Krishnamurthy, Rohan und Haupt, Carina und Meinel, Michael (2018) Data Science roadmap: An insight to achieve secure software engineering. ESSoS 2018: International Symposium on Engineering Secure Software and Systems, 2018-06-26 - 2018-06-27, Paris, Frankreich.
PDF
674kB |
Kurzfassung
The research in software engineering towards security is getting rich attention. New security breaches are reported by media on an almost daily basis. According to a research survey tailored by SEI, more than 9 out of 10 security vulnerabilities are occurring by exploiting known software defects. The analysis of 45 e-business applications showed that 7 out of 10 security defects were caused by poor software design. We, at the German Aerospace Center (DLR), are involved in various research activities across space, aeronautics, transportation, and energy that involve software development by domain scientists. Missing any security training and having little knowledge in software engineering, these scientists introduce defects unknowingly. As a result, scientific software provides attack vectors that can be exploited by internal and external penetrators. We believe that a lot of security issues could be avoided by following a security-centered development process. With our newly formed Secure Software Engineering group we want to tackle this problem by supporting the scientists during development. Therefore we want to capture software engineering processes, evaluate the security of software produced by those processes, and finally provide inputs on how to improve software engineering practices with respect to security. We want to follow a data driven approach that combines various current techniques covering different aspects of IT security and software engineering. The development process as well as the quality of the resulting software is captured by combining different state of the art approaches. For evaluation of the software quality with respect to security there are several static and dynamic analysis tools available. On the dynamic side our approach focuses on fuzzing and application of exploitation frameworks like Metasploit. For static analysis we use rule based syntax tree matching and intermediate language evaluation. This should be combined with manual audits and evaluated in a common, comparable scoring system. To capture characteristics of the software engineering process we aim at recording full artifact provenance using specialized IDE extensions. To get started we are also mining our repositories for historic information about pro cesses and gather information from developers using surveys.
elib-URL des Eintrags: | https://elib.dlr.de/123335/ | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dokumentart: | Konferenzbeitrag (Poster) | ||||||||||||||||
Titel: | Data Science roadmap: An insight to achieve secure software engineering | ||||||||||||||||
Autoren: |
| ||||||||||||||||
Datum: | Juni 2018 | ||||||||||||||||
Referierte Publikation: | Nein | ||||||||||||||||
Open Access: | Ja | ||||||||||||||||
Gold Open Access: | Nein | ||||||||||||||||
In SCOPUS: | Nein | ||||||||||||||||
In ISI Web of Science: | Nein | ||||||||||||||||
Status: | veröffentlicht | ||||||||||||||||
Stichwörter: | Software Engineering, Security, Provenance, Data Science, Static and Dynamic analysis, Intermediate Language | ||||||||||||||||
Veranstaltungstitel: | ESSoS 2018: International Symposium on Engineering Secure Software and Systems | ||||||||||||||||
Veranstaltungsort: | Paris, Frankreich | ||||||||||||||||
Veranstaltungsart: | Workshop | ||||||||||||||||
Veranstaltungsbeginn: | 26 Juni 2018 | ||||||||||||||||
Veranstaltungsende: | 27 Juni 2018 | ||||||||||||||||
HGF - Forschungsbereich: | Luftfahrt, Raumfahrt und Verkehr | ||||||||||||||||
HGF - Programm: | Raumfahrt | ||||||||||||||||
HGF - Programmthema: | Technik für Raumfahrtsysteme | ||||||||||||||||
DLR - Schwerpunkt: | Raumfahrt | ||||||||||||||||
DLR - Forschungsgebiet: | R SY - Technik für Raumfahrtsysteme | ||||||||||||||||
DLR - Teilgebiet (Projekt, Vorhaben): | R - Vorhaben SISTEC (alt) | ||||||||||||||||
Standort: | Berlin-Adlershof , Jena | ||||||||||||||||
Institute & Einrichtungen: | Institut für Simulations- und Softwaretechnik Institut für Simulations- und Softwaretechnik > Verteilte Systeme und Komponentensoftware Institut für Datenwissenschaften Institut für Datenwissenschaften > IT-Sicherheit Institut für Datenwissenschaften > Sichere Digitale Systeme | ||||||||||||||||
Hinterlegt von: | Haupt, Carina | ||||||||||||||||
Hinterlegt am: | 10 Dez 2018 08:17 | ||||||||||||||||
Letzte Änderung: | 24 Apr 2024 20:27 |
Nur für Mitarbeiter des Archivs: Kontrollseite des Eintrags