Sven Peldszus
Research Subjects
Today’s software systems tend to be used on a long-term basis, are highly interconnected, share many common parts and often process security-critical data, so that keeping up with ever-changing security precautions, attacks and mitigations is vital to preserve a system’s security. Model-based system development enables us to address security issues already in the the early phases of the software design, as in UML models. The continuous changes in the security assumptions and the design of software systems —for instance, due to structural decay— have to be reflected in both the system models (e.g. UML models) and the system’s implementation (including program models). The detection which change is necessary where has currently to be performed manually by developers.
My main research directions are to study approaches for automatically detecting and performing necessary changes on a single representation of the system and to keep all other representations synchronized with this changed representation. Allowing developers to develop systems in a model-based manner and dealing with structural decay of long-living systems.
Therefore, I am proposing a model-based approach in which design models (e.g. specified in UML), source code (e.g. written in Java) and a program model (PM) for performing sophisticated analyses are continuously synchronized for covering the different phases of software development. Security as well as variability is introduced into the different artifacts as annotations. E.g. on UML models we can the UMLsec profile proposed by Jürjens for security annotations and for variability annotations Antenna preprocessor like statements as defined in Antenna.
Publications
For all publications please look here.
Reviewing
- Reviews for: EMSE
- Subreviews for: CAISE, Journal of Systems & Software, Software Quality Journal, IEEE Transactions on Reliability
Selected Supervised Theses
- Antoniya Ivanova: On correlations between vulnerabilities, quality-, and design-metrics, 2019 (Bachelor Thesis)
- Brigitte Wiebe: Eine empirische Studie über die Korrelation zwischen Sicherheitsschwachstellen und Qualitätseigenschaften von Software-Designs, 2017 (Bachelor Thesis)
- David Mebus: Objektorientierte High-Level Datenflussanalyse, 2019 (Master Thesis)
Teaching
SoSe 2020
WiSe 2019/20
SoSe 2019
WiSe 2018/19
SoSe 2018
WiSe 2017/18
SoSe 2017
WiSe 2016/17