An ontology-based approach to security pattern selection

Usually, the security requirements are addressed by abstracting the security problems arising in a specific context and providing a well proven solution to them. Security patterns incorporating proven security expertise solution to the recurring security problems have been widely accepted by the community of security engineering. The fundamental challenge for using security patterns to satisfy security requirements is the lack of defined syntax, which makes it impossible to ask meaningful questions and get semantically meaningful answers. Therefore, this paper presents an ontological approach to facilitating security knowledge mapping from security requirements to their corresponding solutions-security patterns. Ontologies have been developed usingWeb Ontology Language (OWL) and then incorporated into a security pattern search engine which enables sophisticated search and retrieval of security patterns using the proposed algorithm. Applying the introduced approach allows security novices to reuse security expertise to develop secure software system