A meeting on "Engineering Secure Complex Software Systems and Services" was convened in Brussels on 23 April 2008. The event was part of the preparation activities for the FP7 ICT work programme for 2009-2010 and its subsequent calls for R&D proposals in the area of ICT Security and Trust. It brought together a small group of stakeholders from industry and academia. The objective was to discuss what are the main industrial practices and research advances today and to identify the future challenges and how to address them. This article briefly describes the main findings from the meeting and the way forward. The full report and the presentations given by the participants can be found at the Web link provided below.
Today's Industrial Practices and Research Work
In industry, software development is still a human intensive and error prone process, despite the existence of sophisticated development environments and formal method techniques. The success of software delivery is still measured against available budget and time constraints but not against the fulfilment of security requirements. There exist many tools for assessing software security but their results can differ considerably. Progress in verification and validation techniques and in static analysis is tangible, but such techniques are far from being cost-effective and flexible and are not yet widely used by industry. In fact, we still do not know how to measure and assess security, how to benchmark security of components or systems and how to prove security to third parties through verifiable evidence. Furthermore, security needs to follow and be aligned with business models and new business scenarios introduce security issues that cannot be addressed by existing solutions.
On the side of research, there is a multitude of research work underway, as for example in model-based design and model-driven security architectures, proof environments, security verification and validation, risk assessment, etc. At present, secure software engineering approaches cope well with size-limited and well-defined systems having relatively stable requirements. Future IT systems will be at least one order of magnitude more complex and larger than today's systems, evolving more dynamically and necessitating coordination of multiple intervening organizations. This brings new challenges to secure software engineering: How to scale it up to much larger systems with effective cross-organisational governance that aligns with various IT and enterprise governance objectives, while maintaining a sufficiently agile security architecture and configuration to accommodate changing requirements, contexts and use-cases? How to scale it down for the pervasive embedded systems (eg sensors and actuators)?
Shaping the Future
Today, there is a gap between the pragmatic practices of secure software development used by industry and the results of available research. Industry needs agile cycles of software delivery where time-to-market is often a driving force, while academia has often been focusing on time-consuming and heavyweight approaches. Secure software engineering can only be widely adopted by the software industry if there is a clear added value for the business. Progress in the following areas of work can act as a strong incentive for the further consideration and take-up of advanced secure software engineering practices by industry:
- The further development of models, metrics, tools and risk analysis and management processes; risk assessment is a key factor in capturing, specifying, implementing and monitoring security in software systems; the use of common experimental facilities and test data sets for testing and benchmarking new solutions; promoting best practices; and, further addressing the certification of software both the source and executable codes from the security perspective.
- Other areas where further research is needed include: methods and tools for ensuring system security by design, for assessing the security properties and for further automating system assurance (eg, by scaling up verification and validation), the composition of security properties at run time, embedding privacy in software development practices or integrating secure software engineering practices into the corporate IT governance of organisations.
The next event on this topic is the EC-ERCIM Strategic Seminar on ICT Security: "Engineering Secure Complex Software Systems and Services" that will take place in Brussels on 16 October 2008 (see announcement below).
Disclaimer: The content of this paper is the sole responsibility of the author and in no way represents the view of the European Commission or its services.
Information Society and Media Directorate General