Fachbereich Informatik Institute for Software Technology
Institute für Software Technology

Research Group
Software Engineering



Diese Seite in Deutsch



University of Koblenz-Landau

Department of Software Technology

Universitaetsstrasse 1
D-56070 Koblenz

People University of Koblenz-Landau

People Leibniz University Hannover



Main Content

Beyond One-Shot Security: Keeping Information Systems Secure through Environment-Driven Knowledge Evolution (SecVolution)

DFG-SPP Design for Future – Managed Software Evolution" (SPP 1593) (2012-2015)

Project Description

Information systems are exposed to constantly changing environments which require constant updating. Software "ages" not by wearing out, but by failing to keep up-to-date with its environment. Security is an increasingly important quality aspect in modern information systems. At the same time, it is particularly affected by the above-mentioned risk of "software ageing". When an information system 1 handles assets of a company or an organization, any security loophole can be exploited by attackers. Advances in knowledge and technology of attackers are part of the above-mentioned environment of a security-relevant information system. Outdated security precautions can, therefore, permit sudden and substantial losses. Security in long-living information systems, thus, requires an on-going and systematic evolution of knowledge and software for its protection. Our objective is to develop techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements. We will build on the security requirements & design approach SecReq developed in previous joint work. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process. We will develop heuristic tools and techniques that support elicitation of relevant changes in the environment. Findings will be formalized for semi-automatic security updates. During the evolution of a long-living information system, changes in the environment will be monitored and translated to adaptations that preserve or restore its security level.

Main Publications

Further Publications, Talks and Demos

Preliminary Work: Publications