tuesday october 25, 2005 preview sobenet- ii project
DESCRIPTION
Tuesday November 14, The new project in a nutshell Natural follow-up of SoBeNeT project Strategic, fundamental research for enabling secure software (IWT SBO) Specific accents and focused efforts Verification upgraded to become one of the project’s cornerstones (Towards “assurance”) Project consortium is identical DistriNet, COSIC, Ubizen (Cybertrust) Increased level of collaboration User group is continued –anyway!!! Evolving group driven by collaborations, interests, company prioritiesTRANSCRIPT
Tues
day
Oct
ober
25,
200
5
Preview SoBeNeT- II project
2
Tues
day
Nov
embe
r 14,
200
6
Agenda
16:00h Introduction and project status
17:00h Discussion: feedback and opportunities for validation
17:15h Preview of the SoBeNeT-II project
17:50h Conclusion and wrap-up
18:00h Informal gathering and drinks
3
Tues
day
Nov
embe
r 14,
200
6
The new project in a nutshell
Natural follow-up of SoBeNeT project Strategic, fundamental research for enabling
secure software (IWT SBO) Specific accents and focused efforts Verification upgraded to become one of the
project’s cornerstones (Towards “assurance”)Project consortium is identical
DistriNet, COSIC, Ubizen (Cybertrust) Increased level of collaboration
User group is continued –anyway!!! Evolving group driven by collaborations, interests,
company priorities
4
Tues
day
Nov
embe
r 14,
200
6
Project structure and work plan
4 or 5 major tracksSoftware development technologies for
securitySoftware engineering for securityTechniques to protect sensitive parts in
secure softwareAssurance: Verification of security
requirements and AttestationMonitoring and management technology
5
Tues
day
Nov
embe
r 14,
200
6
Security middleware
Component Models
Operating systems systems security
Applications: drivers and validation means From SoBeNeT
E-finance E-health E-publishing
SEC SODA
Integrated approach to develop and deploy secure software
Programming language technology
Sec
ure
Sof
twar
e E
ngin
eerin
g(P
roce
ss, A
rtifa
cts,
Aut
omat
ion…
)
Sec
ure
Dep
loym
ent
(Mon
itorin
g an
d m
anag
emen
t)
Ass
uran
ce (
verif
icat
ion,
tru
sted
com
putin
g, s
ealin
g…)
2 tracks
6
Tues
day
Nov
embe
r 14,
200
6
Discussion 1/4
Software development technologies will focus on State-of-the art programming languages Standard platforms
• .NET• WS*• J2EE
Not on traditional C/C++ programming
Based on majority of the user group
7
Tues
day
Nov
embe
r 14,
200
6
Discussion 2/4
Software engineering will focus onArchitecture driven design Increased Automation (MDD)Also address:
• Introducing metrics (hard)• Broadening set of requirements (track 5)
Not on Agile methods
Backed by majority of the user group
8
Tues
day
Nov
embe
r 14,
200
6
Discussion 3/4
Introduce efforts towards assuranceAttestationVerificationWIN-WIN COSIC DISTRINETSealing
Less relevant for the user group? Yet essential for world class results in the long run…
9
Tues
day
Nov
embe
r 14,
200
6
Discussion 4/4
“Shielding and interception” has evolved to become secure deployment. Includes focus on business management Introduces new types of requirements
• Ability to do forensics• Practice of audit, business continuity
Hence great synergy with track on secure software engineering
Long term vision: integration with the overall life cycle management of security (methodology to be public – backed by Cybertrust)
Tues
day
Oct
ober
25,
200
5
Track level details
11
Tues
day
Nov
embe
r 14,
200
6
Track 1: software development technology (DistriNet)
WP1: Identification of critical vulnerability classes Ongoing monitoring of vulnerability trends Proactive analysis of new technologies (e.g., AOSD, AJAX)
WP2: Programming models Definition of methodology for designing programming models Supporting compositions of programming models
WP3: Component models and composition Component contracts Load-time and run-time contract checking Extending support for advanced composition (AOSD, DSL’s) Secure composition of aspects
WP4: Validation for web application and services Demonstrate combinations of programming models for web
applications Define a library of reusable, composeable security services
12
Tues
day
Nov
embe
r 14,
200
6
Track 2: Software engineering (DistriNet, Ubizen)
WP1: Enablers Supporting SoA security requirements Creating security metrics Up-to-date overview of vulnerabilities and requirements
WP2: Architecture driven development Architecture definition (method, patterns) Feature interaction for security Traceability of architectural decisions Maintaining architectural integrity Supporting architectural consistency
WP3: Model driven development Definition of notations that enable transformation and verification Definition of DSL’s for specific security concerns Exploration of transformation techniques Support for traceability (from requirements to implementation) Property-preserving refinements (e.g., for security principles)
13
Tues
day
Nov
embe
r 14,
200
6
Track 3: Protection techniques (COSIC)
WP1: Self-checking code State-of-the-art study Improvements (e.g., mutually checking software guards) Proof-of-concept / implementation
WP2: Self-modifying code State-of-the-art study Analysis and attacks Improvements: code encryption Implementation
WP3: Obfuscation and white-box crypto interaction Use of random functions to improve obfuscation techniques Continuation of sobenet1 research
WP4: Encrypted code execution and encrypted data processing Homomorphic encryption
14
Tues
day
Nov
embe
r 14,
200
6
Track 4: Verification (COSIC, DistriNet)
WP1: Software attestation Study of the state-of-the art software attestation Currently only software based Identification of problems Research how to use (existing an new) software techniques
and hardware to address these problems• e.g. use of a TPM to solve the timing problem; use of smartcard
WP2: Trusted computing platforms (use of TPM) How to use trusted computing platforms to enhance software
security ….
15
Tues
day
Nov
embe
r 14,
200
6
Track 5: Management and monitoring (Ubizen, DistriNet)
WP1: RequirementsAudit requirements and solutionsBusiness management requirements and
solutionsAdministration requirements and solutions
WP2: Deployment architecturesWP3: Patterns for software engineering
track (ADD)
Tues
day
Oct
ober
25,
200
5
Discussion
Suggestions for improvement, focus, … ?