1 / 15

SoBeNeT project User group meeting 25/10/2005

Explore the progress, research tracks, results, and upcoming goals of the IWT SBO project aimed at enhancing secure application software development from 2003 to 2007. Engage with key stakeholders for feedback and validation.

fitzgerald-johnson
Télécharger la présentation

SoBeNeT project User group meeting 25/10/2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SoBeNeT project User group meeting25/10/2005

  2. Agenda

  3. The project in a nutshell • IWT SBO project (2003-2007) • Context: availability of security components • Goal: to enable the development of secure application software • 4 Research tracks: • Programming and Composition • Software engineering • Tamper and analysis resistance • Shielding and interception

  4. 3E Agfa Alcatel Application Engineers (Banksys) Cryptomatic (De Post) EMC2 Inno.com Johan Peeters bvba Microsoft L-SEC NBB OWASP-Belgium Philips PWC Siemens UZ Gasthuisberg Zetes The project’s user group • User group • Channel for direct feedback on the execution of the project • Primary audience for dissemination • Possible channel for validation and valorization • Composition:

  5. Project status • End of second project year • Project execution is mainly on schedule • Substantial amount of results • Academic: scientific publications and involvement in (inter)national events • Broader: workshops and courses • First steps of industrial validation

  6. Programming and Composition Track • 1.1.1: Literature survey of causes and weaknesses • Webservices [Krisvdb] and PalmOS [Goovaerts] • 1.1.2: Application case studies • E-finance [Lagaisse], E-publishing, KWS • 1.2.1: Inventory of solution techniques • Formal software security [De Win] • 1.2.2: Evaluation SoA programming languages • C# • 1.2.3: Definition optimal programming model • Memory allocators for C/C++ [Younan]

  7. Programming and Composition Track • 1.3.1: Composition model for security • Survey discussion [De Win], CAS for .NET [Smans] • 1.3.2: Complex composition scenarios • Improving abstractions [Verhanneman], Generic XACML binding, Dependency scenarios [Desmet] • 1.4.1: Definition basic security requirements • 1.4.2: Support for contracts in component frameworks • Extending .NET for contracts [Jacobs] • 1.4.3: Evaluation of component frameworks • Comparison J2EE, CORBA, .NET, WS, Mobile [Goovaerts]

  8. Software Engineering Track • 2.1.1: Inventory of common security requirements • Literature study and case study driven • 2.2.1: Study of industry best practice • Overview presented in workshop [Ubizen] • 2.2.2: Study of mainstream SE processes • Focus on UP and XP to be presented in workshop, survey of relevant research [De Win]

  9. Tamper and Analysis Resistance Track • 3.1.1: Survey of critical software modules • Analysis report [Cappaert] • 3.2.1: Development of new software effective efforts • Description and testing of first ideas [Wyseur] • All results are available on the project website (http://sobenet.cs.kuleuven.be)

  10. Shielding and Interception Track • 4.1.3: Study of interception in the software industry • Application to KWS case • 4.1.6: Study of transfer mechanisms • Inventory of transfer mechanisms • 4.1.7: Design of interception point coordination • SIAMM and SOSA • 4.2.1: Study of formal approaches • ASM-based specification of application-level protocols for OO • 4.2.2: Derivation of security requirements • Protocol conformance checker from ASM specification [Smans] • 4.2.3: Study of attack methods • Survey of various attack methods [Ubizen] • 4.2.4: Study of attack options • Survey of various attack options [Ubizen]

  11. Focus for Year 02 (revisited) Headlines • Interrelations between point solutions in track I (Languages and composition) • Maturing the application case studies – track I • Intensifying the software engineering track – track II • Cross-fertilization between the above and tracks III en IV respectively

  12. Headlines of Year 3 • Composition model for security (COSMOS): • elaboration of new contract types • Integration with mainstream component frameworks • Refinement of secure development process activities (leveraged, among others, by results of other tracks) • Improved techniques for tamper and analysis resistance • Security management and monitoring

  13. Agenda

  14. Feedback and Validation • User group poll • More focus on validation • Key target platforms: J2EE and .NET

  15. Future Events

More Related