c (at) modeldriven.com
▪ See all your data, and the data around you
▪ In your terms, in your vocabulary
▪ In your technology of choice
▪ Federated from anywhere
▪ Shared with everyone (authorized)
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 56
58. What is context?
▪ A context is anything that impacts the interpretation or truth value of something else
▪ There are different kinds of context, contextual dimensions. Kinds of context include
▪ Time – fundamental to our understanding of the world is that things change. Most relationships and other
assertions are only meaningful in the context of a timeframe
▪ Sue’s weight was 50kg on July 1st, 2017
▪ Barack Obama was president of the United Stated 2/20/2009 until 1/20/2017
▪ Occurrences (perdurants) – things that are only true while something is happening
▪ The radar’s range will be reduced while it is raining
▪ States - things that are only true when something is in a particular condition
▪ Food services will be reduced when the power is off
▪ The computer is vulnerable when it is connected to the internet
▪ Authority - things that are only true within the jurisdiction of some authority (including geopolitical)
▪ Radar detectors may not be used within Virginia
▪ “Fairfax” is the name of a City in Virginia
▪ Interaction - things that are only true when communicating for a purpose
▪ Mortgage loan applications must include name, address, SSN and current income
58
59. Test Scenario : Control Systems
Ignoring context is dangerous!
▪ Issues with ignoring context when integrating or
federating information or processes
▪ Improper integration of information from different timeframes
▪ That prescription was for last year!
▪ Failure of trust – what information is to be trusted and why
▪ We listen to their feed, but it is all lies
▪ Violation of compliance, rules are contextual
▪ You stored that information in the EU?
▪ Consider: “Launch Missile” Vs. Test: “Launch Missile”
▪ Sorry Korea!
59
60. Context Example: Sue’s Fitness Report
NMWS 2018, Copyright (c) Model Driven Solutions Inc. 60
Army Reserve Fitness
Report
Job Application “Fun
Fitness Centers”
Bethesda Hospital
Records
Sue’s Home Scale
Concepts
in Context
61. Why would two mappings of the same data on the
same day be different? Why would the fields not be
the same?
Sue’s Physical Report
Name: Sue Plankton
DOB: January 15th, 1968
SSN: 390-55-8967
Weight: 134 lbs
BP: 122/78
Physical Date: June 3, 2017
Bethesda Hospital Records
Sue’s Fitness Report
LegalNameString: Sue Plankton
Birth: January 15th, 1968
PersonMassKG: Unknown
PersonBloodPressue: Unknown
Report Date: Jan 10th, 2018
Army Reserve Fitness Report
Job Application for Fun Fitness Centers
Sue’s Job Application
PNAME: Sue Plankton
PBD: January 15th, 1968
Social: 390-55-8967
CWeight: 134 lbs
AppDT: Jan 10th, 2018
Automated
Information
Translations
Sue’s Home Scale
Weight: 131 lbs
Taken: Dec 3, 2017
How are
multiple
sources
reconciled?
?
61
62. Context of time and data determine data
interoperability
▪ Weight measurement is in the context of the physical’s date
▪ Example data rules (data context)
▪ Army Reserve Fitness Report must include Name, DOB, May include Weight and BP if known.
▪ Job Application for Fun Fitness Centers must include name, DOB, SSN & Weight
▪ Example business rules (mapping context)
▪ Army Reserve: Recording of a solders weight must be based on a measurement within the last 60 days.
▪ Fun Fitness Centers: Recording of weight must be reported from last physical
Ontologically, all living humans have a weight. The concept of weight may be used to ground data in
multiple repositories – great!
▪ Rules for business and data context impact data mappings and therefor interoperability.
▪ Understanding context and their implications is crucial.
62
Why the same
data on the
same day may
be different in
different context
63. Sue’s Stolen key-card vulnerability situation
Situations as Context
63
Key-card stolen situation
Sue’s key-card a5-347 was stolen
Sue’s permission situation
Sue has permission to enter building-5
Key-card a5-347 situation
Key-card a5-347 is a credential for Sue’s
permission
Situations can
be aggregates
– assert
other situations
Atomic
situations are
Material or
Descriptive
relationships*
Timeframe
Feb-1 2005 to Feb 15th 2005
Timeframe
Jan-1 2005 to Jan 1 2007
Actual situations
(& relationships* )
are temporal
Timeframe
June-1 2005 to Feb 15th 2005
Timeframe
Feb-1 2005 to Unknown
Situations involve (contextualize) other, related things.
* “Material relations & relators”, see: https://inf.ufes.br/~gguizzardi/AI_IA2016.pdf