To address insufficient system security stemming from gaps in security knowledge during software architecture design and a shortage of security expertise, this paper proposes a context-aware security design recommendation method tailored for architects. The method innovatively adapts design pattern paradigms to the domain of security architecture decisions, establishing a knowledge graph–based framework for modeling and mapping security design knowledge. It integrates semantic parsing of architecture description languages (e.g., UML/ADL) with a rule-driven recommendation engine. The approach enables threat-driven pattern matching and automated security design recommendations. Evaluated across five representative threat scenarios, it achieves an 83% accuracy rate in an initial case study. This work significantly enhances the reusability and practical applicability of security design knowledge in architectural practice.

Security is an important quality of software systems, but there is a huge lack of security experts. To overcome this gap, we aim to make security design knowledge reusable for architects by proposing the SecuRe recommendation approach to secure software design. It lifts design patterns and knowledge engineering concepts to security-related design recommendations for software architectures. This paper presents the central concepts of this approach, the overall recommendation process, and the first results from an initial case study.