Safety and Security
Safety and security are two essential aspects of systems and software.
Security and privacy play an increasingly important role in our lives as a growing number of everyday devices becomes interconnected. Information that was previously handled offline is now made accessible to a myriad of devices and web services, thus providing a much larger attack surface and a bigger potential for information leakage than in the past.
One recent development is the digitalization of production, which is reflected in trends such as Industry 4.0 and the Industrial IoT. The core of this development is the connection of classical production facilities with each other and with the Internet to enable remote monitoring and the automation of supply chains. However, interconnecting systems also leads to new problems; in particular, formerly isolated production systems are now also exposed to threats from the Internet. At ISSE, we develop methods and tools to develop secure systems and to check, test and verify their security properties.
Safety aims to identify and prevent hazards that may cause economic or ecological damage, injury or even loss of lives. In order to cope with the rising complexity of the development of (software-intensive) safety-critical systems, formal methods of software engineering can be applied to the analysis of safety-critical systems: Based on formal system models, such analysis methods are able to identify all combinations of component failures of a system that may cause the occurrence of a potentially dangerous situation.
Cloud Data Security
The current trend to store and analyze large amounts of data in the cloud requires new encryption techniques to protect the confidentiality of the data while working with it.
Verification of Cryptographic Protocols
In a highly distributed digital world, in which most devices communicate with each other, it is essential that the authenticity, integrity and confidentiality of the communication partners is proven.
The ever-increasing number of connected devices and their sensors, but also new threats like tracking user behavior on the Web, require advanced techniques to detect and prevent privacy threats.
Security in the Internet of Things
In order to secure low-power devices in the Internet of Things, new lightweight cryptography and physically unclonable functions are necessary. Larger, but previously unconnected devices such as brownfield production plants require new security frameworks for controlling and monitoring.
Recent malware attacks show that security cannot be achieved if it is not explicitly guaranteed by design. New engineering methods need to be developed to guarantee security in the Internet of Things, especially in the context of Industry 4.0.
Dr. Dominik Haneberg
- Consulting in the introduction of individual security solutions in enterprises
- Support in the improvement of the developed software's security (software engineering process, guidelines for users, tools for static analysis, use of cryptography, ...)
IFlow integrates formally verified information flow control (IFC) properties and language based type systems for IFC with a software engineering approach based on model driven development.
SecureMDD is a model-driven approach to develop security-critical applications that are based on cryptographic protocols. The approach seamlessly integrates the generation of code and formal methods.
The Go!Card project provides methods for the model-based development and verification of secure Java Smart Card applications.
Institute for Software & Systems Engineering
The Institute for Software & Systems Engineering (ISSE), directed by Prof. Dr. Wolfgang Reif, is a scientific institution within the Faculty of Applied Computer Science of the University of Augsburg. In research, the institute supports both fundamental and application-oriented research in all areas of software and systems engineering. In teaching, the institute facilitates the further development of the faculty's and university's relevant course offerings.