en

(Pro-)Seminar Sicherheit und Softwaretechnik

Aktuelles

Update 24. Oktober:

  • Die Folien des heutigen Kickoff-Termins sind jetzt verfügbar. Bitte berücksichtigen Sie die darin enthaltenen Hinweise und insbesondere die Frist zur Prüfungsanmeldung (7. November).
  • Es sind nun alle Plätze in Seminar und Proseminar belegt.

 

Update 18. Oktober:

  • Bitte beachten Sie den geänderten Raum für das Kickoff-Meeting am 24.10.2017, 16 Uhr: Wir treffen uns in E016.

Update 11. Oktober:

  • Im Proseminar sind nun alle Plätze belegt. Im Seminar sind noch Plätze frei.. 
  • Wenn Sie sich in KLIPS zur Veranstaltung angemeldet, aber noch kein Thema haben, teilen Sie uns bitte eine Top 3 Ihrer bevorzugten Themen mit (s.u.). Ignorieren Sie Hinweise bzgl. Reservierung: wir werden Themen nun auch doppelt vergeben (je 1x Proseminar, 1x Seminar)..
  • Wenn Sie bereits ein Thema von uns erhalten, sich aber noch nicht in KLIPS zur Veranstaltung angemeldet haben, brauchen Sie nichts weiter zu tun.
  • Aufgrund der hohen Teilnehmerzahl wird es, 14 Tage nach dem Kickoff-Termin, eine verbindliche Prüfungsanmeldungsfrist geben.

Informationen:

  • Kickoff-Termin: Der Kickoff-Termin zu diesem Seminar findet am 24.10.2017 um 16 Uhr in Raum E016 statt.
  • Themenvergabe: Weiter unten auf dieser Seite finden Sie 20 Themenvorschläge. Melden Sie sich per E-Mail bei Prof. Jan Jürjens (juerjens@...) und Dr. Daniel Strüber (strueber@...) mit einer Top-3-Liste Ihrer bevorzugten Themen und einer Übersicht Ihrer bisherigen Studienleistungen. Die Themenvergabe erfolgt bei mehrere Interessenten evtl. nach dem "first come, first serve"-Prinzip.

Vorlagen

 

Abstract

The participants will get to understand the requirements on security-critical systems and its types of threats. They will get an overview of the existing techniques to avoid security risks and to repel threats. They will get to know of the special features of the management of security-related software projects, the benefit of security expenses and the relevant standards and regulations. Finally, they will have concentrated on model-based techniques for developing security-critical systems as well as analyzing and re-engineering of existing software, being able to evaluate gained practical experience and to get an overview of existing tools and its performance.

Guiding themes

The development and maintenance of trustworthy and security-critical systems are big challenges. There are many software-intense systems designed, implemented and in use that have serious security issues. We know from experience as well as from headlines about spectacular malfunction of systems or about successful attacks on them. The reasons are manyfold. Sometimes the developers' required security awareness is missing, often the required knowledge for development processes, methods, techniques and tools is missing or they are not used as one supposes not to be able to afford a high time and cost expenditure with the current competitive pressure. In relation to the engineering or re-engineering of security-critical software systems the following questions need to be answered:

 

  • Which methods do exist for a comprehensive risk management with which experts are able to perform a complete analysis of the security risks of business processes and workflows and to derive proposals for appropriate treatments?
  • Which methods do exist for the engineering or re-engineering of security-critical software systems for the selection of suitable development processes and suitable tools as well as quality assurance?
  • Which tools do exist to automatically analyze e.g. business processes, UML specifications, source code and configuration files towards security?
  • Is it possible to intuitively specify security requirements with UML or CASE tools for example, such as AutoFocus? Do tools exist for simulation, consistency checking, code generation, verification and testing of security aspects?
  • Are the created models usable as documentation for certification against relevant standards?

 

Blockseminar

This seminar will take place as a two- or three-day block seminar at the end of the semester.

