System Quality and Information Security

Our increasingly digitalized reality presents both opportunities and also risks. System quality is integral to the acceptance of and trust in new technologies. Software must be reliable — in this regard, internal quality aspects such as maintainability are crucial preconditions. It is imperative that the information of organisations and also the privacy of individuals are adequately protected. The TZI has taken up this challenge by combining IT system quality management methods with information security-related issues.

Today, an ever increasing number of products contain software – televisions, mobile phones and cars, for example. Even if initial programming is done correctly new requirements can make software changes necessary. And this is where erosion begins, slowly and pervasively until the system crashes. Scientists are developing innovative procedures to ensure the quality of current systems, particularly software, and, if possible, to even improve it. Programmers working in companies are provided with tools for analysing source code, saving them time and money when maintaining and updating software as well as helping them to avoid errors. In addition to this, researchers are working closely with industrial partners to develop methods and tools to consolidate multiple software variants into a software product line. This is necessary since individual components are available in an ever increasing number of versions, for example airbags in the automotive industry.  By using a product line, both bugfixes and features can be reused across different models. Faulty software is, moreover, often the cause of security problems. It is thus logical that the issue of information security should be integrated into the software development phase and not implemented downstream. Work being carried out by TZI researchers combines software quality and security with the goal of preventing external attacks on corporate and institutional networks at the source. Data manipulation and spyware are becoming ever more sophisticated and have long since taken on the dimensions of organized crime. In addition to making personnel more aware of the dangers a key structural aspect is the question of how such attacks can be recognised in advance. The problem is exacerbated by employees’ increasing use of mobile devices such as smartphones or laptops to access corporate networks. Numerous research projects are searching for solutions to this problem which, on the one hand, enable corporate security experts to make informed decisions and, on the other, will be accepted and actually used by all employees.