Competence Center Security - Overview
Developing secure software systems
correctly is difficult Many vulnerabilities in fielded security-critical
systems have been exploited, sometimes leading to spectacular attacks.
The emphasis of the competence center on IT-Security lies in the
methodological development of security-critical systems, including the
use of formal methods and with regards to official certification.
Model-based development of secure systems using AutoFocus
of the CASE- tool
AutoFocus with security information allows the
seamless consideration of security aspects in the development process
with support of modelling, simulation, consistence checking, code
generation, verification, and testing.
UMLsec: The secure systems extension of UML
UMLsec is the so far only extension of the object-oriented Unified
Modeling Language (UML), the industry-standard in modelling. UMLsec
allows one to formulate security requirements in a system specification
in a simple and intuitiv way. The widespread knowledge of UML
facilitates use of UMLsec.
The formal specifications both in UMLsec and AutoFocus can be used to
verify security requirements. This allows certification on the highest
degree (Common Criteria, EAL 7).