Principal Investigator: | Prof. Dr.-Ing. Heiko Mantel |
Funded by: | DFG (German Research Foundation), within the Computer Science Action Program (Aktionsplan Informatik) |
Project Duration: | 01.08.2005–31.05.2013 |
During the development of security-critical software systems, security aspects like confidentiality, integrity, and availability need to be addressed in addition to functional and other non-functional requirements. The goal of the FM-SecEng-project was to develop novel methods, techniques, and tools that support security engineering, i.e., the development of security-critical systems. The overall objective of the project was to contribute to more trustworthy software systems by enabling the derivation of reliable, end-to-end security guarantees based on formal methods.
The scope of FM-SecEng ranged from the formal definition of security requirements by security properties through the step-wise development of software systems by composition and refinement to the verification of critical security requirements for concrete programs and for more abstract system specifications. The work-program was structured into three areas:
Within the project area A) Security Properties, the focus was on the specification of security requirements based on information-flow properties. The scientific goals were to improve the understanding of this important class of security properties, based on both concrete examples and theoretical studies; to augment the application spectrum of information-flow properties by identifying novel properties as well as by providing adequate formal definitions of them; and to support engineers in employing information-flow properties during the development of security-critical systems, from the choice of a suitable property to the use of this property.
Within the project area B) Stepwise System Development, the focus was, firstly, on clarifying the interplay between security and stepwise system development and, secondly, on supporting the rigorous treatment of security aspects in stepwise system development. More concretely, the main foundational questions were how security is affected in detail by composition and refinement (it had been known already that, in general, composition and refinement both do not preserve security); which security properties can be established by employing particular security mechanisms; and how security interacts with other system requirements.
Within the project area C) Security Analysis, the focus was on the verification of security properties, from the study of existing program analysis and verification techniques to the development of novel security analyses and their prototypical implementation. The scientific goals were to achieve a deeper understanding of the pros and cons of existing program analyses, in particular of the various security type systems; to investigate and to elaborate other possibilities for verifying information-flow security than security type systems; and to develop techniques that security engineers can employ for removing certain insecurities from systems.