以下信息来自ESSoS 2012讨论会的主题。我觉得在软件与系统安全方面总结的比较规范与全面,所以复制过来分享探讨。对于特种软件研发实践与理论探究具有方向性的意义,实际上,还有另外一个重要方面,就是软件与系统可靠性的相关主题。这两方面对特种软件研发与理论探索都是相当重要的。 安全软件与系统不限于以下领域,具有一定程度的开放性与融合性。 - scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation