Title: The five W's (and one "H") of Security:
... Software Engineering of Secure Systems
Rudyard Kipling (1902)
As more of our lives are affected by computer-based systems, our personal security and the security of these systems has become the focus of much attention. How do we protect ourselves, our private information, and our mission critical assets from harm? Secure software is playing a major part in answering these questions. But as software engineers, are these the right questions to ask?
In this talk, I suggest that we need to devote more energy in formulating and answering other questions about the security implications of the software we build. What are we trying to protect? Why are we trying to protect it? When is protection necessary? Where is it necessary? And from whom are we trying to protect it?
Security Requirements Engineering is an emerging discipline that is re-focusing security engineering onto the security problems we need to solve, before we embark on developing solutions. So, what does a security problem look like and can it be solved without having a pre-existing system to protect and a malicious attacker to foil? What are security requirements and how do we manage their changes, as the problem world and the technology around them changes? I will pose these and many other challenging questions to the audience, with the intention of articulating research agenda for researchers working in the areas of security and privacy. Questions from the audience will be added to the repertoire.
Bashar Nuseibeh is Chair and Director of Research in Computing at The Open University (OU), and a Visiting Professor at Imperial College London and the National Institute of Informatics, Japan. Previously he was a Reader at Imperial College and Head of its Software Engineering Laboratory. His research interests are in software requirements engineering and design, software process modelling and technology, and technology transfer. He has published over 100 refereed papers and consulted widely with industry, working with organisations such as the UK National Air Traffic Services (NATS), Texas Instruments, Praxis Critical Systems, Philips Research Labs, and NASA. He has also served as Principal or Co-Investigator on a number of research projects on software engineering, security engineering, and learning technologies.
Bashar is Editor-in-Chief of the Automated Software Engineering Journal, Associate Editor of IEEE Transactions on Software Engineering, and a member of the Editorial Board of several other journals. He is currently Chair of IFIP Working Group 2.9 on Software Requirements Engineering, and Chair of the Steering Committee of ICSE - the International Conference on Software Engineering. He has served as Programme Chair of major conferences in his field, including the ASE'98, RE'01, and ICSE'05. He currently serves on the Steering Committee of the IEEE International Symposium of Secure Software Engineering, and recently (January/February 2008) guest edited a special of IEEE Transactions on Software Engineering on "Software Engineering for Secure Systems".
Bashar received a 2002 Philip Leverhulme Prize for outstanding international research achievements in software engineering, and a 2003 ICSE "Most Influential Paper" award. He was elected a Fellow of Automated Software Engineering in 2007 and held a Senior Research Fellowship of the Royal Academy of Engineering between 2005-2007. He is a Fellow of the British Computer Society and the Institution of Engineering and Technology, and is a Chartered Engineer.
Title: Model-Based Software Engineering: Expected and Unexpected Challenges
Model-based software engineering (MBSE) is a generic term for a category of approaches to software development that rely on significantly increased levels of abstraction and automation compared to traditional development methods. Although there are numerous examples of successful large- and medium-scale industrial projects that have successfully applied MBSE, it is still far from being widely accepted in practice. Part of the reason is the lack of technical maturity behind MBSE – there is, as yet, no comprehensive and systematic body of theoretical knowledge of the various facets behind MBSE to guide practitioners. However, in addition to these technical hurdles, there are also significant non-technical hurdles that stand in the way. In fact, the latter category of issues often turns out to be the more difficult one to overcome.
In this talk, we first identify and analyze the principal technical and non-technical challenges currently facing practitioners of MBSE. On the basis of this analysis, we identify key short- and long-term research problems that need to be resolved to facilitate broader adoption of MBSE in practice. We conclude with an outline of a comprehensive research programme into MBSE.
Bran Selic is President and Founder of Malina Software Corp., a Canadian company that provides consulting services to Fortune 100 clients worldwide. In 2007, Bran retired from IBM Canada, where he was an IBM Distinguished Engineer responsible for defining the strategic direction for software development tools for the Rational brand. He is also an adjunct professor of computer science at Carleton University in Ottawa, Canada. Bran has over 35 years of practical experience in designing and implementing large-scale industrial software systems and has pioneered the application of model-driven development methods in real-time and embedded applications. He is the chair of the OMG committee responsible for the UML 2 modeling language standard.
Bran received his Dipl.Ing degree in 1972 and his Mag.Ing degree in 1974, both from the University of Belgrade in Yugoslavia.