National Center for Applied Cyber-Security ATHENE
since 2019
In the context of the National Center for Applied Cyber-Security ATHENE, Prof. Dr. Mira Mezini is involved in the missions Automatic Vulnerability Scanning and Verification and Trustworthy Data Ecosystems and the SecureCoder Mission for AI-assisted Secure and Safe Software Development.
Funded by State of Hesse and BMBF
ATHENE succeeded CASED, EC SPRIDE and CRISP. See also History of the ATHENE Center.
Center for Research in Security and Privacy (CRISP)
2015 - 2017
Within CRISP, Prof. Dr. Mira Mezini was involved with the research area “Secure Software Systems”.
The research area “Secure Software Systems” develops methods, tools and techniques to make software systems more secure, through a rigorous software development process. Current software systems are inherently insecure, as proven by newly discovered vulnerabilities and resulting break-ins virtually every day. Those problems are the result of a software development process that considers security only after the fact, and at this stage usually cannot offer a holistic solution to today’s security demands. Within the research area “Secure Software Systems” we develop both proactive and reactive approaches to securing software systems, both of which are equally important.
- Developers can use pro-active approaches for newly created projects. Those approaches, typically based on enhanced programming languages and tools, allow developers to create software that has security inherently built in, thereby avoiding large classes of attack vectors by design.
- Reactive approaches are more suitable to the large amount of legacy applications. Such approaches typically analyze the existing system’s code base or runtime traces to identify vulnerabilities and counter their detrimental effects just in time, through enforcement techniques.
- We also develop approaches that combine both ideas, guaranteeing vulnerability-freedom for some program parts while securely encapsulating potential vulnerabilities in others.
European Center for Security and Privacy by Design (EC SPRIDE)
2011 - 2015
The European Center for Security and Privacy by Design (EC SPRIDE) views security and data protection as an integral part of the software development process, and this is represented by the following research areas: Blueprint, Engineering and Building Blocks. Professor Dr. Mira Mezini was one of 15 principal investigators, and in particular the director of the subproject Engineering.
Engineering forms the core area of activity of EC SPRIDE. This workgroup looks at procedures for the systematic development, testing and verification of software and performs research into the subject of how security and the protection of privacy can be integrated into existing and future tools and methods. Security and data protection are viewed as specifications, models and aspects. To achieve this, our research focussed on:
- performing security-oriented requirements analyses,
- defining and enforcing best practices and other concepts of compliance, and
- extending practically-relevant verification and test systems by adding new security terms.
Secure Software Engineering Lab – LOEWE Center for Advanced Security Research Darmstadt (CASED)
2008 - 2016
The LOEWE Center for Advanced Security Research Darmstadt (CASED), supported research across 9 labs: the Secure Software Engineering Lab, the Cryptography Lab, the Privacy and Trust Lab, the Usable Security Lab, the Cloud Security Lab, the Mobile and Cyber-Physical System Security Lab, and the Internet and Infrastructure Security Lab. Professor Dr. Mira Mezini was one of 6 principal investigators in the Secure Software Engineering Lab.
The CASED Secure Software Engineering Lab develops methods, tools and techniques to make software systems more secure, through a rigorous software development process. Current software systems are inherently insecure, as proven by newly discovered vulnerabilities and resulting break-ins virtually every day. Those problems are the result of a software development process that considers security only after the fact, and at this stage usually cannot offer a holistic solution to today’s security demands. Our research focussed on:
- Programming languages and language-based security
- Dynamic program analysis, runtime monitoring, secure runtime environments
- Advanced modularity concepts, software product lines