SecVolution: Beyond One-Shot Security: Keeping Information Systems Secure through Environment-Driven Knowledge Evolution

Techniques, tools and processes are developed to ensure that an information system meets the specified security requirements over its entire useful life. As a starting point, the SecReq approach is used, which was developed to incorporate security requirements into corresponding designs. A core concept is the systematic reuse of experience gained during the development of safety-critical software. It is fed back into the development process and used there. Heuristic tools and techniques are developed to record relevant changes in the environment and formalize them for semi-automated safety updates. The aim is to be able to maintain the security level of an information system in the long term.