SecuRe -- An Approach to Recommending Security Design Patterns
Alex R. Sabau, Dominik Lammers, Horst Lichter
TL;DR
The paper addresses the shortage of security experts by introducing SecuRe, a knowledge-base-driven, constraint-satisfaction-based recommender that translates security requirements into $SP$ (security patterns) and $SDP$ (security design patterns) to guide architectural design. It combines $CSP$ solving with $MAUT$ ranking, aided by Q&A elicitation and optional $LLM$ support, to generate transparent, context-aware design recommendations. An initial AuthN case study demonstrates feasibility, modeling six $SP$s across eight realization contexts and showing results aligned with expectations. Overall, SecuRe offers a practical path to reuse security design knowledge and supports architects in making secure design decisions, laying groundwork for broader coverage and future enhancements.
Abstract
Security is an important quality of software systems, but there is a huge lack of security experts. To overcome this gap, we aim to make security design knowledge reusable for architects by proposing the SecuRe recommendation approach to secure software design. It lifts design patterns and knowledge engineering concepts to security-related design recommendations for software architectures. This paper presents the central concepts of this approach, the overall recommendation process, and the first results from an initial case study.
