A Method for Ontology-based Architecture Reconstruction of Computing Platforms

Today’s ubiquitous computing ecosystem involves various kinds of hardware and software technologies for different computing environments. As the result, computing systems can be seen as integrated system of hardware and software systems. Realizing such complex systems is crucial for providing safety, security, and maintenance. This is while the characterization of computing systems is not possible without a systematic procedure for enumerating different components and their structural/behavioral relationships. Architecture Reconstruction (AR) is a practice defined in the domain of software engineering for the realization of a specific software component. However, it is not applicable to a whole system (including HW/SW). Inspired by Symphony AR framework, we have proposed a generalized method to reconstruct the architecture of a computing platform at HW/SW boundary. In order to cover diverge set of existing HW/SW technologies, our method uses an ontology-based approach to handle these complexities. Due to the lack of a comprehensive accurate ontology in the literature, we have developed our own ontology – called PLATOnt – which is shown to be more effective by ONTOQA evaluation framework. We have used our AR method in two use case scenarios to reconstruct the architecture of ARM-based Trusted execution environment and a Raspberry-pi platform have extensive application in embedded systems and IoT devices.

💡 Research Summary

The paper addresses a critical gap in the field of architecture reconstruction (AR): existing techniques focus either on software or on hardware, but they do not provide a unified view of a complete computing platform that spans the hardware/software (HW/SW) boundary. To fill this gap, the authors propose a two‑fold contribution. First, they develop a comprehensive ontology named PLATOnt (Platform Ontology) that models the concepts, attributes, and relationships of both hardware and software components in modern platforms. PLATOnt covers the four dominant CPU families (Intel/AMD x86, x86‑64, POWERPC, and ARM) and includes detailed classes for processors, buses, chipsets, firmware, operating systems, hypervisors, device drivers, and security modules such as fTPM. The ontology is deliberately designed to avoid the bias toward x86‑centric models found in prior work and to represent hybrid entities (e.g., a hypervisor implemented in firmware) by introducing a higher‑level “system software” class. The ontology construction follows the well‑known Noy‑McGuinness methodology: domain scoping, term extraction, hierarchical structuring, and instance creation. The authors report that automatic term extraction from CPU manuals produced an overwhelming number of irrelevant tokens, leading them to rely on expert‑driven term selection.

Second, the paper adapts the Symphony AR framework—originally a view‑driven software AR approach—to handle whole‑platform reconstruction. The extended AR pipeline consists of three main steps: (1) collection of static platform metadata (firmware images, binary manifests, hardware specification sheets); (2) mapping of this metadata onto PLATOnt to generate ontology instances automatically; and (3) use of an ontology‑based reasoning engine to infer relationships such as memory mappings, interrupt lines, security boundaries, and data flow dependencies. The output is a “integrated view” that presents a high‑level architectural diagram together with detailed HW/SW interaction information, enabling analysts to answer security, performance, and maintenance questions that would otherwise require deep manual inspection.

The quality of PLATOnt is evaluated with the OntoQA framework, which measures metrics such as class count, relationship diversity, and instance consistency. PLATOnt scores higher than existing platform ontologies on all evaluated dimensions, demonstrating its richer expressive power and better coverage. The authors validate the entire methodology through two case studies. In the first case, they reconstruct the architecture of an ARM‑based Trusted Execution Environment (TEE). The method successfully identifies TrustZone secure world components, memory protection regions, the hypervisor‑level firmware, and the interactions between secure and normal worlds, providing a clear picture of the platform’s security posture. In the second case, they apply the method to a Raspberry‑Pi board. The reconstruction reveals the SoC’s internal components (CPU, GPU, memory controller), external interfaces (I²C, SPI, GPIO), the Linux kernel modules, the bootloader, and the dependencies among them. Both case studies illustrate that the proposed approach can uncover HW/SW relationships that are invisible to traditional software‑only or hardware‑only reverse‑engineering techniques.

In conclusion, the paper demonstrates that an ontology‑driven AR approach can bridge the HW/SW divide, offering a systematic, repeatable, and tool‑supported way to recover the architecture of complex embedded and IoT platforms. The authors suggest future work on automated ontology extension, incorporation of dynamic runtime data, and scaling the method to cloud‑edge hybrid environments, thereby moving toward a universal platform analysis framework.