Model-based development of critical software is a major topic of our research. In particular we are focussing on
technologies such as cloud computing and mobile computing, in which "best practices" for secure development do not
exist yet. These are in particular:
- Methods and Tools for Modelling and Verification of Security
(see Ten Year Most Influential Paper at UML 2002):
- Modelling Languages (UMLsec) and
of Security Properties in UML
- Extension of Domain-Specific Languages (e.g. BPMN) for Modelling
Security Properties (CARiSMA)
- Secure Software Engineering subject to Evolution (SecureChange,
- Environment-Driven Knowledge Evolution (SecVolution,
DFG-SPP 1593 "Design for Future")
- Security for Business Processes (APEX,
- Security in Cloud-Computing Environments (SecureClouds
(BMBF) and ClouDAT
- Modelling and Analysis of Economical Aspects of Security Measures (SECONOMICS,
- Visual Privacy Management in User Centric Open Environments (Vision, EU)
The following presentations give an overview on some of our research:
- J. Jürjens: 15 Years of Model-based Security Engineering with UML: Supporting Secure Evolution (Keynote). In: Sixth International Symposium on Business Modeling and Software Design (BMSD 2016), 2016.
- J. Jürjens, B. Nuseibeh: Software Engineering for Secure Systems. In: 33rd International Conference on Software Engineering (ICSE 2011), 2011. Technical Briefing. ACM 2011.
- J. Jürjens: Model-based Security Engineering with UML: The last decade and towards the future (Keynote). In: 26th IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC 2010), pp. 4, 2010.
The following videos are also available:
Overview on the Fraunhofer Attract project "Architectures for Auditable Business Process Engineering (APEX)":
slides (in German)
Some of the Methods and Tools developed by us
UMLsec is an extension of UML for modeling security properties. The corresponding tool support enables different
analyses. The original definition of the UMLsec notation can be found in Jan Jürjens: "Secure Systems Development with UML", Springer-Verlag. The notation is
continually being improved and extended. More information on UMLsec can be found here.
There is extensive tool-support available for the automated analysis of security properties specified with UMLsec or
domain-specific languages (e.g. BPMN). See here for more information.
Our research has been supported over the last few years with more than 5 Mio. EUR by funding bodies including the
An overview of current and past projects can be found here.