Secure Software Engineering
Software engineering "Secure by Design"
Following the principle of security and privacy by design, the Secure Software Engineering Group thrives to support software developers in designing and implementing software systems that are known upfront to be secure with respect to certain attack vectors. Opposed to offensive approaches to software security, like ethical hacking, our group specializes on constructive techniques for software security. Our recipe to success is a unique novel combination of program synthesis and analysis techniques.
In our group, we develop languages, mechanisms, processes and tools that allow software developers to clearly state security requirements and, if possible, synthesize partial implementations that achieve or help achieve these requirements. In cases where automated synthesis is impossible, and a programmer hence needs to implement security features by hand, we use automated program analyses to assist the programmer in deciding whether the implementation indeed fulfills the stated security requirements.
Our research includes, but is not limited to:
- Automated methods and tools to detect security vulnerabilities in program code
- Methodologies to conduct threat modeling and risk assessment
- More secure programming models and architectures
- Cyberphysical systems secure by design, through integrated model-driven technologies
Our research is made possible through generous founding from the German Research Foundation and Oracle Inc. We receive additional funding from the German Academic Exchange Service (DAAD).
Currently open positions
Current Bachelor/Master thesis topics
Follow us on twitter!
We tweet about current research topics and news around Secure Software Engineering.
