Applied Discrete Mathematics for Information Security
The focus of Area 4 is to develop mathematical foundations and related primitives that can be used for data protection, secure communications and assured quality of software. The developed primitives will be evaluated in security challenges addressed by the center with mathematically guaranteed levels of trustworthiness. In the upcoming years we will establish a new perspective of how discrete mathematics can contribute to information security. We will look at two topics: (i) the future of cryptography, including cryptographic primitives that will remain secure even if large quantum computers become available, and (ii) combinatorial security testing. Combinatorial security testing reduces the number of required test cases by several orders of magnitude while increasing the test coverage and thus considerably reducing the amount of resources needed for testing. The research challenge is to find mathematical foundations from discrete mathematics that are applicable to real-world and large-scale software.
Security Interaction Testing for IoT and Blockchains
The SENTINEL project aims to expand the horizons of combinatorial security testing by developing new methods for the challenging application-domains of Internet-of-Things (IoT) and Blockchains. The major research tasks include combinatorial sequence testing, case studies and related tool development.
Securing Web Technologies with Combinatorial Interaction Testing
The SecWIT project aims to advance the state of the art of Combinatorial Security Testing (CST) for web technologies and in the process facilitate methodologies and techniques that can be transformed into prototype security testing tools by utilization partners. By means of this approach, the specific goals are as follows: Modelling of web security attacks, methodology for guided combinatorial testing, localization of faults, and to develop a prototype security testing framework.
Security Protocol Interaction Testing in Practice
The SPLIT project applies methods from the field of combinatorial (interaction) testing and model-based testing with the aim of providing quality assurance to software security protocols. The project thus makes a significant contribution towards protecting the information of communicating parties in a digitally connected society.
Secure Coding and Code Analysis
The focus of the research area was to investigate software solutions based on secure coding primitives. We investigated, the security of large-scale systems and combinatorial testing methods for the Linux system call API, web security tests as well as laid down the foundation for combinatorial testing methods capable of detecting malicious hardware.
Model-based Security Testing in Practice
The MoBSeTIP project was focused on the combination of model-based testing and combinatorial testing methods in the area of security testing. The goal of the project was the development of a methodology for automatic generation and execution of test cases that cover certain security aspects of software components. The results generated in this project were of essential economic importance, especially in the automation of security tests, and undertook an important role in all of future projects.