Thorsten Koch successfully completed his doctorate on the topic of "Specification and Verification of Security Protocols and their Utilization in Scenario-based Requirements Engineering" under the supervision of Prof. Dr. Eric Bodden. Congratulations to him!
Abstract:
Security protocols play a central role in protecting the communication of software-intensive systems against cyberattacks. However, the correct specification and application of these protocols is tedious and error-prone.
When specifying security protocols, security engineers use various model checkers with different input and query languages to verify the security of the protocols. For a thorough and confident analysis, it is recommended that more than one model checker is used. Thus, security engineers need help transforming a security protocol into the input language of different model checkers to avoid the time-consuming and error-prone remodeling of the same security protocol in different languages. In addition, current requirements-engineering approaches address either functional or security-related requirements. Hence, requirements engineers need help to assess whether the applied security measures are sufficient to secure the system and whether the measures lead to conflicts with other functional requirements.
To cope with these challenges, we propose a systematic model-based approach for specifying and verifying security protocols and utilizing them in a scenario-based requirements engineering methodology. Based on a UML-compliant modeling language, security engineers can specify security protocols and automatically analyze the security by means of various model checkers. In addition, requirements engineers can systematically integrate the specified and verified security protocols into a requirements specification. Furthermore, they can validate whether the system is sufficiently secure to mitigate misuse cases.
