In addition to functional requirements, one needs to consider aspects like confidentiality, integrity, and availability during the development of security-critical systems. Such security aspects are not properly addressed during system development so far. This is one of the main reasons why we are facing so many security problems in current IT systems.
Our aim in the project FM-SecEng (funded by the German Research Foundation - DFG) is to develop a formally justified basis for respecting security aspects throughout the software development process and for a global, i.e. system-wide, consideration of security requirements. We develop methods, techniques, and tools that can be applied in a security engineering process in order to improve the security of the resulting IT systems.
A software engineer faces several problems when applying a security engineering process. For instance, the following questions arise when security requirements are considered throughout the development process:
For instance, the following questions arise in a system-wide consideration of security requirements
Our plans include, for instance,
Information flow properties and stepwise development of secure systems