Integrating Security into the Product-Line-Engineering Framework: A Security-Engineering Extension

Christian Biermann; Christian Biermann; Richard May; Thomas Leich

doi:10.5220/0013489500003964

Integrating Security into the Product-Line-Engineering Framework: A Security-Engineering Extension

Christian Biermann, Christian Biermann, Richard May, Thomas Leich

2025

Abstract

Modern software systems are becoming increasingly configurable, often relying on Product-Line Engineering (PLE) to efficiently develop variant-rich systems while ensuring reusability. However, security considerations in existing PLE research are typically insufficient as security is often (partly) neglected or not integrated into the overall development process. To address this gap, we developed an additional layer of the PLE framework: security engineering — positioned between domain engineering and application engineering. Our results are based on a systematic review of 49 secure PLE frameworks and workflows, synthesizing their insights and our expertise in compliance with the ISO/IEC 27000 series. By following six processes and 12 activities, our iterative approach ensures that security is systematically embedded in the PLE process. We particularly highlight the importance of reusable security artifacts, secure business-process modeling, and standard compliance, aiming to facilitate the transfer of theoretical solutions into secure business practice.

Download

Paper Citation

in Harvard Style

Biermann C., May R. and Leich T. (2025). Integrating Security into the Product-Line-Engineering Framework: A Security-Engineering Extension. In Proceedings of the 20th International Conference on Software Technologies - Volume 1: ICSOFT; ISBN 978-989-758-757-3, SciTePress, pages 75-86. DOI: 10.5220/0013489500003964

in Bibtex Style

@conference{icsoft25,
author={Christian Biermann and Richard May and Thomas Leich},
title={Integrating Security into the Product-Line-Engineering Framework: A Security-Engineering Extension},
booktitle={Proceedings of the 20th International Conference on Software Technologies - Volume 1: ICSOFT},
year={2025},
pages={75-86},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013489500003964},
isbn={978-989-758-757-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Software Technologies - Volume 1: ICSOFT
TI - Integrating Security into the Product-Line-Engineering Framework: A Security-Engineering Extension
SN - 978-989-758-757-3
AU - Biermann C.
AU - May R.
AU - Leich T.
PY - 2025
SP - 75
EP - 86
DO - 10.5220/0013489500003964
PB - SciTePress