An Ontology for Security Patterns

Security is a fundamental requirement that we must keep in mind when developing a system. We approach the secure construction of software through the use of security patterns, as a way to mitigate their threats. We propose an ontological approach to security patterns, with the aim of adding semantics to the elements that surround security patterns. We have added ontological descriptions to pattern descriptions to make their use more precise, to allow the development of appropriate tools to present to the developer the relevant patterns in each stage and to be able to build better pattern catalogs. A final objective would be the construction of a complete catalog where each pattern includes ontological descriptions. Our contributions are (i) a representation of security patterns in the form of ontology; (ii) examples through queries on the use of the ontology and (iii) a discussion of the possible uses of this ontology for secure software development.