Scroll Top

Secure Software & Service Engineering

Security has traditionally been considered once the system is implemented and deployed as an after-the-fact property. This has led to poor security solutions in the form of patches that solve security problems only when a security incident has already happened and caused damage. The area of secure software engineering takes a preventive approach by considering security in every phase of the Software Development Life Cycle (SDLC)[1]. We have approached this area both by spanning the whole SDLC and by focusing on concrete stages.

Regarding works in the first direction, we proposed a complete development process for mobile grid systems that incorporates security in every phase of the SDLC and that includes automated tool support for the tasks involved in each phase [2][3][4]. This work was done under auspices of the FP6 EU project GREDIA, which concentrated on creating services in grid environments where mobile applications came into place. The FP7 project SPIKE also worked towards the creation of collaborative services but using a service bus environment for building alliances among involved entities in the collaboration. We at NICS concentrated in both cases in the security framework for seamless interaction.

Another contribution in this direction is the integration of assurance cases with system development[5][6]. The goal is to map different phases of the SDLC and its artefacts (e.g. use case or component diagrams) into claims about the security of the system, in such a way that any change in the system can predict changes in the evidence or arguments about its security.

On the other hand, we are also concerned about security in concrete phases of the SDLC. During requirements, given that users and developers find easier to express their security needs at high levels of abstractions, we proposed a UML-based framework for integrating security and functional requirements in business processes. This framework includes a translation to a formal notation for consistency checking, validation and verification[7], and was further elaborated in order to include support for authentication and authorization services[8].

We also developed a UML profile for trust and reputation that allows requirements engineers to include trust and reputation considerations right in the beginning of the software specification and design [9]. The idea is that software analysts and requirements engineers can elicit the trust relationships in the system, as well as all the information about them, including how they can evolve over the system lifetime. The profile also provides support for specifying reputation information.

The Future Internet (FI) comprises complex scenarios where systems are composed of heterogeneous devices that interact to provide end-users with services. Research has been framed in this setting within the NESSoS EU project, where we have considered security, and in particular trust and reputation, in different phases of the SDLC. During the requirements engineering phase, trust can be a useful indicator for early threats identification for Socio-Technical Systems (STS). Not only do these systems consider the information systems, but also the relationships between different stakeholders that interact with each other. We proposed a trust model that can be applied onto STSs in order to identify threats (e.g. confidentiality threat to a resource) early in the analysis phase, before the actual design and implementation takes place [10].

Considering how security, and in particular trust and reputation, can be integrated during later phases of the SDLC, including architecture, design and implementation, is a major goal of our research. In this direction, we are building a development framework that assists during the implementation of trust and reputation models onto services and applications [11]. This framework can be useful under multiple settings of the FI, including the Cloud [12] and self-adaptive systems, that is, systems that can change their structure and behaviour at runtime in response to changes in the environment. In the latter, it is of special relevance to analyse how trust can be used to drive the reconfiguration process of the system[13]. Also , in the context of the project NeCS we have continued with the paradigm of the SDLC for trust in particular for smart home devices [14]. Moreover, we have also considered how trust affects the privacy of the entities involved in trust negotiation processes using privacy-by-design approach and integrating this into early phases of the SDLC [15].


  1. Wouter Joosen and Javier Lopez and Fabio Martinelli and Fabio Massacci (2011): Engineering Secure Future Internet Services. In: Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011), pp. 177-191, Springer Berlin Heidelberg Springer Berlin Heidelberg, Budapest, 2011, ISSN: 0302-9743.
  2. David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez (2011): Security Services Architecture for Secure Mobile Grid Systems. In: Journal of Systems Architecture, vol. 57, pp. 240-258, 2011, ISSN: 1383-7621.
  3. David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini (2010): Analysis of Secure Mobile Grid Systems: A Systematic Approach. In: Information and Software Technology, vol. 52, pp. 517-536, 2010, ISSN: 0950-5849.
  4. David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez (2009): Obtaining Security Requirements for a Mobile Grid System. In: International Journal of Grid and High Performance Computing, vol. 1, pp. 1-17, 2009, ISSN: 1938-0259.
  5. Jose L. Vivas and Isaac Agudo and Javier Lopez (2011): A methodology for security assurance-driven system development. In: Requirements Engineering, vol. 16, no. 1, pp. 55-73, 2011, ISSN: 0947-3602.
  6. Antonio Acien and Ana Nieto and Gerardo Fernandez and Javier Lopez (2018): A comprehensive methodology for deploying IoT honeypots. In: 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018), pp. 229–243, Springer Nature Switzerland AG Springer Nature Switzerland AG, Regensburg (Germany), 2018.
  7. Jose L. Vivas and Jose A. Montenegro and Javier Lopez (2003): Towards Business Process-Driven Framework for Security Engineering with the UML. In: 6th International Conference on Information Security (ISC’03), pp. 381-395, Springer-Verlag Springer-Verlag, Bristol, U.K., 2003, ISBN: 1-4020-7449-2.
  8. Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson (2005): Specification and Design of Advanced Authentication and Authorization Services. In: Computer Standards & Interfaces, vol. 27, no. 5, pp. 467-478, 2005, ISSN: 0920-5489.
  9. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): Towards Engineering Trust-aware Future Internet Systems. In: Franch, Xavier; Soffer, Pnina (Ed.): 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), pp. 490-501, Springer-Verlag Springer-Verlag, Valencia, 2013, ISSN: 1865-1348.
  10. Federica Paci and Carmen Fernandez-Gago and Francisco Moyano (2013): Detecting Insider Threats: a Trust-Aware Framework. In: 8th International Conference on Availability, Reliability and Security, pp. 121-130, IEEE IEEE, Regensburg, Germany, 2013, ISBN: 978-0-7695-5008-4.
  11. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): Building Trust and Reputation In: A Development Framework for Trust Models Implementation. In: Jøsang, Audung; Samarati, Pierangela; Petrocchi, Marinella (Ed.): 8th International Workshop on Security and Trust Management (STM 2012), pp. 113-128, Springer Springer, Pisa, 2013, ISSN: 0302-9743.
  12. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): A Framework for Enabling Trust Requirements in Social Cloud Applications. In: Requirements Engineering, vol. 18, pp. 321-341, 2013, ISSN: 0947-3602.
  13. Francisco Moyano and Benoit Baudry and Javier Lopez (2013): Towards Trust-Aware and Self-Adaptive Systems. In: Fernandez-Gago, Carmen; Agudo, Isaac; Martinelli, Fabio; Pearson, Siani (Ed.): 7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013), pp. 255-262, Springer Springer, Malaga, 2013, ISSN: 1868-4238.
  14. Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez (2020): A model-driven approach to ensure trust in the IoT. In: Human-centric Computing and Information Sciences, vol. 10, no. 50, 2020, ISSN: 2192-1962.
  15. Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2018): Modelling Privacy-Aware Trust Negotiations. In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.