Software Security Engineering

The Software Security Engineering research group is headed by Christopher Gerking. Our research focus is the intersection of software engineering and IT security. We intend to provide software developers with processes, methods, and tools to achieve specific protection goals of systems under development. In particular, our research efforts address the integration of automated security analyses and vulnerability scanners into the development lifecycle. These analyses are rooted in the field of information flow security, enabling software systems to be analyzed for confidentiality or integrity vulnerabilities using formal methods. An associated research topic is the incorporation of privacy-enhancing technologies into the analyses, including de-identification (such as anonymization or pseudonymization) and differential privacy. We also address the legal compliance of security analyses by deriving analysis rules from the relevant legal framework on data protection law. A specific application area of our research is the domain of mobility systems.