Bachelorprojekt - Softwareteknologi | Project No. 0255: Holistic Security Manager (HoliSec) |
Aktuelle | Tidligere |
Managing security is hard. Not only because it requires great expertise, but also because security means different things to different people. DTU Compute is currently involved in a Security by Design project, and we believe that security should eventually boil down to mitigating threats against threats to the goals of companies. However, these top-level goals are not easily related to the actual low-level threats discovered by tools and developers. The goal of this project is to build an open source prototype tool, that delegates the goals of the company to its employees, which can delegate further to tools which seamlessly can report threats back, all the way back to the company. The tool should manage, store, and relate goals and threats across many levels of a hierarchy. While the project is about building a general applicable tool, we can focus on a small initial case. Imagine a small company with a CEO responsible for the company, a Project leader responsible for a product, and two developers – one backend and one frontend. The tool should be able to help the CEO describe their security goals to the rest of the company, while also aggregating and reporting back any security threats. On the developer level the tool should interact with a CI environment and collect information about the results of test/static analysis/dynamic analysis/and bug reports, which can be aggregated and reported back.
Prerequisites:
The team should have knowledge about how to build larger systems and also about how software analysis works: |
Supervisor(s): Alberto Lluch Lafuente and Christian Gram Kalhauge
Sidst opdateret: Nov 25, 2021 af Carsten Witt |