Developing secure software systems correctly is difficult Many vulnerabilities in fielded security-critical systems have been exploited, sometimes leading to spectacular attacks.

The emphasis of the competence center on IT-Security lies in the methodological development of security-critical systems, including the use of formal methods and with regards to official certification.

Model-based development of secure systems using AutoFocus

The extension of the CASE- tool AutoFocus with security information allows the seamless consideration of security aspects in the development process with support of modelling, simulation, consistence checking, code generation, verification, and testing.

UMLsec: The secure systems extension of UML
UMLsec is the so far only extension of the object-oriented Unified Modeling Language (UML), the industry-standard in modelling. UMLsec allows one to formulate security requirements in a system specification in a simple and intuitiv way. The widespread knowledge of UML facilitates use of UMLsec.

The formal specifications both in UMLsec and AutoFocus can be used to verify security requirements. This allows certification on the highest degree (Common Criteria, EAL 7).