|DFG project "Formal Methods for Security Engineering"|
|Project Description||Research||List of Publications|
A software engineer faces several problems when applying a security engineering process. For instance, the following questions arise when security requirements are considered throughout the development process:
For instance, the following questions arise in a system-wide consideration of security requirements:
|Security Properties||Security Engineering||Security Analysis|
During early phases of the software engineering process software engineers are confronted with the problem of security requirement specification. Information-flow properties can be used to specify confidentiality and integrity requirements. Such properties pose particular problems as they cannot be expressed as a property of single system runs, but only as properties of the set of all possible system runs. We want to develop methods to integrate the specification of information-flow properties into the software development process, and to support software engineers by providing support for the choice of adequate characterisations of information-flow security.