Software systems safe and secure by design
The “Secure Software Engineering” workgroup researches, develops and evaluates methods and tools designed to make software systems secure from the ground up. Unfortunately, many software development processes currently in use still treat software system security as incidental. This means that security aspects are often examined at too late a stage, when securing the system correctly will quickly become expensive. The consequences are often disastrous and trigger the data leaks and other security incidents regularly observed today. Incidents such as these ultimately damage the reputations of the companies affected and cost them a significant portion of their revenue, quite apart from the real problems caused by data theft.
The workgroup’s primary aim is to avoid security problems such as these from the outset by developing software-based systems which include security as an integral part of the development process right from the very beginning. We therefore develop methods which enable software developers to ascertain all security requirements from a holistic perspective and then compare them with attack models and threat levels. In a second step, these requirements are compared with concrete implementation in program code. At this point we primarily employ automatic code analysis tools which can for example apply the techniques of static or dynamic analysis, but we also make use of tools to generate demonstrably secure program code from abstract, partly human-readable specifications.
Our research includes, but is not limited to, topics in the following areas:
- Static, dynamic and hybrid program analysis
- Automatic detection of software vulnerabilities and malware
- Secure software engineering processes
- Model-based development of mechatronic and embedded systems and of operational information systems