Constraining the Implementation Through Architectural Security Rules: An Expert Study

摘要

Today, security is still considered to late in the process of software engineering. Architectural rules for security can support software architects and developers in consciously taking security into account during design and implementation phase. They allow to monitor a software system's security level. As a step towards monitoring and controlling the erosion of an architecture's security specifications we present a set of rules derived from well-known security building blocks such as patterns along with our identification process. Through these rules we aim to support architects in monitoring the implementation's conformance with security measures and, hence, in building secure software systems. The architectural security rules we identified are evaluated through expert interviews with industrial software engineers.