150 likes | 241 Views
SoBeNeT project User group meeting 25/10/2005. Agenda. The project in a nutshell. IWT SBO project (2003-2007) Context: availability of security components Goal: to enable the development of secure application software 4 Research tracks: Programming and Composition Software engineering
E N D
The project in a nutshell • IWT SBO project (2003-2007) • Context: availability of security components • Goal: to enable the development of secure application software • 4 Research tracks: • Programming and Composition • Software engineering • Tamper and analysis resistance • Shielding and interception
3E Agfa Alcatel Application Engineers (Banksys) Cryptomatic (De Post) EMC2 Inno.com Johan Peeters bvba Microsoft L-SEC NBB OWASP-Belgium Philips PWC Siemens UZ Gasthuisberg Zetes The project’s user group • User group • Channel for direct feedback on the execution of the project • Primary audience for dissemination • Possible channel for validation and valorization • Composition:
Project status • End of second project year • Project execution is mainly on schedule • Substantial amount of results • Academic: scientific publications and involvement in (inter)national events • Broader: workshops and courses • First steps of industrial validation
Programming and Composition Track • 1.1.1: Literature survey of causes and weaknesses • Webservices [Krisvdb] and PalmOS [Goovaerts] • 1.1.2: Application case studies • E-finance [Lagaisse], E-publishing, KWS • 1.2.1: Inventory of solution techniques • Formal software security [De Win] • 1.2.2: Evaluation SoA programming languages • C# • 1.2.3: Definition optimal programming model • Memory allocators for C/C++ [Younan]
Programming and Composition Track • 1.3.1: Composition model for security • Survey discussion [De Win], CAS for .NET [Smans] • 1.3.2: Complex composition scenarios • Improving abstractions [Verhanneman], Generic XACML binding, Dependency scenarios [Desmet] • 1.4.1: Definition basic security requirements • 1.4.2: Support for contracts in component frameworks • Extending .NET for contracts [Jacobs] • 1.4.3: Evaluation of component frameworks • Comparison J2EE, CORBA, .NET, WS, Mobile [Goovaerts]
Software Engineering Track • 2.1.1: Inventory of common security requirements • Literature study and case study driven • 2.2.1: Study of industry best practice • Overview presented in workshop [Ubizen] • 2.2.2: Study of mainstream SE processes • Focus on UP and XP to be presented in workshop, survey of relevant research [De Win]
Tamper and Analysis Resistance Track • 3.1.1: Survey of critical software modules • Analysis report [Cappaert] • 3.2.1: Development of new software effective efforts • Description and testing of first ideas [Wyseur] • All results are available on the project website (http://sobenet.cs.kuleuven.be)
Shielding and Interception Track • 4.1.3: Study of interception in the software industry • Application to KWS case • 4.1.6: Study of transfer mechanisms • Inventory of transfer mechanisms • 4.1.7: Design of interception point coordination • SIAMM and SOSA • 4.2.1: Study of formal approaches • ASM-based specification of application-level protocols for OO • 4.2.2: Derivation of security requirements • Protocol conformance checker from ASM specification [Smans] • 4.2.3: Study of attack methods • Survey of various attack methods [Ubizen] • 4.2.4: Study of attack options • Survey of various attack options [Ubizen]
Focus for Year 02 (revisited) Headlines • Interrelations between point solutions in track I (Languages and composition) • Maturing the application case studies – track I • Intensifying the software engineering track – track II • Cross-fertilization between the above and tracks III en IV respectively
Headlines of Year 3 • Composition model for security (COSMOS): • elaboration of new contract types • Integration with mainstream component frameworks • Refinement of secure development process activities (leveraged, among others, by results of other tracks) • Improved techniques for tamper and analysis resistance • Security management and monitoring
Feedback and Validation • User group poll • More focus on validation • Key target platforms: J2EE and .NET