Digital Security Seminar, Carleton University

Towards Unifying Software Engineering and Security Engineering

Dr. Mohammad Zulkernine (Queen's University)

ABSTRACT

Almost every software controlled system faces threats from potential adversaries both from internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted cost and time. Therefore, software should be designed with the objective not only of implementing the quality functionalities required for their users but also of combating potential and unexpected threats. The principal obstacle in achieving the above two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. Both software engineering and security engineering are ever evolving disciplines, and software security engineering is still in its infancy. We propose a unification of the process models of software engineering and security engineering in order to improve the steps of software life cycle that would better address the underlying objectives of the two engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. In this talk, I will discuss some of our initial attempts towards this unification process. I will also provide a brief overview of the current projects carried out in the QRST research group with respect to intrusion detection.

BIOGRAPHY

Mohammad Zulkernine is a faculty member of the School of Computing of Queen's University, Canada, where he is leading the Queen's Reliable Software Technology (QRST) research group. He received his B.Sc. degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology in 1993. Dr. Zulkernine received an M.Eng. degree in Computer Science and Systems Engineering from Muroran Institute of Technology, Japan in 1998. He received his Ph.D. from the Department of Electrical and Computer Engineering of the University of Waterloo, Canada in 2003, where he belonged to the university's Bell Canada Software Reliability Laboratory. Dr. Zulkernine's research focuses on software engineering (software reliability and security), specification-based automatic intrusion detection and software behavior monitoring. His research work are funded by a number of provincial and federal research organizations of Canada, while he is having a industry research partnership with Bell Canada. He is a member of the IEEE, ACM, and the IEEE Computer Society. Dr. Zulkernine is also cross-appointed in the Department of Electrical and Computer Engineering of Queen's University, and a licensed professional engineer of the province of Ontario, Canada. He can be reached at mzulker@cs.queensu.ca; http://www.cs.queensu.ca/~mzulker/.