Secure software

The importance of the Internet as a platform for applications with high security demands is growing rapidly; e-commerce, e-health and e-government are gaining popularity.  This evolution creates a need for secure software applications, secure system software and secure network infrastructures. Research on secure software involves different aspects of security; development of secure software with attention to security in all phases of the software development process, security of state-of-the-art systems like network security or security of embedded systems, security management and fundamental security technologies.

Mission

Support solid, well-founded engineering approaches for the construction and management of secure distributed applications. The research focuses on the following key topics:

• support for secure distributed software systems, based on secure components and secure software composition methodologies;
• security through the software engineering process: the representation and realization of security/privacy/anonymity requirements and models, development techniques and methods to facilitate the construction of secure software (incl. aspect-orientation, security patterns and automation), and enhancements to the SE process for domain-specific issues (such as security principles and security metrics)
• programming languages and verification: which involves program annotation formalisms and tool support for automatic or semi-automatic static verification of safety and security properties, including absence of security policy violations, data races, deadlocks, data structure invariant violations, and forbidden memory accesses;
• security support in middleware: with emphasis on the development of flexible policy-driven frameworks that facilitate the integration of basic and advanced security services.