Home > Secure By Design, What does it mean? What does it take?

Secure By Design, What does it mean? What does it take?


10/22/2020 at 3:55PM


10/22/2020 at 5:10PM


(This seminar is a virtual talk)


College of Engineering close button

Jane Cleland-Huang

Jane Cleland-Huang

VIEW FULL PROFILE Email: janeclelandhuang@nd.edu
Phone: 574-631-3637
Website: http://sarec.nd.edu/pages/ClelandHuang.html
Office: 354 Fitzpatrick
Software requirements traceability, software architecture, and the application of machine learning and data mining methods to address large-scale software and systems engineering problems.
Click for more information about Jane
Add to calendar:
iCal vCal

Secure by design is an approach to developing secure software systems from the ground up.  In such an approach,  the alternate security controls and design decisions are first thought; among them, the best are selected and enforced by the architecture design, and then used as guiding principles for developers.  Thus, design flaws in the architecture of a software system mean that successful attacks could result in enormous consequences. Therefore, secure-by-design shifts the main focus of software assurance from finding security bugs to identifying architectural flaws in the design. Current research in software security has been neglecting vulnerabilities that are caused by flaws in a software architecture design and/or deteriorations of the implementation of architectural decisions. In this talk, I will discuss the role and impact of software architecture and architecture awareness in software assurance activities.  I will present the concept of Common Architectural Weakness Enumeration (CAWE), the results of empirical research on design flaws in real systems, as well as techniques to reason about security architecture and detect security architectural weaknesses.

Seminar Speaker:

Mehdi Mirakhorli

Mehdi Mirakhorli

Rochester Institute of Technology

Mehdi Mirakhorli is an associate professor of software engineering and Kodak Endowed Scholar at Rochester Institute of Technology. He is the founding director of Software Design and Productivity Laboratory and a member of the Global Cybersecurity Institute at RIT. His research interests are on the intersection of Software Engineering and Cybersecurity.  Dr. Mirakhorli has served as PI on grants worth over $5 Million. Dr. Mirakhorli serves on the Editorial Board of the Journal of Software and Systems (JSS) and IEEE Transaction in Software Engineering (TSE). He is a recipient of the NSF CAREER award and multiple Distinguished/Best Paper Awards.