CSIS Seminar

Secure by Design, What does it mean? What does it take?

Abstract

Secure by design is an approach to developing secure software systems from the ground up. In such an approach, the alternate security controls and design decisions are first thought; among them, the best are selected and enforced by the architecture design, and then used as guiding principles for developers. Thus, design flaws in the architecture of a software system mean that successful attacks could result in enormous consequences. Therefore, secure-by-design shifts the main focus of software assurance from finding security bugs to identifying architectural flaws in the design. Current research in software security has been neglecting vulnerabilities that are caused by flaws in a software architecture design and/or deteriorations of the implementation of architectural decisions. In this talk, I will discuss the role and impact of software architecture and architecture awareness in software assurance activities. I will present the concept of Common Architectural Weakness Enumeration (CAWE), the results of empirical research on design flaws in real systems, as well as techniques to reason about security architecture and detect security architectural weaknesses.

Speaker Bio

Mehdi Mirakhorli is the Director of Research at ESL Global Cybersecurity Institute (GCI) and an associate professor of software engineering and Kodak Endowed Chair at Rochester Institute of Technology. His research interests are on the intersection of Software Engineering and Cybersecurity. He has carried out various projects of national importance in the areas of trustworthy software, software assurance, cybersecurity, resiliency, scientific software development, and software-enabled sustainable disposal. Dr. Mirakhorli has served as PI on R&D awards and contracts of over $20.8 Million. He serves as Associate Editor for IEEE Transactions in Software Engineering (TSE) and Empirical Software Engineering Journal. He is a recipient of the US National Science Foundation Faculty Early Career Development Award and multiple Distinguished/Best Paper Awards.