      Seminar topics

      1. Privacy and data protection impact assessment

      This topic has been reserved by a participant.

      According to Article 35 of the General Data Protection Regulation (GDPR), the data controllers are obligated to conduct a privacy impact assessment to ensure the protection of sensitive data. Failure to properly protect sensitive data may affect data subjects (customers) negatively, and damage the reputation of data processors. Conducting the proposed PIA methodology implies that the design of a system is analyzed and where necessary appropriate security and privacy measures are suggested to technically improve a concrete system design.

      Introductory literature:

      2. Identification and analysis of privacy threats and harmful activities

      This topic has been reserved by a participant.

      Ensuring data protection and privacy has become a major problem for enterprises that require personal data of their customers to perform their IT services. A few systematic approaches on the identification and the analysis of privacy threats exist. In this seminar work, the current approaches on the analysis of privacy threats and harmful activities are introduced.

      Introductory literature:

      3. Blockchains

      This topic has been reserved by a participant.

      Blockchains are currently enjoying great interest in order to, for example, automate transactions between companies and their suppliers, customers and partners. In doing so, blockchain protocols such as Bitcoin and Ethereum allow the ownership of assets beyond trust boundaries to be transmitted automatically. The presentation provides an overview of the underlying concepts and a comparison between the currently available implementations.

      Introductory literature:

      4. Data exchange platforms

      This topic has been reserved by a participant.

      The Industrial Data Space and the European Open Science Cloud are platforms that enable companies and scientific institutions to exchange data (e.g. in the context of industry 4.0 or scientific studies) in order to gain new insights and provide new data analysis services. The presentation provides an overview of the current state of the two initiatives and, in particular, a comparison of the two (with an emphasis on IT security and data protection aspects).

      Introductory literature:

      5. Security-Monitoring and code injection

      This topic has been reserved by a participant.

      Given a model of a secure system design, the system has to be implemented. There are different mechanisms to ensure and/or monitor, that certain security requirements are satisfied during the run-time of a system. Two possibilities are monitoring the code purely externally by watching access / transaction / ... logs or instrumenting the source code to connect it to assessing tools.

      Introductory literature:

      6. Security adaptation through aspect oriented programming

      This topic has been reserved by a participant.

      Software systems connected via network / internet face attacks continuously. There is a vast number of applications that depend on a working backend available via the internet to work - this especially applies to mobile shopping apps for example.
      Systems can then be adapted during run-time, but integrating this can bloat the code and lower its maintainability.
      Aspect oriented programming is a method of providing code and logic to realize crosscutting concerns seperated from the core business logic.

      Introductory literature:

      7. Domain knowledge support for RE

      This topic has been reserved by a participant.

      Knowledge about the application domain - captured in ontologies - can support requirements engineering to enable enhanced checks e.g. for completeness and consistency. To start the development process with requirements of high quality can reduce errors and security or safety issues.

      Introductory literature:

      8. Requirements Quality Metrics

      This topic has been reserved by a participant.

      Many security issues are already introduced to the project during requirements elicitation. Requirement metrics are used to identify risks of a project by locating errors in the requirements document. These metrics validate the gathered requirements by evaluating whether the requirements are complete and correct or not. Several metrics are used to measure the requirements e.g., volatility metrics check changes in the requirements, traceability evaluates links among the requirements within a document and requirements completeness metrics verifies whether the specified requirements are complete or not. Therefore multiple metrics are necessary, as one metric is not sufficient to evaluate the health of a project.

      9. Tracing security requirements from the CIM to a secure PIM design

      Today, most of the software systems operate within the context of larger socio-technical systems, they communicate by exchanging data and outsourcing tasks with other technical components, humans, and organizations. Many different approaches and methodologies have been proposed in the literature to address social security requirements from the early stage of software development. However, the artifacts produced in this development phase (computation-indepedent models, CIMs) involve the difficulty of how to use them as a basis for the system design phase (platform-independent models, PIMs).

