elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Impressum | Datenschutz | Kontakt | English
Schriftgröße: [-] Text [+]

Data Science roadmap: An insight to achieve secure software engineering

Krishnamurthy, Rohan und Haupt, Carina und Meinel, Michael (2018) Data Science roadmap: An insight to achieve secure software engineering. ESSoS 2018: International Symposium on Engineering Secure Software and Systems, 2018-06-26 - 2018-06-27, Paris, Frankreich.

[img] PDF
674kB

Kurzfassung

The research in software engineering towards security is getting rich attention. New security breaches are reported by media on an almost daily basis. According to a research survey tailored by SEI, more than 9 out of 10 security vulnerabilities are occurring by exploiting known software defects. The analysis of 45 e-business applications showed that 7 out of 10 security defects were caused by poor software design. We, at the German Aerospace Center (DLR), are involved in various research activities across space, aeronautics, transportation, and energy that involve software development by domain scientists. Missing any security training and having little knowledge in software engineering, these scientists introduce defects unknowingly. As a result, scientific software provides attack vectors that can be exploited by internal and external penetrators. We believe that a lot of security issues could be avoided by following a security-centered development process. With our newly formed Secure Software Engineering group we want to tackle this problem by supporting the scientists during development. Therefore we want to capture software engineering processes, evaluate the security of software produced by those processes, and finally provide inputs on how to improve software engineering practices with respect to security. We want to follow a data driven approach that combines various current techniques covering different aspects of IT security and software engineering. The development process as well as the quality of the resulting software is captured by combining different state of the art approaches. For evaluation of the software quality with respect to security there are several static and dynamic analysis tools available. On the dynamic side our approach focuses on fuzzing and application of exploitation frameworks like Metasploit. For static analysis we use rule based syntax tree matching and intermediate language evaluation. This should be combined with manual audits and evaluated in a common, comparable scoring system. To capture characteristics of the software engineering process we aim at recording full artifact provenance using specialized IDE extensions. To get started we are also mining our repositories for historic information about pro cesses and gather information from developers using surveys.

elib-URL des Eintrags:https://elib.dlr.de/123335/
Dokumentart:Konferenzbeitrag (Poster)
Titel:Data Science roadmap: An insight to achieve secure software engineering
Autoren:
AutorenInstitution oder E-Mail-AdresseAutoren-ORCID-iDORCID Put Code
Krishnamurthy, Rohanrohan.krishnamurthy (at) dlr.dehttps://orcid.org/0000-0002-5436-1536NICHT SPEZIFIZIERT
Haupt, CarinaCarina.Haupt (at) dlr.dehttps://orcid.org/0000-0001-6447-1379NICHT SPEZIFIZIERT
Meinel, Michaelmichael.meinel (at) dlr.dehttps://orcid.org/0000-0001-6372-3853NICHT SPEZIFIZIERT
Datum:Juni 2018
Referierte Publikation:Nein
Open Access:Ja
Gold Open Access:Nein
In SCOPUS:Nein
In ISI Web of Science:Nein
Status:veröffentlicht
Stichwörter:Software Engineering, Security, Provenance, Data Science, Static and Dynamic analysis, Intermediate Language
Veranstaltungstitel:ESSoS 2018: International Symposium on Engineering Secure Software and Systems
Veranstaltungsort:Paris, Frankreich
Veranstaltungsart:Workshop
Veranstaltungsbeginn:26 Juni 2018
Veranstaltungsende:27 Juni 2018
HGF - Forschungsbereich:Luftfahrt, Raumfahrt und Verkehr
HGF - Programm:Raumfahrt
HGF - Programmthema:Technik für Raumfahrtsysteme
DLR - Schwerpunkt:Raumfahrt
DLR - Forschungsgebiet:R SY - Technik für Raumfahrtsysteme
DLR - Teilgebiet (Projekt, Vorhaben):R - Vorhaben SISTEC (alt)
Standort: Berlin-Adlershof , Jena
Institute & Einrichtungen:Institut für Simulations- und Softwaretechnik
Institut für Simulations- und Softwaretechnik > Verteilte Systeme und Komponentensoftware
Institut für Datenwissenschaften
Institut für Datenwissenschaften > IT-Sicherheit
Institut für Datenwissenschaften > Sichere Digitale Systeme
Hinterlegt von: Haupt, Carina
Hinterlegt am:10 Dez 2018 08:17
Letzte Änderung:24 Apr 2024 20:27

Nur für Mitarbeiter des Archivs: Kontrollseite des Eintrags

Blättern
Suchen
Hilfe & Kontakt
Informationen
electronic library verwendet EPrints 3.3.12
Gestaltung Webseite und Datenbank: Copyright © Deutsches Zentrum für Luft- und Raumfahrt (DLR). Alle Rechte vorbehalten.