Description

Security requirements are always related to some extend to countermeasures of common vulnerabilities: Their goal is to require countermeasures to vulnerabilities to make a software system more secure. As such, architectural security requirements is the subset of security requirements, that consists of those security requirements which, to be fulfilled, affect the architecture of the software system in some way.

A first analysis of the GitHub project of Corona-Warn app (https://github.com/corona-warn-app/cwa-documentation) revealed that design solutions realizing architectural security requirements contain reocurring elements. The following Figure illustrates this:

Different elements of design solutions fulfilling a security requirement of the Corona-Warn App

The Figure shows different elements that play some role in the implementation of a countermeasure that can be translated to a security requirement (excerpt from the official CWA documentation: https://github.com/corona-warn-app/cwa-server/blob/main/docs/ARCHITECTURE.md#security):

“The CWA Server exposes only one endpoint – the submission endpoint. The endpoint is public (unauthenticated), and authorization for calls is granted to users who are passing a valid TAN. The TAN verification cannot be done on CWA Server, but the task is delegated to the verification server.”

In this case, the CWA Server or, more precisely, the Submission Service (orange), can be considered as the source component, which means that this is the component that introduces the vulnerabilities to be mitigitated by the solution described above. The Mobile Client (purple) is the threat actor component of the vulnerability, i.e. the component that poses the threat introduced by the source component. The Verification Service (blue) is an envolved component, i.e. it is used in some way (i.e. it is envolved) to mitigiate the threat introduced by the source component. The relationships (red) are the envolved communication channels of the source, threat actor and envolved components. The TAN information (green) is some dynamic information of the design solution that models a part of the specific countermeasure to mitigate the threat.

In this master thesis these concepts shall further be analyzed and structured. For this purpse, existing literature shall be reviewed and the documentation of the Corona Warn App and possibly other Open Source projects analyzed with regard to its security design solutions. Based on the results, the individual parts of architectural security requirements involved must be structured and classified. Then patterns and, if possible, a meta-pattern for architectural security requirements shall be developed and be evaluated in a case study.

This thesis is only available as a master thesis.