Software-intensive systems are increasingly pervading our every day lives. As they get more and more connected, this opens them up to far-reaching cyber attacks. Moreover, a recent study by the U.S. Department of Homeland Security shows that more than 90% of current cyber-attacks are enabled not by faulty crypto, networks or hardware but by application-level implementation vulnerabilities.
In this technical briefing I will thus discuss current challenges and solutions for the secure engineering of software-intensive systems:
- Why are current systems as insecure as they are?
- What does it take to implement a Secure Software Engineering Lifecycle?
- How can one secure software architectures, which role does code analysis play?
- Which are current hot topics in the security community that we as software engineers should address?
I will address those questions by referring to current security incidents and by explaining a state-of-the-art secure engineering lifecycle. In doing so, I will refer to hands-on experiences that I have gained in projects during which we introduced security engineering into major engineering companies.
Eric Bodden is one of the leading experts on secure software engineering, with a specialty in building highly precise tools for automated program analysis. He is Professor for Software Engineering at Paderborn University and co-director of Fraunhofer IEM. Further, he is a member of the directorate of the Collaborative Research Center CROSSING at TU Darmstadt.
At Fraunhofer IEM, Bodden is heading the Attract-Group on Secure Software Engineering. In this function he is developing code analysis technology for security, in collaboration with the leading national and international software development companies. In 2014, the DFG awarded Bodden the Heinz Maier-Leibnitz-Preis. In 2013, BITKOM elected him into their mentoring program BITKOM Management Club.
Bodden is one of the chief maintainers of the Soot program analysis and optimization framework, a contributor to the AspectBench Compiler, the open research compiler for AspectJ, the inventor of the Clara and TamiFlex frameworks. Together with his research group, he has created the FlowDroid analysis framework for Android and the DroidBench benchmark suite.