Secure software

Laptop Security

The importance of the Internet as a platform for applications with high security demands is growing rapidly; e-commerce, e-finance, e-health, e-government etc. are gaining importance and becoming mission-critical to society.  This evolution creates a need for secure software applications, secure system software and secure network infrastructures. Research on secure software involves different aspects of security; development of secure software with attention to security in all phases of the software development process, security of state-of-the-art systems such as web application security, network security or security of embedded systems, security management etc.

Mission

Support solid, well-founded engineering approaches for the construction and management of secure distributed applications. The research focuses on the following key topics:

  • support for secure distributed software systems, based on secure components and secure software composition methodologies;
  • security through the software engineering process: the representation and realization of security/privacy/anonymity requirements and models, development techniques and methods to facilitate the construction of secure software (incl. aspect-orientation, security patterns and automation), and enhancements to the SE process for domain-specific issues (such as security principles and security metrics)
  • assurance and verification: which involves program annotation formalisms and tool support for automatic or semi-automatic static verification of safety and security properties, including absence of security policy violations, data races, deadlocks, data structure invariant violations, and forbidden memory accesses;
  • security support in middleware: with emphasis on the development of flexible policy-driven frameworks that facilitate the integration of basic and advanced security services.

Research Areas

The development process for secure software, covering security in all phases of the software development process:

  • analysis of security requirements
  • architectures for secure software
  • secure components and secure software composition
  • secure programming
  • secure programming languages
  • software verification

Security solutions for state-of-the-art systems:

  • web application security
  • security for federated embedded systems
  • security for cloud and virtual environments
  • services for authentication, authorization and audit, non-repudiation
  • network security (fixed, mobile and ad hoc networks)

Management of secure software and systems:

  • risk analysis
  • policy languages
  • architectures for monitoring and management
  • security infrastructures
  • identity management

Core security technologies:

  • cryptographic protocols and primitives
  • trusted computing
  • anonymity and privacy enhancing technologies
  • digital and anonymous credentials

Basic technologies for secure software development:

  • models for security, privacy and anonymity
  • program verification
  • new programming language constructs

Cybercrime:

  • awareness
  • prevention and detection technologies
  • identification and assessment of new vulnerabilities