Safety and Security


SafetyAndSecurity Safety and security are two essential aspects of systems and software. Safety-critical systems may cause serious economic or environmental damage, injuries, or even loss of lives. In order to cope with the rising complexity of the development of (software-intensive) safety-critical systems, our research focuses on model-based safety analysis techniques that apply formal methods of software engineering to the analysis of safety-critical systems: Based on formal system models, our analysis methods are able to identify all combinations of component failures of a system that may cause the occurrence of a potentially dangerous situation.

Further, as our devices become more interconnected, security and privacy continue to play an increasingly larger role in our lives. Information that was previously handled offline is now made accessible to a myriad of devices and web services, thus providing a much larger attack surface and a bigger potential for information leakage than in the past. In ISSE, we develop methodologies and tools to check, test and verify security properties for entire systems instead of just isolated parts. Our main focus lies with secure applications for mobile devices, secure elements and web servers.

Contact Safety

Johannes Leupolz
Tel.: +49 821 598 - 2211

Contact Security

Kuzman Katkalov
Tel.:+49 821 598 - 2201


Running Projects

  • IFlow
    Developing Systems with Secure Information Flow


  • Safety
    • Qualitative and quantitative safety analysis of technical systems with traditional (e.g., FMEA, FTA) and formal analysis methods (formal FTA, DCCA)
    • Formal modeling and proof of functional correctness with regard to safety properties
    • Detection of safety-relevant weak spots (single points of failure)
    • Suggestion and evaluation of improvements
    • Optimization of safety-relevant parameters
    • Finding of "best compromises" at antagonistic safety aims
  • Security
    • Consulting in the introduction of individual security solutions in enterprises (e.g., chip cards for access control and authentication, WLAN, software products and configurations)
    • Support in the improvement of the developed software's security (software engineering process, guidelines for users, tools for static analysis, use of cryptography, ...)


Safety and security are two essential aspects of systems and software. Safety is concerned with protection against danger from inside a system while security is concerned with protection of a system against outside threats. Good safety and security cannot be added post mortem to a system, they must be integrated into the design process. However, both require quite different methods and techniques than the functional design of a system.
Safety-critical systems are expected to operate safely under regular circumstances as well as in many degraded situations. In the latter case, these systems have to cope with one or more components that are not working as specified, while at the same time they have to guarantee that no harm is done to people or the environment. A wide variety of traditional safety analysis techniques (such as Fault Tree Analysis or Failure Modes and Effects Analysis) help safety engineers in systematically analyzing a system: They dissect the system to determine possible (combinations of) component failures that might result in an occurrence of a dangerous situation. However, the functionality provided by safety-critical systems is becoming increasingly complex, therefore requiring the development of more sophisticated analysis techniques to analyze the system behavior under both regular and degraded situations. Additionally, software is becoming an increasingly important factor for the innovation of safety-critical systems; more and more safety-critical hardware is replaced by software. However, software development is complex and error-prone and is thus likely to introduce systematic errors that have the potential of violating safety requirements. We therefore use formal methods to improve the safety analysis process, devising analysis techniques that are based on a sound mathematical foundation.
Security is concerned with malicious humans that actively search for and exploit weaknesses in a system. It is very difficult to effectively protect against this kind of threat because a developer is focused on the intended behavior of a system, not how to break it. The ISSE develops methods, techniques and tools to build security into a system. Main aspects are a model driven development process, code generation, and formal methods for information flow control, privacy protection, and secure protocols for e-commerce applications.