Sammendrag
Security is a cross-cutting concern in software intensive systems and should consequently be subject to careful architectural analysis and decision making. Cost-effective product line development complicates this task. Two central research questions are addressed in this chapter: 1) Is it viable to represent architectural security knowledge in a reference architecture? 2) If so, is such a reference architecture useful for security architecture design in software product lines? Initial evidence suggests that both questions can be affirmed. The main contribution of this chapter is a reference architecture that draws upon state-of-the-art techniques and practices from software product line engineering and information security and constitutes a decision support framework for security architecture design in software product lines. To validate the reference architecture, the chapter also presents our experiences from using it at three distinct companies.