ABSTRACT
Today, the interplay of security design and architecting is still poorly understood and architects lack knowledge about security and architectural security design. Yet, architectural knowledge on security design and its impact on other architectural properties is essential for making right decisions in architecture design. Knowledge is covered within solutions such as architectural patterns, tactics, and tools. Sharing it including the experience other architects gained using these solutions would enable better reuse of security solutions.
In this paper, we present a repository for security solutions that supports architectural decisions including quality goal trade-offs. Its metamodel was adapted to special demands of security as a quality goal. The repository supports architecture decisions not only through populating approved solutions but through a recommender system that documents knowledge and experiences of architecture and security experts. We provide a case study to illustrate the repository's features and its application during architecture design.
- M. A. Babar and I. Gorton. A Tool for Managing Software Architecture Knowledge. In SHARK/ADI '07: ICSE Workshops 2007. 2nd Workshop on Sharing and Reusing Architectural Knowledge - Architecture, Rationale, and Design Intent, pages 11--11, May 2007. Google ScholarDigital Library
- D. Basin, J. Doser, and T. Lodderstedt. Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology, 15(1):39--91, 2006. Google ScholarDigital Library
- A. v. d. Berghe, R. Scandariato, K. Yskout, and W. Joosen. Design Notations for Secure Software: A Systematic Literature Review. Software & Systems Modeling, 2015.Google Scholar
- S. Bode. Quality Goal Oriented Architectural Design and Traceability for Evolvable Software Systems. PhD thesis, Ilmenau University of Technology, Ilmenau, Germany, April 2011.Google Scholar
- S. Bode and M. Riebisch. Tracing the Implementation of Non-Functional Requirements, pages 1--23. IGI Global, 2011.Google Scholar
- R. Capilla, F. Nava, S. Pérez, and J. C. Dueñas. A Web-based Tool for Managing Architectural Design Decisions. SIGSOFT Software Engineering Notes, 31(5), Sept. 2006. Google ScholarDigital Library
- D. Falessi, G. Cantone, R. Kazman, and P. Kruchten. Decision-making Techniques for Software Architecture Design: A Comparative Survey. ACM Computing Surveys, 43(4):33:1--33:28, Oct. 2011. Google ScholarDigital Library
- R. Farenhorst, R. Izaks, P. Lago, and H. v. Vliet. A Just-in-time Architectural Knowledge Sharing Portal. In WICSA 2008. 7th Working IEEE/IFIP Conference on Software Architecture, pages 125--134, Feb 2008. Google ScholarDigital Library
- E. B. Fernandez, P. Cholmondeley, and O. Zimmermann. Extending a Secure System Development Methodology to SOA. In A. M. Tjoa and R. R. Wagner, editors, 18th International Workshop on Database and Expert Systems Applications, pages 749--754, 2007. Google ScholarDigital Library
- S. Gerdes, S. Lehnert, and M. Riebisch. Combining Architectural Design Decisions and Legacy System Evolution. In P. Avgeriou and U. Zdun, editors, Proceedings of the 8th European Conference on Software Architecture: ECSA 2014, pages 50--57, Cham, 2014. Springer International Publishing.Google Scholar
- S. Gerdes, M. Soliman, and M. Riebisch. Decision Buddy: Tool Support for Constraint-based Design Decisions During System Evolution. In 1st International Workshop on Future of Software Architecture Design Assistants (FoSADA), pages 1--6, May 2015. Google ScholarDigital Library
- J. Jürjens. Principles for Secure Systems Design. Dissertation, Oxford University, University of Oxford, 2002.Google Scholar
- J. Jürjens. Foundations for Designing Secure Architectures. Electronic Notes in Theoretical Computer Science, 142:31--46, 2006. Google ScholarDigital Library
- A. Pacholik and M. Riebisch. Modelling Technical Constraints and Preconditions for Alternative Design Desicions. In Dagstuhl-Workshop MBEES: Modellbasierte Entwicklung eingebetteter Systeme VIII, pages 101--106, 2012.Google Scholar
- J. Ren and R. N. Taylor. A Secure Software Architecture Description Language. In Proceedings of the Workshop on Software Security Assurance Tools, Techniques, and Metrics, 2005.Google Scholar
