OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: References to Knowledge Discovery Metamodel

Hello all,

As this was brought up at the telecon on Nov 29th 2017, please find a couple of references to the Knowledge Discovery Metamodel (KDM) specification. 

The context in which this document may be relevant is a long term strategy for exporting results from SCA tools, as viewed by the OMG/TOIF community.  From this perspective, the SCA tools contribute 1) weakness findings; 2) insights into dataflows of the computation realized by the system under assessment. Such insights are, essentially, various MARKUPS to some basic facts about the software systems.

KDM provides a language-neutral, vendor-neutral vocabulary for describing basic facts about software-based systems. KDM focuses at semantics (rather than syntax) of systems, i.e. at the computation. KDM can be looked at as a high-fidelity intermediate representation of systems. The core of KDM is comprised of facts related to code, but it also includes several additional viewpoints to cover end-to-end dataflows, with the endpoints in User Interface, persistent data, and which involve interprocess communication, and state machine behaviors. KDM addresses various artifacts involved in software systems, as well as facts related to builds.

This is illustrated by slide 11 on the presentation on TOIF from Nov 8th, 2017. Integration is achieved when multiple SCA tools working on the same system under assessment, share the same viewpoints of the basic facts about the system, compliant to KDM specification, and export their results with reference to the KDM facts. The bulk of the KDM facts can them be exported once by a high-fidelity KDM exporter tool, e.g. one that extends the native compiler.

Another context, where KDM is important, is related to formal machine-consumable definitions of weaknesses that can be shared among SCA tools. From the OMG perspective, such context must be expressed in a language-neutral, vendor-neutral way, i.e. as patterns on top of KDM facts.

The full name of the specification is ISO/IEC 19506:2012 Information technology -- Object Management Group Architecture-Driven Modernization (ADM) -- Knowledge Discovery Meta-Model (KDM)

The first reference is a link to ISO store; the second link is the publicly available (and free) specification from the OMG.

The specification is maintained by the Object Management Group, and the two documents are (almost) identical. You are welcome to use the OMG link to download the document.

The current OMG version is 1.4. from December 2016.

Best regards,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]