The current state of the art in security-critical software is far from satisfactory: New security vulnerabilities are detected on an almost daily basis. To improve this situation, we develop techniques and tools that perform an automated analysis of software artefacts for security requirements (such as secrecy, integrity, and authenticity). These artefacts include specifications in the Unified Modeling Language (UML), annotated source code, and run-time data such as security permissions. The security analysis techniques make use of model-checkers and automated theorem provers for first-order logic. We give examples for security flaws found in industrial software using our tools.

Download PowerPoint presentation (3.4Mb ZIP file)

Watch the webcast replay >>