SecureChange investigates three different case studies from the following domains: home networks, smart cards, and air traffic management. The first project report delivered by the project's industrial partners summarizes selected scenarios from the case studies, and presents their requirements in detail.

Each case study follows the same schema for presenting its contents: a full description  of the application domain, motivation scenarios, and involved technologies is provided  first, followed by a section stressing the change and evolution related issues to the  case study and finished with a compilation of requirements for the scenarios.

Read more in the D1.1 Description of Scenarios and their Requirements.

One of the objectives of the SecureChange project is the development of verification techniques for evolving systems, with a strong focus on the development time and run time phases of the software lifecycle. This includes the development of programming models that can ensure the absence of classes of vulnerabilities. A  programming model consists of a set of programming guidelines designed to avoid a specific class of vulnerabilities. Source code annotations make the programming model explicit, and can support formal verification of compliance with the programming model.

Read on in the D6.1 Programming model and annotations report.

A risk analysis typically focuses on a particular configuration of the target at a particular point in time, and is valid under the assumptions made in the analysis. However, both the risk analysis target and its environment can change and evolve over time. We therefore need methods and techniques to reflect such changes in the risk analysis. This deliverable is concerned with the development of modelling support for risk analysis of changing and evolving systems; in other words, language support for modelling a changing and evolving risk picture.

Read on in the D5.2 Documentation of forecasts of future evolvement report.

As a software system evolves, security concerns need to be analyzed to re-evaluate the impact of changes on the system and the assumptions on environmental properties. Traditionally, the security requirements were handled in an ad-hoc way, while requirement models are often embedded in natural language descriptions which lead to inconsistent interpretations with respect to the meaning of the requirements. These made it difficult to analyze for requirements changes. By adopting a model-based engineering methodology, we propose to investigate such changes using a consistent conceptual model of evolving security requirements which incorporates the state-of-art requirement modeling languages such as Tropos and Problem Frames. To address the challenge of evolutionary security requirements, we lay out the conceptual meta-models, and the general methodology to handle changes on security requirements, including how to represent security requirements, how to model the changes of them, how to manage the changes and how to argue that the changes are fit for the purposes.

Read on in the D.3.2 Methodology for Evolutionary Requirements deliverable.

The SecureChange security engineering process is revolutionary in the respect that it is fully change driven. The view of existing security engineering processes as sequences of actions (e.g. risk analysis and requirements elicitation) performed on the whole system has been replaced by the view of change events causing change propagation and state changes in the security engineering artefacts. This change of paradigm provides for the first time a systematic way of handling changes based on dependencies between artefacts. Beyond that the SecureChange process incorporates concepts for the collaboration of different stakeholders in security engineering, ranging from the IT manager and requirements engineer to the security architect and system administrator. The goal of this collaborative approach is to support continuous security management and to achieve an adequate level of security at any time in the software lifecycle.

Read more in the D2.1 - An architectural blueprint and a software development process for security-critical lifelong systems deliverable.

The deadline for submitting new project in the FET-Proactive initiative is 13 April 2010. The current call covers such topics as Molecular Scale Devices and Systems or Brain-Inspired ICT. Visit the website of the call for more information.

The SecureChange project was presented by Fabio Massacci (UNITN) and Ketil Stolen (SINTEF) at the Perspectives Workshop: Evolving Critical Systems, organised in Dagstuhl on 2-4 December 2009. The Presentations are available on the workshop's website.

During this week (9th and 10th of Sep.) Deep Blue (DBL) organized a workshop about the Air Traffic Management (ATM) case study. The primary goal of the workshop was to present the case study in details to the other partners, and finalize the scenarios which will be studied and assessed later on in the project. As part of the workshop, the participants visited ENAV SpA, the Italian company for Air Navigation Services, CNS/ATM Experimental Center (ECEC).

The purpose of the Evaluation of existing methods and principles in risk analysis report was to evaluate existing methods and principles for risk assessment and risk analysis of security, privacy and dependability. In this evaluation the SecureChange partners identified strengths and weaknesses of existing methods and techniques with respect of assessing and analysing risk of long-lived, changing and evolving systems.