Model-based development of critical software is a major topic of our research. In particular we are focussing on technologies such as cloud computing and mobile computing, in which "best practices" for secure development do not exist yet. These are in particular:
The following presentations give an overview on some of our research:
Overview on the Fraunhofer Attract project "Architectures for Auditable Business Process Engineering (APEX)": slides (in German)
UMLsec is an extension of UML for modeling security properties. The corresponding tool support enables different analyses. The original definition of the UMLsec notation can be found in Jan Jürjens: "Secure Systems Development with UML", Springer-Verlag. The notation is continually being improved and extended. More information on UMLsec can be found here.
There is extensive tool-support available for the automated analysis of security properties specified with UMLsec or domain-specific languages (e.g. BPMN). See here for more information.
Our research has been supported over the last few years with more than 5 Mio. EUR by funding bodies including the following:
An overview of current and past projects can be found here.