The 24th GRACE Seminar on Advanced Software Science and Engineering

Time: 15:00-18:00, Sep. 7th, 2009
Place: Lecture Room 1 (2005), 20F, National Institute of Informatics
Fee: Free
You need to register your name, affiliation and e-mail address in
advance. Please send a mail titled “24th Grace Seminar” including
the information to
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –


Speaker: Professor David Basin, ETH Zurich
Title : Model Driven Security

We present an approach to integrating security into the system design
process. Namely, models are made of system designs along with their
security requirements, and security architectures are automatically
generated from the resulting security-design models. We call the
resulting approach “Model Driven Security” as it represents a
specialization of model driven development to the domain of
system security.

To illustrate these ideas we present SecureUML, a modeling language
based on UML for modeling system designs along with their security
requirements. From SecureUML models, we automatically generate security
architectures, built from declarative and programmatic access control
mechanisms, for distributed middleware-based applications.
We report on case studies using model-driven development
tools and highlight our current research in this area.


Speaker: Professor David Basin, ETH Zurich
Title : Specifying and Analyzing Security Automata

Security automata are a variant of Buechi automata used to
specify security policies that can be enforced by monitoring system
execution. We propose using CSP-OZ for specifying security automata,
formalizing their combination with target systems, and analyzing the
security of the resulting system specifications. CSP-OZ is a rich
specification language that combines Communicating Sequential Processes
(CSP) and Object-Z (OZ). Our thesis is that this language is very well
suited for specifying and reasoning about complex security automata and
their combination with large-scale systems. This includes the ability to
specify concisely complex operations and complex control, support for
structured specifications, refinement, and transformational design, as
well as automated, tool supported analysis. We present two case
studies, which provide support for this thesis.

David Basin is a full professor of Computer Science at ETH Zurich and head of the Information Security research group.
He received a his Ph.D. in Computer Science from Cornell University in 1989
and his Habilitation in Computer Science from the University of Saarbrucken in 1996.
He was a research fellow at both the University of Edinburgh (1990-1991)
and the Max-Planck-Institut für Informatik (1992-1997). From 1997-2002 he held the chair of Software Engineering at the University of Freiburg in Germany.
His research areas are Information Security and Software Engineering, in particular methods and tools for building secure and reliable systems.
He is the founding director of the ZISC, the Zurich Information Security Center, which he leads since 2003. He serves on the editorial boards of numerous journals including IEEE Transactions on Dependable and Secure Computing, Acta Informatica, and Information Processing Letters. He is Editor-in-Chief (together with Ueli Maurer) of Springer-Verlag’s book series in Information Security and Cryptography. He co-founded the conference series on Formal Methods in Security Engineering and is on the steering committee of the ACM Symposium on Information, Computer and Communications Security (ASIACCS).

This entry was posted in Research, Seminar. Bookmark the permalink.

Comments are closed.