The protection of information assets from harm is a critical goal of information security. In software systems with highly dynamic social and technological contexts, such as cloud applications and services, ensuring information security poses several new challenges. From a software engineering perspective, these challenges include the identification of information assets and their owners, potential attacks and vulnerabilities, and the extent to which security requirements can be enforced. This project aims to address these challenges by developing tools and techniques for adaptive information security. We achieve this through a requirements-driven approach comprising three novel contributions: (1) improved representations and analysis of security requirements, (2) richer and more effective links between requirements and design during both forward- and reverse-engineering, and (3) better exploitation of adaptive design enabled by dynamic security policies.
The project will build on the expertise of internationally leading researchers in the UK and Qatar, and deliver both conceptual and tool integration of the individual contributions through a collaborative research programme with a shared focus, joint activities, exchange visits, and an international workshop for dissemination and planning of further work.