Complex ICT systems need to be engineered with security “built in” from the beginning. A research focus within the ICT security program is to develop methodologies, techniques, and tools to facilitate secure and efficient system design and implementation. Research includes ICT security of currently operational as well as future systems. The developed methodologies leverage existing technologies such as cryptography and federated identity management as well as innovative approaches such as model-driven security for ensuring confidentiality, integrity, and availability of large-scale distributed systems (e.g., SOA-based Austrian eGovernment system or global geospatial information systems).
A system is as secure as its weakest link. So security engineering tools have to make it easier for system engineers to adhere to security requirements in different stages of the software development lifecycle like design, implementation and testing. Research initiatives also include the development of “security by design” architectures and supporting tools for secure software development lifecycles.