Smart University Home Programs > Security in Software Engineering
Software & Network Engineering
1 Day
Security in Software Engineering
Current practices for developing secure systems are still closer to art than to an engineering discipline. Security is still treated as an add-on and is therefore not integrated into software development practices and tools. Experienced security artisans are still the key to achieving acceptable levels of security.

Several approaches and research strands have tried to address this situation in order to introduce rigour and engineering approaches in the treatment of security aspects in information systems, mainly focusing on the development phases. Traditionally, the term security engineering has been used to denote partial approaches that cover only small parts of the processes that are required in order to create a secure system, like modelling, verification, programming, etc. Even in the cases that the approach is closer to a methodology, and has achieved a certain level of maturity, the key concepts and workflows are highly influenced by the way had been treated by the security artisans. Therefore, one finds in the literature that the main books about security engineering describe threat-based engineering approaches.

Today, the current trend towards distributed and open systems has revealed the important limitations of current threat-based security engineering approaches. In particular, threat-based security engineering creates systems that are very context-dependent, and therefore, fail to address the needs of the future open and distributed systems paradigms. The main problems that the new computing paradigms introduce are the high levels of heterogeneity, dynamism and autonomy, as well as the large scale. The result is that engineers have to deal with runtime situations that are unpredictable at design time. This module will introduce the current state of the art in Security in Software Engineering and will show how some of the latest developments can support the creation of secure and dependable systems for these new computing paradigms. Additionally we will present the SERENITY integrated engineering processes as the backbone of a new security engineering discipline.

Who should attend?
The module is suitable for attendees with some technical background and IT awareness, but will only assume basic knowledge of security and software engineering.
The content is aimed at engineers/developers and security experts, however it should also appeal to managers wishing to get an overview of the way security is treated in the development activities and in particular on compliance.

Target sectors:
Software developers, Software engineers, Security experts, IT managers.

Key topics
Security Engineering, Security-aware Software Engineering, Development for Compliance, Development for Evolution.


9.00 - 12.30 am
Part 1. Introduction to Security in Software Engineering
by Antonio Maña, Professor, University of Malaga

- Security Engineering Fundamentals, Background and new problems

This talk will introduce the problems found in order to provide appropriate security and dependability solutions in the framework of Software Engineering processes and methodologies. It will also highlight the challenges faced in the new highly distributed and heterogeneous computing scenarios, such as service oriented computing, ubiquitous computing and ambient intelligence.

- The SERENITY model of secure and dependable ecosystems
This talk will present the SERENITY model of secure and dependable ecosystems, concentrating on the conceptual level, but introducing the SERENITY Processes and tools.

14.00 - 15.30 pm
Part 2. Security Engineering Elements
by A. Muñoz

- Creation of Security and Dependability Solutions
This talk will show how reusable solutions for security and dependability problems can be built, analyzed and characterized.

- Security Requirements. Definition and management of S&D Properties
This talk will show how to express S&D Requirements and how to relate requirements and solutions.

15.45 - 17.45 pm
Part 3. Security in Software Engineering
by Francisco Sánchez, Project Leader at the ITI (Instituto Técnico de Informática), Universitat Politècnica de València

- Security-aware Software Engineering Processes
This talk will describe different Software Engineering Processes and how Security can be included naturally into these. It will also describe how to ensure compliance with security regulations and policies.

- Creation of Secure Applications
This talk will demonstrate how to create secure and dependable applications that are able to adapt dynamically to ever-changing and unpredictable context conditions with the support of a supervisor like the SERENITY Runtime Framework (SRF). It will also show how to support system evolution by design.

17.45 - 18.15 pm


Module designed and coordinated by Dr. Antonio Maña,
Professor, Computer Science Department,
University of Malaga, Spain
no dates for the moment
From €200 (excl. vat)

  To register