Sarch-Knows: A Knowledge Graph for Modeling Security Scenarios at the Software Architecture Level

Security, as a software quality attribute, needs to be addressed from different perspectives and at different levels of the software life-cycle. One of these perspectives is the one that focuses on design decisions at the highest level, that is, at the architectural level. This paper presents a knowledge graph, called "Sarch-Knows", that models security scenarios based on the architectural design of a software system. The knowledge graph is based on different paths called scenarios, where each scenario covers the fundamental elements to meet a security property and the architectural elements on which the properties fall. This knowledge graph is being implemented as a Neo4j database on which queries can be issued to extract aggregated knowledge about security and architecture. This knowledge is scattered over many sources of documentation, like NIST, MITRE, databases, books and papers; which is why this graph can be considered as a starting option to establish an ordered scheme of this knowledge.