Security Engineering for Lifelong Evolvable Systems

Year 3 Summary

In  the  course  of  the  first  year  the  project  has  developed  new  models,  methodologies  and processes  to  guarantee  security  during  software  evolution.  During  the  second  year  the SecureChange partners have consolidated these results into a conceptually integrated process and sharpened the project focus to address specific challenges from the industrial case studies of the project. The third and final year of the project focused on the industrial validation of the project  results  on  the  basis  of  real  industrial scenarios  in  the  domains  of  Air  Traffic Management, Smart Cards Software Evolution, and Home Appliances.

Download the  Year 3 Summary Report here, or read some quick facts below (after the break).

During the  final  year  of  the  project,  the  industrial  case studies  supported  a  validation  of  the SecureChange artefacts. SecureChange  results  have  been  evaluated  according  to  the  validation  criteria identified in previous years. The validation scenarios and exercises involved domain experts and case studies  (i.e.  ATM,  HOMES  and  POPS).  This  allowed  us  to  collect  feedback drawn  from relevant industrial experience, and to assess how SecureChange artefacts would fit  current  industrial  practices.  Deliverable  D1.3  (Report  on  the  Industrial  Validation  of SecureChange Solutions) reports and discusses the validation results.

Meanwhile, the technical work packages continued to refine the previously developed methodologies, algorithms and tools. As the industrial validation results were coming in during the year, the focus expanded to addressing the concerns raised in the domain experts' feedback. For detailed results, the project deliverables of Year 3 are now also available on the Deliverables page.

During the third year of SecureChange, the project partners delivered roughly 50 additional presentations and published more than 70 papers    addressing  different  topics of  the  project (13  journals articles,  53 conference/workshop publications;  4 books or book chapters  and  more  reports),  delivered  several tutorials, tool demos  and  invited  talks.  Altogether during the entire span of SecureChange, project partners have  developed  8  courses  and  additionally  8  lectures  where  SecureChange  results  were integrated.  In  addition,  there  are  21  PhD  theses  which  have  been  completed  or  close  to completion – all of which are centred around research topics of SecureChange. Project  partners  have  been  very  active  in  developing  research  prototype  tools  to  provide feasibility  study  and  practical  validation  of  the  scientific  results.  SecureChange  proudly announces  that  as  many  as  8  tools  have  been  developed  completely  within  the  scope  of  the project,  while  an  additional  pre-existing  9  tools  have  been  continued  to  be  developed.  Most project tools - the Move  Tool, the SecMer tool (and the underlying engines EMF-IncQuery and OpenArgue),  the  CARISMA  tool,  etc.  have  been  made  available  on  the  web  and  there  is  a significant  interest  in  their  usage.  The  Rinforzando  Tool  developed  by  Thales  is  now  in  the process of de-risking for direct adoption in production environment. The results on the EvoTest tool by SmartTesting have been ported to the production environment. The  promising  results  of  the  SecureChange  integrated  process  have  contributed  to  the foundation of a spin-off company: QE LaB Business Services GmbH (

Read more about the overall progress of the project in the Year 3 Project Summary.