      10. Privacy by design

      This topic has been reserved by a participant.

      Privacy plays an important role in our life, traditionally, many social scientists, philosophers, and lawyers put their concern to overcome such privacy problems. In fact, constructing a software fulfill the privacy requirements is a challenging task, because there is no unified view on privacy requirements engineering. The researchers in this field highlight the path for user privacy protection in terms of eight privacy requirements Identification, Authentication, Authorization, Data protection, Anonymity, Pseudonymity, Unlinkability, and Unobservability. However, no agreed upon methodology supports the systematic engineering of privacy into systems. System development life cycles rarely leave room for privacy considerations. This mean guiding privacy requirements from design to implementation.

      11. Empirical investigations about the use of security mechanisms

      This topic has been reserved by a participant.

      Despite considerable advances in the fields of security engineering in general and cryptography in particular, an alarming number of software applications is shipped with vulnerabilities that could have been prevented if state-of-the-art security mechanisms would have been in place. Why is there such a gap between security engineering knowledge and its application in practice? Since software development is an inherently human activity, it interesting to address this question from the empirical perspective and identify challenges and opportunities for new and improved security mechanisms..

      12. Malware detection and analysis tools

      This topic has been reserved by a participant.

      Malware has posed a threat to computer users for many years. With the global proliferation of smartphones and the ease of installing end-user applications from app stores, malware developers are now increasingly performing attacks on mobile platforms. Since sophisticated methods are used to obfuscate the intention of malware, its detection and analysis is especially challenging. This presentation gives an overview of current malware detection and analysis techniques.

      13. Measuring Software Security

      This topic has been reserved by a participant.

      Measuring and optimizing the design quality of program implementations based metrics like LCOM5 [1] is a common practice in software development. Accompanying with the increasing relevance of software security comparable metrics for measuring the security of implementations are frequently published [2,3].
      However, there are only very few works giving overviews on this important field of research [4].

      • [1] Chidamber, Shyam and Kemerer, Chris: “A Metrics Suite for Object-Oriented Design”, in IEEE Transactions on Software Engineering, June, 1994, pp. 476-492: https://doi.org/10.1109/32.295895
        [2] Wang, Wang, Guo, and Xia: "Security metrics for software systems", in Proceedings of the 47th Annual Southeast Regional Conference, March 2009, pp. 47:1-47:6: https://doi.org/10.1145/1566445.1566509
        [3] Manadhata and Wing: "An Attack Surface Metric," in IEEE Transactions on Software Engineering, vol. 37, no. 3, May-June 2011, pp. 371-386: https://doi.org/10.1109/TSE.2010.60
        [4] Chowdhury, Chan, and Zulkernine: "Security metrics for source code structures", in Proceedings of the fourth international workshop on Software engineering for secure systems, May 2008, pp 57-64: https://doi.org/10.1145/1370905.1370913

      14. Refactoring Code for Design Flaw Elimination

      This topic has been reserved by a participant.

      In object-oriented programs design flaws describe code structures opposing extendability and maintainability of programs [1]. A high amount of design flaws often results in the introduction of an above-average amount of faults which can rise security issues. The most common approach for design flaw elimination are refactorings, which are used to restructure an implementation with out changing its behavior [2]. Current research proposes strategies for automated design flaw elimination based on refactorings [3].

      • [1] Peldszus, Kulcsár, Lochau, and Schulze: "Continuous detection of design flaws in evolving object-oriented programs using incremental multi-pattern matching.", in Automated Software Engineering, 2016, pp. 578-589: https://doi.org/10.1145/2970276.2970338
      • [2] Fowler: "Refactoring - Improving the Design of Existing Code", 1999: Erhältlich in der Universitätsbibliothek
      • [3] Trifu, Seng and Genssler: "Automated design flaw correction in object-oriented systems", Eighth European Conference on Software Maintenance and Reengineering, 2004, pp- 174-183: https://doi.org/10.1109/CSMR.2004.1281418

      15. Inheritance of Security Properties in Object-Oriented Contexts

      This topic has been reserved by a participant.

