Abstract

The security of software systems is a critical requirement in today’s digital environment. Security patterns are a well-established means of supporting architects and developers in designing and developing secure software systems. However, their application remains limited. The reasons for this include suboptimal abstractions in existing pattern catalogs and limited modeling approaches for modeling security-relevant information in its entirety in the pattern description. To close this gap, as part of the SCAM research project by the Research Group Software Construction at RWTH Aachen University, a security design pattern description metamodel (SDPDM) was developed. As part of the project’s future work, this thesis provides a reference implementation of the SDPDM, which allows practitioners to collect, create, and review security patterns. We operationalize the SDPDM by implementing it in a graph database. Following an incremental process, we implement each viewpoint and iteratively refine the implementation until all elements and modeling rules are faithfully represented. We demonstrate correctness by fully instantiating the Single-Factor Password-based Authentication security pattern, yielding 286 nodes and 744 relationships that conform to the SDPDM and exercise the implementation. The instance serves as an example of how to use and work with the implementation. By implementing the SDPDM, this thesis provides practitioners in the secure design of software systems with an accessible means to use the SDPDM to collect, create, and review security patterns. Furthermore, this work establishes a structured foundation for future research on security patterns.

Resources

• Thesis report