Information security becomes more and more important within the process of software development. Developers are confronted with security aspects not only at the design-level, but also during maintenance tasks. As done with the well-known design patterns, security patterns have been defined for expressing security requirements. Analogously to design patterns, security patterns offer sample solutions for recurring problems, but with a focus on security aspects. This research project aims to identify and validate security patterns in program code that are relevant for software development. We will develop a methodology and a supporting tool that allow an analyst to detect security patterns and better support security code audits. We start our project with studies with security experts to clarify the role and dissemination of security patterns in practice.
Period: 01/11/2016 -31/10/2018
Principal Investigators: Prof. Dr. Rainer Koschke, Dr. Karsten Sohr
Funding Body: DFG