- J. Ren, R. N. Taylor, P. Dourish, and D. F. Redmiles. Towards an Architectural Treatment of Software Security: A Connector-centric Approach. ACM SIGSOFT Software Engineering Notes, 30(4):1--7, 2005. Google ScholarDigital Library
- M. Riebisch, S. Bode, and R. Brcina. Problem-solution Mapping for Forward and Reengineering on Architectural Level. In Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th Annual ERCIM Workshop on Software Evolution, IWPSE-EVOL '11, pages 106--115, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- T. L. Saaty. Decision Making with the Analytic Hierarchy Process. International Journal of Services Sciences, 1(1):83, 2008.Google ScholarCross Ref
- M. Schumacher. Security Engineering with Patterns: Origins, Theoretical Model, and New Applications, volume 2754 of Lecture Notes in Computer Science. Springer, Berlin and Heidelberg, 2003. Google ScholarDigital Library
- M. Schumacher. Security Patterns: Integrating Security and Systems Engineering. Wiley series in software design patterns. John Wiley & Sons, Chichester, England and Hoboken, NJ, 2006. Google ScholarDigital Library
- M. Shahin, P. Liang, and M. R. Khayyambashi. Architectural Design Decision: Existing Models and Tools. In WICSA/ECSA 2009. Joint Working IEEE/IFIP Conference on Software Architecture, 2009 European Conference on Software Architecture, pages 293--296, Sept 2009.Google ScholarCross Ref
- M. Shaw. Keynote: Progress Toward an Engineering Discipline of Software. In Presentations from the program of SATURN 2015 (April 27--30, 2015, in Baltimore, Maryland). Software Engineering Institute, Software Engineering Institute, 2015.Google Scholar
- L. Sion, K. Yskout, A. v. d. Berghe, R. Scandariato, and W. Joosen. Masc: Modelling Architectural Security Concerns. In IEEE/ACM 7th International Workshop on Modeling in Software Engineering (MiSE), pages 36--41, 2015. Google ScholarDigital Library
- M. Soliman, M. Galster, A. R. Salama, and M. Riebisch. Architectural Knowledge for Technology Decisions in Developer Communities. In 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), 2016.Google Scholar
- M. Soliman and M. Riebisch. Modeling the Interactions between Decisions within Software Architecture Knowledge. In Proceedings of the 8th European Conference on Software Architecture: ECSA 2014, pages 33--40, 2014.Google ScholarCross Ref
- A. Tang, P. Avgeriou, A. Jansen, R. Capilla, and M. Ali Babar. A Comparative Study of Architecture Knowledge Management Tools. Journal of Systems and Software, 83(3):352--370, Mar. 2010. Google ScholarDigital Library
- E. Triantaphyllou. Multi-criteria Decision Making Methods: A Comparative Study, volume 44 of Applied Optimization. Springer, Boston, MA, 2000.Google Scholar
- S. Vijayalakshmi, G. Zayaraz, and V. Vijayalakshmi. Article: Multicriteria Decision Analysis Method for Evaluation of Software Architectures. International Journal of Computer Applications, 1(25):22--27, February 2010. Published By Foundation of Computer Science.Google Scholar
- B. Wynar and A. Taylor. Introduction to Cataloging and Classification. Libraries Unlimited. Inc., 1992.Google Scholar
Recommendations
Integrating security and privacy in software development
AbstractAs a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data ...
A Reflective Information Model for Reusing Software Architecture
CCCM '08: Proceedings of the 2008 ISECS International Colloquium on Computing, Communication, Control, and Management - Volume 01Reusing software architecture, which is a kind of coarse-grained software resources at design time, is always a very difficult problem in the realm of software engineer. We consider that there are two fundamental reasons for this problem: one is the ...
AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things
AbstractWith the increasing use of the Internet of things (IoT) in diverse domains, security concerns and IoT threats are constantly rising. The computational and memory limitations of IoT devices have resulted in emerging vulnerabilities in most IoT-run ...
Comments