Security of Software for Distributed Applications (SEC SODA)
Most software developed today runs in a network connected, and hence possibly hostile environment. Vulnerabilities in distributed software can potentially be exploited from anywhere on the Internet. The goal of the SEC SODA project is to enable the development and deployment of secure distributed software applications.
The project starts from the observation that many high quality security building blocks, such as authentication technologies, authorization engines or data protection protocols are widely available. These building blocks are an essential but not sufficient enabler for building secure distributed software: most of the vulnerabilities in software systems are not directly related to these (traditional) security specific components. The SEC SODA project will address other facets of distributed software development that have a substantial impact on the global security of the software product.
More specifically, the project consists of research activities to :
- support the systematic development of security-aware software architectures in which security properties can be accommodated, as well as verified for their effectiveness
- enhance the implementation experience for developers of secure software by providing programming models that provably guarantee the absence of particular security problems, as well as by improving the integration of specialized security measures into a security-unaware, or even untrusted software artefact
- enable the trustworthy deployment of secure software via techniques of self-protecting code, encrypted execution and remote attestation
More information about the project can be found at http://distrinet.cs.kuleuven.be/projects/secsoda/