Engineering Secure Software-intensive Systems: Principles and Practices

Socio-technical factors in secure software engineering methodologies and practices

Software development is a highly cognitive process, requiring the intellectual work of individuals and groups. And the development of secure software systems is highly dependent on the decisions of the software developers and other relevant stakeholders. Due to this reason, it is a field that is affected by errors in human judgment and a range of other socio-technical factors. Therefore, how do we account for this “human factor”, which plays a major role in this process?

Secure Mobile Health Application Engineering

Smartphone ownership has surpassed three billion, and it is expected to increase by several hundred million in the next few years. Healthcare becomes one of the primary domains that strive to utilise mobile applications (apps) to empower and innovate health services. Many evidence was presented in previous studies that showed that employing mobile health apps is an effective approach to enhance end-users' health for several clinical scenarios (e.g., dermatologic care apps, chronic management apps, rehabilitation apps). Despite the many advantages of using mobile health apps, security remains an ongoing concern that needs to be addressed. Many mobile health apps would be dealing with highly sensitive health data, and insecure apps would pose significant risks.

Security Orchestration and Automation

At CREST researchers are leveraging existing software engineering, analytical reasoning, natural language processing and machine learning tools and techniques to develop a secure and integrated platform. Our aim is to help build a secure and integrated platform that is easy to use and evolve with the changing threat landscape and increase the operation efficiency of the cybersecurity team.