Back to the drawing board bringing security constraints in an architecture-centric software development process

Publikationstyp
Conference Paper
Date Issued
2018-01
Sprache
English
Author(s)
Jasser, Stefanie  
Tuma, Katja  
Scandariato, Riccardo  
Riebisch, Matthias  
TORE-URI
http://hdl.handle.net/11420/10263
Start Page
438
End Page
446
Citation
International Conference on Information Systems Security and Privacy (ICISSP 2018)
Contribution to Conference
4th International Conference on Information Systems Security and Privacy, ICISSP 2018  
Publisher DOI
10.5220/0006659904380446
Scopus ID
2-s2.0-85052017951
Today, security is still poorly considered in early phases of software engineering. Architects and software engineers still lack knowledge about architectural security design as well as implementing it compliantly. However, a software system that is not designed for security or does not adhere to this design can hardly meet its security requirements. In this paper, we present an approach we are working on. The approach consists of two parts: Firstly, we improve the architecture’s security level through model transformation. Secondly, we derive rules and constraints from the secured architecture in order to check the implementation’s conformance. Through these activities we aim to support architects and software developers in building a secure software system. We plan to evaluate our approach in industrial case studies.
Subjects
Architectural Decay
Architecture Compliance Checking
Architecture Conformance Checking
Architecture Erosion
Architecture Violations
Privacy by Design
Secure Software Architecture
Security by Design
Security Constraints
Software Architecture