Our Research

Overview

Model-based development of critical software is a major topic of our research. In particular we are focussing on technologies such as cloud computing and mobile computing, in which "best practices" for secure development do not exist yet. These are in particular:

• Methods and Tools for Modelling and Verification of Security Properties (see Ten Year Most Influential Paper at UML 2002):
  • Modelling Languages (UMLsec) and Verification (CARiSMA) of Security Properties in UML
  • Extension of Domain-Specific Languages (e.g. BPMN) for Modelling Security Properties (CARiSMA)
  • Secure Software Engineering subject to Evolution (SecureChange, EU-FET)
  • Environment-Driven Knowledge Evolution (SecVolution, DFG-SPP 1593 "Design for Future")
• Security for Business Processes (APEX, Fraunhofer-Attract)
• Security in Cloud-Computing Environments (SecureClouds (BMBF) and ClouDAT (IKT.NRW))
• Modelling and Analysis of Economical Aspects of Security Measures (SECONOMICS, EU)
• Visual Privacy Management in User Centric Open Environments (Vision, EU)

The following presentations give an overview on some of our research:

• J. Jürjens: 15 Years of Model-based Security Engineering with UML: Supporting Secure Evolution (Keynote). In: Sixth International Symposium on Business Modeling and Software Design (BMSD 2016), 2016.
  @InProceedings{bmsd16, author = {J.~{J}{\"u}{r}jens}, title = {15 Years of Model-based Security Engineering with {UML}: Supporting Secure Evolution (Keynote)}, booktitle = {Sixth International Symposium on Business Modeling and Software Design (BMSD 2016)}, year = {2016}, keywords = {overviewPub,conferences, secureSoftwareEngineeringGeneral}, }

   BibTeX 
• J. Jürjens, B. Nuseibeh: Software Engineering for Secure Systems. In: 33rd International Conference on Software Engineering (ICSE 2011), 2011. Technical Briefing. ACM 2011.
  @InProceedings{icse11JN, author = {J.~{J}{\"u}{r}jens and B.~Nuseibeh}, title = {Software Engineering for Secure Systems}, booktitle = {33rd International Conference on Software Engineering (ICSE 2011)}, year = {2011}, note = {Technical Briefing. ACM 2011.}, file = {slides:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/slides/icse11brief_talk.pdf:URL}, keywords = {overviewPub,internationalConferences, secureSoftwareEngineeringGeneral}, }

   BibTeX   slides 
• J. Jürjens: Model-based Security Engineering with UML: The last decade and towards the future (Keynote). In: 26th IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC 2010), pp. 4, 2010.
  @InProceedings{vlhcc10, author = {J.~{J}{\"u}{r}jens}, title = {Model-based Security Engineering with {UML}: The last decade and towards the future (Keynote)}, booktitle = {26th IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC 2010)}, year = {2010}, pages = {4}, DOI = {http://doi.org/10.1109/VLHCC.2010.10}, file = {slides:http\://rgse.uni-koblenz.de/jj/publications/slides/vlhcc10talk.pdf:URL;audio:http\://rgse.uni-koblenz.de/jj/publications/audio/vlhcc10rec.wav:URL;preprint:http\://rgse.uni-koblenz.de/jj/publications/papers/vlhcc10.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL}, keywords = {overviewPub,conferences, secureSoftwareEngineeringModelBasedSecurityEngineering}, }

   BibTeX   DOI   slides   audio   preprint   dblp 

The following videos are also available:

• English (60min slide presentation including discussion, 2006): mov (122 MB !), streaming mov (87 MB !)
• German (inaugural lecture at TU Dortmund, 2010): slides, audio, video.

Overview on the Fraunhofer Attract project "Architectures for Auditable Business Process Engineering (APEX)": slides (in German)

Some of the Methods and Tools developed by us

UMLsec

UMLsec is an extension of UML for modeling security properties. The corresponding tool support enables different analyses. The original definition of the UMLsec notation can be found in Jan Jürjens: "Secure Systems Development with UML", Springer-Verlag. The notation is continually being improved and extended. More information on UMLsec can be found here.

Tool Support

There is extensive tool-support available for the automated analysis of security properties specified with UMLsec or domain-specific languages (e.g. BPMN). See here for more information.

Our Projects

Our research has been supported over the last few years with more than 5 Mio. EUR by funding bodies including the following:

• European Union (EU, in part. as Scientific Director of an IP),
• Deutschen Forschungsgemeinschaft (DFG, in part. SPP 1496 and 1593),
• Bundesministerium für Bildung und Forschung (BMBF),
• Land Nordrhein-Westfalen (NRW),
• Microsoft Research Cambridge (MSRC)
• Companies such as Münchener Rückversicherung, HypoVereinsbank, and Santander

An overview of current and past projects can be found here.