Abstract: Within the scope of industry 4.0 and digitalization, there is a growing danger of cyber crime and security attacks, causing huge harm for digital business. Therefore, in nowadays software development, IT-security is regarded as a quality criterion, determining the success of a product or project. Nevertheless, the complexity of security attacks, vulnerabilities and software development as a whole, complicates the reliable protection against and mitigation of security attacks.
To support software engineers to develop more secure software, this thesis shows the concept and presents a prototype of a software security rules methodology called Serum. Serum is designed to help software developers and all other project members in creating a more secure software. A domain-specific language was designed and integrated into a global knowledge management system (Sweble), to allow modeling and describing software assets, associated security attacks as well as known countermeasures. A second component, using the gathered security knowledge, was implemented, focusing on the support of software architects during the creation of a threat- and risk analysis. To facilitate the consideration of security even more a custom test- and dashboard system allows developers and test architects to monitor their contribution towards a more secure system.
The thesis should provide a basis for a holistic security support during all phases of the software development life cycle.
Keywords: IT-Security, threat analysis, DSL, Sweble, structured data
PDFs: Master Thesis
Reference: Florian Gerdes. Sweble Security Programming Plugin – Security Rules Engine. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.