Engineering and evolving secure software systems

  • Mouratidis, Haris (PI)
  • Mylopoulos, John, University of Ottawa, University of Trento (CoI)

Project Details

Description

The Engineering and Evolving Secure Software Systems project helped to develop a new area of research on security requirements evolution, which was underdeveloped in the UK.

As part of the project Professor John Mylopoulos came to Brighton as a Distinguished Visiting Fellow. He brought his experience together with results from his recent projects to enhance the current work at the Centre for Secure, Intelligent and Useable Systems, and he also delivered lectures, seminars and workshops and engaged in research discussions and activities with staff, students and industrial collaborators at the University of Brighton and three other UK universities: University College London, City University and the Open University.

The main activity of the project was to initiate research in a rapidly developing area, that of security requirements evolution. The project enhanced the university's research capability on security requirements engineering, and it focused on extending modelling languages and processes, developed by the Centre for Secure, Intelligent and Useable Systems, with input from Professor Mylopoulos and the notion of evolution, as defined in ERC Lucretius.

Researchers aimed to develop techniques for engineering software systems that evolved in response to security requirement changes, which might be related to organisational needs (e.g. security policy change) or might be dictated by outside factors (e.g. new laws on data protection). This was, to the best of our knowledge, the first attempt in the literature to develop requirements engineering techniques to support the management of security requirements evolution.

We focused on socio-technical systems operating in a socio-legal context and constrained by business processes and regulatory frameworks.

Managing security requirements evolution in that context is a particularly difficult challenge because of the complexity, heterogeneity and fluidity of the system components, and the unpredictability and openness of the environments in which they operate.

A second main activity for the project was the organisation of a series of events and activities to benefit from Professor Mylopoulos’s expertise and experience.

Professor John Mylopoulos has held positions at the University of Toronto (Assistant/Associate/Full Professor) and University of Trento (Distinguished Professor/Chiara Fama). He is currently Senior Researcher at Trento, Professor Emeritus at Toronto, and Fellow of the Royal Society of Canada, of the Entity-Relationship Foundation, and of the Canadian Artificial Intelligence Association. He was visiting Associate Professor at Harvard University, Visiting Professor at the University of Rome, and visiting Research Professor at City University of Hong Kong. In recognition of his contribution to the research community, he was awarded the 2010 Peter P. Chen award, a lifetime service award (IEEE Requirements Engineering Conference), and an Honorary Doctorate degree (RWTH-Aachen University). He was president of the Canadian Society for Computational Studies of Intelligence and of the VLDB endowment.

Professor Mylopoulos' visit resulted in the preparation of research papers, discussions and exploration of future research collaboration and grant proposals. A workshop was organised and a special issue proposal submitted for consideration.
StatusFinished
Effective start/end date1/03/15 → 1/11/15

Funding

  • Royal Academy of Engineering