Software systems safe and secure by design

The Software Engineering Group develops methods and tools for constructing software that are safe and secure by design. Current software engineering processes often treat security as a non-functional concern that is often included in the developers' consideration only late in the development process. The results are often disastrous, leading to secure security and privacy breaches, causing companies a significant loss in reputation and/or revenue, in addition to significant personal problems that can arise with privacy invasions such as identity theft.

The prime objective of the Secure Software Engineering Group is to mitigate prevent such problems from happening in the first place, by designing software with security built in, through a constructive software engineering process that considers security from the very beginning as an important software feature and a core asset. We develop methods that allow software developers to define security requirements, attack models and threat levels, and to unambiguously state how their piece of software fulfils those requirements, preventing the stated attacks. We develop effective automated and semi-automated tools that aid software developers in this task. Tool approaches include static and dynamic analyses for large-scale software as well as compilers for generating provably correct code from high-level, human-readable specification languages.

Our research includes, but is not limited to, topics in the following areas:

  • Static, dynamic and hybrid program analysis
  • Automatic detection of software vulnerabilities and malware
  • Secure software engineering processes
  • Model-based development of mechatronic and embedded systems and of operational information systems

Conferences with the participation of the Software Engineering Group