The MAPE-K model does not define how the knowledge has to be offered. However, in order to follow the separation of the concerns principle, we introduce knowledge as a separately identifiable architectural element by utilizing ontology orientation to represent a self-sufficient model of security concepts. Ontology can be defined as a shared knowledge standard or knowledge model, defining primitive concepts, relations, rules and their instances, which comprise topic knowledge. It can be used for capturing, structuring and enlarging explicit and tacit topic knowledge across people, organizations and computer and software systems [
31]. Several security ontologies have been listed in [
32]. In addition, our earlier work [
33] compared security ontologies from the runtime applicability and measuring viewpoints. Ontologies, designed for runtime usage, often concentrate on the service discovery and matchmaking, e.g., ontologies in [
34,
35]. However, these ontologies do not cover security measuring. In contrast, Savolainen
et al. [
36] present a security taxonomy for design time usage, which also contains a high-level security measuring part. At the moment, the most extensive security ontology is proposed by Herzog
et al. [
37], known as Ontology of Information Security (OIS). The OIS contains over 250 concepts, which describe security threats, countermeasures, assets and security goals,
etc. In this paper, security goals and countermeasures are called security objectives and mechanisms, respectively. The OIS lists the following security objectives: confidentiality, integrity, availability, authentication, accountability, anonymity, authenticity, authorization, correctness, identification, non-repudiation, policy compliance, secrecy and trust. Nevertheless, the OIS does not contain a security-measuring part. In contrast, Garcia
et al. presented the measurement terminology in an ontology form called Software Measurement Ontology (SMO) in [
26]. Consequently, we have combined the Information Security Measuring Ontology (ISMO) from OIS and SMO in [
38]. The ISMO makes it possible to present security measures via a common vocabulary and map defined measures to security concepts, e.g., security objectives and mechanisms. In the ISMO, security measures are defined in detail—containing descriptions on how the particular measuring has to be performed and how the base measures can be further combined into indicators. Hence, the ISMO offers knowledge for design-time and runtime purposes, e.g., what kind of measuring probe to implement at design time and how to utilize measuring results at runtime. This paper utilizes knowledge from the ISMO. Furthermore, context knowledge is vital for security adaptation, in order to describe an environment and user actions. For this purpose, we utilize the Context Ontology for Smart Spaces (CO4SS) [
39] in this paper. In [
40] we defined the taxonomy of context information for security. The taxonomy maps security-related context information to physical, digital and situation context levels. The physical context describes an infrastructure where the SSA is running. The digital context presents the role of the smart space, e.g., public space. Finally, the situation context describes the user’s role and activity within the smart space. Moreover, the role of the exchanged/stored data is described in the situation context.
Our earlier work in [
41] presented ontology-based security adaptation. In that work, risk-based security measures were stored in the ontology to support security monitoring. Moreover, the ontology contained knowledge about how much each security mechanism decreases the particular security risk, which supports the Planning phase. In [
40] we presented a micro-architecture for security adaptation. However, in that architecture the ontology usage was tightly coupled inside the architecture. In this article, the architecture is developed towards the MAPE-K reference model and the ontologies will be separated out to their own interoperability level,
i.e., to the Conceptual level.