      In Information Security specific security properties like secrecy are required for assets. In our working group we are using the UMLsec approach to model and verify security requirements on UML models. In this approach assets for security properties like e.g. secrecy can be members of classes whose information shouldn't be read by unauthorized entities for the secrecy case. In many approaches inheritance between objects is neglected in such approaches but recent research goes into the direction of deriving security properties from super objects or to validate if a child objects fulfills the security properties if the parent of this object fulfills the security properties. However, this questions aren't new and many general research in this direction has been done for object-oriented databases.

      16. Reflection-aware Static Security Analysis of Java Programs

      This topic has been reserved by a participant.

      Implementations of large projects with many dependencies are prone for errors and especially for security related errors like writing critical data into public accessible fields.
      Static security analysis is a approach to detect some kinds of these errors by analyzing the source code. Static analysis of source code is hardened by programming language features like dynamic typing or Java Reflection, which make static decisions about types or calls at run time undecidable in many cases. However, there are approaches to resolve concepts like Java Reflection for some cases.

      Introductory literature:


      17. Game Theory for Security Engineering

      This topic has been reserved by a participant.

      Security of systems is generally concerned with interactions between malicious and benevolent actors. Game theory can be helpful to model these interactions in order to identify optimal defense mechanisms in a given security "game". The goal of this talk is to give an overview of existing game-theoretic approaches in the context of security engineering.

      Introductory literature:

      18. Security of VoIP networks

      This topic has been reserved by a participant.

      Modern phone networks are built upon VoIP technologies instead of ISDN technologies. A number of SIP stack implementations as well as open source PBXs exist, namely Yate, Asterisk, Linux Call Router.
      In most cases, communication is transported unencryptedly, which means that the signalling data (SIP) as well as audio streams (RTP) can be read and utilized by everyone who has access to communication paths.
      In this seminar topic, the focus is on showing the security level provided by everyday PBXs and public phone providers. After that, approaches should be presented to secure the communication.

      Introductory literature:


      19. Privacy Design Strategies

      This topic has been reserved by a participant.

      Privacy design strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis. These strategies also provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies.

      Introductory literature:


      20. Requirements Engineering: Security Perspective

      This topic has been reserved by a participant.

      Requirements Engineering deals with the definition, documentation and maintenance of requirements in systems and software engineering. It is one of the most crucial areas in systems development, as mistakes introduced during the requirements elicitation often result in faulty systems or systems that do not comply with the stakeholder needs.
      Therefore, also many security issues are already introduced to the project during requirements elicitation. Especially if they are not made explicit in requirements and thereby not directly considered in the system design. Different frameworks try to close this gap and describe techniques to elicit security requirements and to document them in an explicit way that drives design decisions. Those approaches need to be integrated with the project's overall RE approach and yet to consider specific aspects of security requirements.

      Introductory literature:

       

       

      Leistungsnachweis

      The grade will be put together from the following parts:

      • a written manuscript of about 15 pages (Seminar) / 10 pages (Proseminar) length referring to the main part
      • a presentation of about 35 minutes (Seminar) / 30 minutes (Proseminar) plus discussion (limits: 30-40 minutes / 25-35 minutes)
      • active participation during the presentation of other participants
      • compliance with formal guidelines (in particular the timely and complete submission)
      • you will obtain further information during the first meeting

      The grade you receive will take into account the presentation, the written composition, the discussion after the presentations, and the reviews.

      Furthermore, compliance to the formal guidelines is vital (degradation of marks in case of non-compliance). Failing one part automatically leads to failing the whole seminar, and plagiarism in one part immediately leads to failing the seminar and will be reported to the audit committee.

      Feedback

      We are really interested in accompanying feedback to directly respond to change requests. Please express your comments subsequent to a lecture via e-mail or the anonymous contact form of our research group (in the latter case please mention the lecure the comment refers to). Many thanks!