Research Activities
Security Software Engineering
We focus on security requirements and design, security system and evaluation, security testing and evaluation.In this research, we achieved a software security system model through the three-dimensional model. We put forward the trustworthy software engineering framework, and achieved a trustworthy engineering platform based on the framework. The platform can help users find weakness early in the software development process and provide appropriate solutions accordingly. We built the security flaw Knowledge database according to software defect detection. The definition and analysis of the database structure are following. We also provided the description based on the formalization and logical flaws library and achieved the defect library automation management tool on this basis.
In additional, security testing method and trusted attributes evaluation system had been proposed in our work.
Network and Information Security
We focus on application software security and network security, including web security, mobile security and browser security. In the network security, we constructed protocol model with formalization methods and verified the security of protocol by PAT. As for browser security, we achieved a monitor system which can detect the browser's extensions behavioral. Three models are included in the monitor system: hook intercept and capture module; hook capture the transmission of information; detection and processing module. In addition to the above, vulnerability analysis and security testing for the mobile platform had been built in our group.There are three steps. Firstly, the installation process of android system is improved. Then, a hierarchical security framework is designed and implemented. The last step is malware behavior detection. We can also analyze the sequence of behaviors according to these results.
Model checking
We focus on security analysis and verification for the network protocol. Firstly, the network protocols are formalized and the attacker model can be built. Then, security goals and constraints of the protocol are formalized. The last, we can analyze the protocols through the technology of model checking. From the counter-example, we can find the security problems, generate the attacker report and give a guidance to the development of network protocol.Program Analysis
We focus on loops analysis, invariant, termination and resource analysis.Evaluation of trustworthy software and test
We focus on trusted software theory and verification, trust mechanism and model, evaluation of trustworthy software and test. There are three aspects. The first one is trustworthy software model and engineering method. The second is evaluation of trustworthy software model and measurement system. The last one is the trustworthy software verified theory and test methods.In this year, our research is focus on studying the existing architecture evaluation method, summarizing and reproducing the available method. Based on these methods, we will build the software architecture evaluation tool prototype system. In additional, we also pay attention to assess the safety of structure. The main work is security architecture description, obtainment of security scenario set and security measure indexes etc.