SecureChange-eng

Security Engineering for Lifelong Evolvable Systems (SecureChange)
Típus: 
EU kutatási keretprogram
Kezdés éve: 
2009
Befejezés éve: 
2012
Partnerek: 
Università degli Studi di Trento (ITA), Budapest University of Technology and Economics (HUN), Gemalto (FRA) Institut national de Recherche en Informatique et en Automatique (INRIA) (FRA) Katholieke Universiteit Leuven (BEL) Smartesting (FRA) Open University (UK) Stiftelsen for industiell og teknisk forskning ved Norges Tekniske Hogskole (SINTEF) NOR Thales (FRA) Telefonica Investigacion y Desarrollo Sociedad Anonima Unipersonal (ESP) University of Innsbruck (AUT) Deep Blue (ITA) Technische Universität Dortmund (GER)

Tanszéki projektvezető

Tanszéki résztvevők

Contact information

Felelős: 
Dániel Varró

Bemutatás

There is growing demand to continuously evolve systems to meet changing business needs, new regulations and policies, novel technologies and computing infrastructures. Unfortunately, the pace of required change affects our ability to ascertain and maintain the quality of a system. Our objective is thus to develop techniques and tools that ensure "lifelong" compliance to security, privacy and dependability requirements for a long-running evolving software system. This is challenging because these requirements are not necessarily preserved by system evolution. The project will develop processes and tools that support design techniques for evolution, testing, verification, re-configuration and local analysis of evolving software. Our focus is on mobile devices and homes, which offer both great research challenges and long-term business opportunities. Concrete achievements will include the following:

  • An architectural blueprint and an integrated security process for lifelong adaptable systems that acts as a common framework for all the techniques and tools delivered in this project.
  • A requirements engineering methodology that supports dealing with the fact that in long-living systems, both the requirements and the implemented systems will change after the initial development has finished.
  • A security modelling notation for modeling adaptive security designs, together with formally founded automated security analysis tools.
  • An IT security risk approach able to assess the evolution of risk profiles due to the evolution of either system or attacker model.
  • Techniques and tools to verify adaptive security requirements when performing on-device software updates.
  • A model-based testing approach that supports automated testing of evolving systems for security requirements.
  • The results are continuously validated jointly with key industry players.

 

© 2010-2024 BME MIT