Authors:
Stefanie Jasser
1
;
Katja Tuma
2
;
Riccardo Scandariato
2
and
Matthias Riebisch
1
Affiliations:
1
Universität Hamburg, Germany
;
2
Chalmers and Gothenburg University, Sweden
Keyword(s):
Software Architecture, Security by Design, Privacy by Design, Secure Software Architecture, Architecture Erosion, Architectural Decay, Architecture Violations, Architecture Conformance Checking, Architecture Compliance Checking, Security Constraints.
Abstract:
Today, security is still poorly considered in early phases of software engineering. Architects and software engineers still lack knowledge about architectural security design as well as implementing it compliantly. However, a software system that is not designed for security or does not adhere to this design can hardly meet its security requirements. In this paper, we present an approach we are working on. The approach consists of two parts: Firstly, we improve the architecture’s security level through model transformation. Secondly, we derive rules and constraints from the secured architecture in order to check the implementation’s conformance. Through these activities we aim to support architects and software developers in building a secure software system. We plan to evaluate our approach in industrial case studies.