Beyond One-Shot Security: Keeping Information Systems Secure through Environment-Driven Knowledge Evolution
Laufzeit: 01.01.2012 - 01.01.2016
Laufzeit: 01.01.2012 - 01.01.2016
At the same time, it is particularly affected by the above-mentioned risk of "software ageing". When an information system 1 handles assets of a company or an organization, any security loophole can be exploited by attackers. Advances in knowledge and technology of attackers are part of the above-mentioned environment of a security-relevant information system. Outdated security precautions can, therefore, permit sudden and substantial losses. Security in long-living information systems, thus,...
At the same time, it is particularly affected by the above-mentioned risk of "software ageing". When an information system 1 handles assets of a company or an organization, any security loophole can be exploited by attackers. Advances in knowledge and technology of attackers are part of the above-mentioned environment of a security-relevant information system. Outdated security precautions can, therefore, permit sudden and substantial losses. Security in long-living information systems, thus, requires an on-going and systematic evolution of knowledge and software for its protection. Our objective is to develop techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements. We will build on the security requirements & design approach SecReq developed in previous joint work. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process. We will develop heuristic tools and techniques that support elicitation of relevant changes in the environment. Findings will be formalized for semi-automatic security updates. During the evolution of a long-living information system, changes in the environment will be monitored and translated to adaptations that preserve or restore its security level.
People of Leibniz University Hannover
Prof. DR. Kurt Schneider
Dipl.-Inform. Stefan Gärtner
Links
(DFG-SPP) Design for Future - Future - Managed Software Evolution* (SPP 1593)
» weiterlesen» einklappen
