|
Home |
|
Research / Knowledge Transfer |
|
Projects |
|
Teaching |
|
Publications |
|
Consultancy / Training |
|
CV |
|
Home | Research / Knowledge Transfer | Projects | Teaching | Publications | Consultancy | CV | Secure Tropos |
|
DR. Haris Mouratidis |
|
Research |
|
A large number of current software systems contain confidential and private information, such as military secrets, bank accounts and health records, which needs to be secure. However, current surveys indicate that we are far from developing acceptable secure software systems. One of the main reasons for this situation is that many system developers do not always have a strong background in computer security and lack expertise in secure software system development. Nevertheless, in practice, they are asked to develop systems that require security features. As a result, the definition of security requirements is usually considered after the design of the system. This means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges and conflicts that usually translate into the emergence of software systems afflicted with security vulnerabilities. These vulnerabilities are often the major cause of system disasters, and adjustments that are usually very expensive. However, research has shown that such vulnerabilities can be eliminated if the overall system development considers security aspects in a coherent way. The process should be similar to what happens when discussing functional system requirements; where one does not get immediately trapped into discussions about programming languages and/or coding techniques. However, security has not been integrated into the development process and software systems engineering research has not provided well assessed languages for capturing security requirements at the organisational level, nor methodologies, and techniques for transforming such requirements into progressively more detailed system descriptions down to executable code. My long-term research goal is to effectively develop secure software systems for large, open and distributed environments. My research position is that security related problems and challenges fall into a two-dimensional category. Those related to the available technology and the infrastructure of software systems (technical challenges) and those related to the involvement of humans in the security of software systems (social/organisational challenges). A mature solution for the development of secure software systems should take into account both dimensions. Towards this direction, I am interested in developing ontologies, languages, models, patterns, processes, methodologies and automated techniques that consider security as an integrated aspect of the software system development process, taking into account not only the technical aspects of security but also the social aspects. I am also interested in applying theoretical research outputs to different application domains such as health, education, banking and telecommunications. Inevitably, my research work has a multi-disciplinary angle and I have been involved in research in areas such as software engineering, security engineering, information systems development, agent oriented software engineering and multi-agent systems security. For more information please see my research projects and publications.
|
