Secure Change is an EU-funded project to develop techniques and tools that ensure lifelong compliance to evolving security, privacy and dependability requirements for a long-running evolving software system.
Software-based systems are becoming increasingly long-living. This was demonstrated strikingly with the occurrence of the year 2000 bug, which occurred because software had been in use for far longer than its expected lifespan. At the same time, software-based systems are getting increasingly security-critical since software now pervades the whole critical infrastructures dealing with critical data of both nations and also private individuals. There is therefore a growing demand for more assurance and more verified security properties of IT systems both during development and at deployment time, in particular also for long living systems. Yet a long lived system also needs to be flexible, to adapt to changes and adjust to evolving requirements, usage and attack models. However, using today's system engineering techniques we are forced to trade flexibility for assurance or vice versa.
SecureChange's objective is thus to develop techniques and tools that ensure "lifelong" compliance to evolving security, privacy and dependability requirements for a long-running evolving software system. This is challenging because these requirements are not necessarily preserved by system evolution.
The project will develop techniques, tools, and processes that support design techniques for evolution, testing, verification, re-configuration and local analysis of evolving software. The project results will be applied and evaluated in particular in the industrial application domains of mobile devices, digital homes, and large scale air traffic management which all offer both great research challenges and long-term business opportunities.
Our research group contributes to SecureChange by developing security analysis tools. Therefore, we have extended the CARiSMA tool so that it became evolution-aware. With UMLchange we have developed a notation to specify possible evolutions inside UML models. Based thereon, our evolution-aware CARiSMA checks can analyse the potential evolution and whether it meets the security requirements.