Security Engineering for lifelong Evolvable Systems (SecureChange)

Gábor Bergmann
Ábel Hegedüs
Zoltán Micskei
Dániel Varró

Duration of the project
February 1, 2009 - February 1, 2012
  • Universita degli Studi di Trento, Italy, coordinator,
  • Budapest University of Technology and Economics, Hungary,
  • Gemalto (Axalto), France,
  • Institut national de Recherche en Informatique et en Automatique, France,
  • Katholieke Universiteit Leuven, Belgium,
  • Smartesting, France,
  • Open University, United Kingdom,
  • Stiftelsen for industiell og teknisk forskning ved Norges Tekniske Hogskole, Norway,
  • Thales, France,
  • Telefonica Investigacion y Desarrollo Sociedad Anonima Unipersonal, Spain
  • University of Innsbruck, Austria
  • Deep Blue, Italy
Project aim:
There is growing demand to continuously evolve systems to meet changing business needs, new regulations and policies, novel technologies and computing infrastructures. Unfortunately, the pace of required change affects our ability to ascertain and maintain the quality of a system. Our objective is thus to develop techniques and tools that ensure "lifelong" compliance to security, privacy and dependability requirements for a long-running evolving software system. This is challenging because these requirements are not necessarily preserved by system evolution. The project will develop processes and tools that support design techniques for evolution, testing, verification, re-configuration and local analysis of evolving software. Our focus is on mobile devices and homes, which offer both great research challenges and long-term business opportunities. Concrete achievements will include the following:
  • An architectural blueprint and an integrated security process for lifelong adaptable systems that acts as a common framework for all the techniques and tools delivered in this project.
  • A requirements engineering methodology that supports dealing with the fact that in long-living systems, both the requirements and the implemented systems will change after the initial development has finished.
  • A security modelling notation for modeling adaptive security designs, together with formally founded automated security analysis tools.
  • An IT security risk approach able to assess the evolution of risk profiles due to the evolution of either system or attacker model.
  • Techniques and tools to verify adaptive security requirements when performing on-device software updates.
  • A model-based testing approach that supports automated testing of evolving systems for security requirements.
  • The results are continuously validated jointly with key industry players.
Further information:
Dr. Daniel Varro, associate professor