Security Engineering for Lifelong Evolvable Systems

University of Innsbruck

University of Innsbruck (UIB) takes part with the research group Quality Engineering (QE) headed by Prof. Dr. Ruth Breu. QE develops innovative methods and tools for improving quality and cost efficiency in IT with a focus on model-based techniques and security.

In the context of SecureChange QE has developed the following frameworks and methods in the recent years.

  • SECTET is a high-level security infrastructure for B2B-workflows. SECTET supports the model-based configuration of core security services within a reference architecture in the context of web service technology.
  • ProSecO is a framework for business oriented assessment of security risks in the context of enterprises. ProSecO is based on enterprise models attaching security related information to model elements at different layers of abstraction ranging from the business layer down to the physical layer. Moreover, ProSecO propagates a collaborative process distributing the responsibility for security issues to various actors.
  • Telling TestStories is a framework for model-based acceptance tests. Executable acceptance tests handle the challenge to bridge the gap between the description of test cases at a business level and executability. Telling TestStories allows tests to be defined based on the model elements of the requirements specification and to provide executability through a fixture concepts. Within SecureChange the Telling TestStories framework will be extended to cover the idea of security acceptance tests.

QE works in close cooperation with international industrial partners like Swiss Re, DaimlerChrysler, Telekom Austria and Samsung and is partner in a network of SMEs in Austria and Southern Germany. In the health@net project, cooperation with national stakeholders of healthcare in Austria with the goal to develop concepts for a national virtual health data record, QE is responsible for the security concept and architecture. In ModSELinux QE and Samsung USA jointly develop a model-based approach for the application-oriented configuration of SELinux policies.

Quality Engineering has long experience in core topics of SecureChange, in particular in the fields of model-driven security, risk management during the software lifecycle and model-based configuration of security services. In particular the expertise of QE in both analytic, specification oriented fields and implementation oriented work will be beneficial for achieving traceability in the overall SecureChange process.

Key personnel:

Ruth Breu is head of the research group Quality Engineering at the University of Innsbruck since 2002. Before she worked at the TU München and University of Passau and worked as consultant in the areas of conceptual design and software processes. Ruth Breu is member of the board of the German Chapter of the ACM since 2004, member of the scientific board of ARC Seibersdorf since 2005 and author of three books and numerous international publications. She graduated in 1988 and received her doctorate from the University of Passau in 1991. Currently she is involved in world-wide actions to foster the cooperation among experts in Model Engineering, IT Security and Healthcare, e.g. organizing a Dagstuhl Seminar in 2009 together with J. Sztipanovits (Vanderbilt University), J. Mitchell (Stanford University) and A. Winter (Universität Leipzig).

Michael Hafner joined the Department of Computer Science at the Univ. of Innsbruck in 2003 where he received his PhD degree in 2007. His prime research interest is on model-driven security and trusted computing