elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Data Science roadmap: An insight to achieve secure software engineering

Krishnamurthy, Rohan and Haupt, Carina and Meinel, Michael (2018) Data Science roadmap: An insight to achieve secure software engineering. ESSoS 2018: International Symposium on Engineering Secure Software and Systems, 26.-27. Juni 2018, Paris, Frankreich.

[img] PDF
674kB

Abstract

The research in software engineering towards security is getting rich attention. New security breaches are reported by media on an almost daily basis. According to a research survey tailored by SEI, more than 9 out of 10 security vulnerabilities are occurring by exploiting known software defects. The analysis of 45 e-business applications showed that 7 out of 10 security defects were caused by poor software design. We, at the German Aerospace Center (DLR), are involved in various research activities across space, aeronautics, transportation, and energy that involve software development by domain scientists. Missing any security training and having little knowledge in software engineering, these scientists introduce defects unknowingly. As a result, scientific software provides attack vectors that can be exploited by internal and external penetrators. We believe that a lot of security issues could be avoided by following a security-centered development process. With our newly formed Secure Software Engineering group we want to tackle this problem by supporting the scientists during development. Therefore we want to capture software engineering processes, evaluate the security of software produced by those processes, and finally provide inputs on how to improve software engineering practices with respect to security. We want to follow a data driven approach that combines various current techniques covering different aspects of IT security and software engineering. The development process as well as the quality of the resulting software is captured by combining different state of the art approaches. For evaluation of the software quality with respect to security there are several static and dynamic analysis tools available. On the dynamic side our approach focuses on fuzzing and application of exploitation frameworks like Metasploit. For static analysis we use rule based syntax tree matching and intermediate language evaluation. This should be combined with manual audits and evaluated in a common, comparable scoring system. To capture characteristics of the software engineering process we aim at recording full artifact provenance using specialized IDE extensions. To get started we are also mining our repositories for historic information about pro cesses and gather information from developers using surveys.

Item URL in elib:https://elib.dlr.de/123335/
Document Type:Conference or Workshop Item (Poster)
Title:Data Science roadmap: An insight to achieve secure software engineering
Authors:
AuthorsInstitution or Email of AuthorsAuthors ORCID iD
Krishnamurthy, Rohanrohan.krishnamurthy (at) dlr.dehttps://orcid.org/0000-0002-5436-1536
Haupt, CarinaCarina.Haupt (at) dlr.dehttps://orcid.org/0000-0001-6447-1379
Meinel, Michaelmichael.meinel (at) dlr.dehttps://orcid.org/0000-0001-6372-3853
Date:June 2018
Refereed publication:No
Open Access:Yes
Gold Open Access:No
In SCOPUS:No
In ISI Web of Science:No
Status:Published
Keywords:Software Engineering, Security, Provenance, Data Science, Static and Dynamic analysis, Intermediate Language
Event Title:ESSoS 2018: International Symposium on Engineering Secure Software and Systems
Event Location:Paris, Frankreich
Event Type:Workshop
Event Dates:26.-27. Juni 2018
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:Space Technology
DLR - Research area:Raumfahrt
DLR - Program:R SY - Technik für Raumfahrtsysteme
DLR - Research theme (Project):R - Vorhaben SISTEC
Location: Berlin-Adlershof , Jena
Institutes and Institutions:Institut of Simulation and Software Technology
Institut of Simulation and Software Technology > Distributed Systems and Component Software
Institute of Data Science
Institute of Data Science > IT-Security
Deposited By: Haupt, Carina
Deposited On:10 Dec 2018 08:17
Last Modified:31 Jul 2019 20:21

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Copyright © 2008-2017 German Aerospace Center (DLR). All rights reserved.