Information for Researchers No. 66 | 21 December 2011
Priority Programme “Reliably Secure Software Systems – RS3” (SPP 1496)
The Senate of the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) has approved a Priority Programme “Reliably Secure Software Systems – RS3” (SPP 1496). The programme started its first phase in October 2010, and it is designed to run for six years. This call for proposals concerns the second two-year phase from October 2012 to September 2014. Proposals of projects that continue projects from the first phase as well as proposals of new projects are welcome.
The Priority Programme assumes that a paradigm shift in IT-security is necessary in order to reliably guarantee the security of complex software systems. The current trust-based and mechanism-centric approaches to IT-security shall be complemented by property-oriented solutions. This paradigm shift shall enable a trustworthy certification of system-wide, technical security guarantees that adequately respects the semantics of programmes and of security requirements. Bridging the gap from security in-the-small to security in-the-large will involve the improvement of conceptual foundations, the development of analysis and engineering tools, and their migration into practice.
The first guiding theme of RS3 is the development of precisely defined (and, thus, verifiable) security properties. This shall enable a property-oriented perspective on security that, on the one hand, abstracts from technical details of implementations and, on the other hand, permits one to model the manifold security requirements and guarantees in an adequate and precise way.
The second guiding theme of RS3 is the development of programme analysis methods and tools that target the verification of security properties in a sound, precise, scalable, and usable way. This will create the basis for a semantically substantiated (and, thus, reliable) certification of security guarantees for software systems. Verification tools will be employed to establish security properties of programmes as well as to ensure the soundness of security analysis tools.
The third guiding theme of RS3 is the development of concepts for understanding and certifying security aspects even in complex software systems (hence, for security in-the-large). This requires the adaption of established techniques for abstraction, decomposition and stepwise refinement to the field of security. In particular, it shall become possible to derive abstract security guarantees (e.g., need-to-know or separation-of-duty) from the low-level properties that are typically guaranteed by security mechanisms.
The overall goal of the Priority Programme is to support the reliable certification of useful, system-wide security guarantees based on a well-founded understanding of programmes and of security aspects. The emphasis is on approaches to control the flow of information and the usage of security-critical data. Though being designed with this focus in mind, the Priority Programme is open to alternative, possibly speculative approaches. Existing information flow properties like non-interference shall serve as a role model with respect to declarativeness and conciseness of semantic foundations.
In the second phase of RS3, each project shall contribute to the first two guiding themes at least (in the third phase, contributions to all three guiding themes will be expected). Each project proposal must clearly state (1) which security properties will be addressed and (2) which analysis techniques will be developed and/or will be used. Proposals that aim for general advances in programme analysis or of verification tools as well as proposals that aim for advances of specific security mechanisms (like, e.g., authentication mechanisms, access controls or cryptographic algorithms) are outside scope – unless they establish a clear connection to the overall goal of the Priority Programme.
Collaborations between multiple sub-disciplines of computer science, primarily formal methods, IT-security, and programming languages, will be necessary to achieve the objectives of the programme. Tandem projects between researchers from different areas, who have not yet worked in the respective other discipline, are possible (but not required). To emphasise the potential for synergies with other projects, each proposal shall state which of the following four keywords fits the scope of the project best: “sequential non-interference”, “concurrent non-interference”, “security engineering” and “usage control”.
All applicants shall reserve the second week of October 2012 such that they can participate in the yearly meeting of RS3, which shall be attended at least by all principal investigators and all researchers financed by the Priority Programme. In contrast to the first phase, the costs for participating in networking events will not be reimbursed by the DFG directly. Proposals should take the costs for attending regular RS3 meetings into account in their calculation.
Proposals for the coming two-year funding period should reach DFG no later than
1 April 2012. All proposals must be written in English and be in compliance with the official guidelines and proposal preparation instructions of the DFG (see paragraph below). Submissions, marked “SPP 1496: Reliably Secure Software Systems – RS3”, should be addressed to Deutsche Forschungsgemeinschaft, attn. Dr. Gerit Sonntag, 53170 Bonn, and, in addition, to Prof. Dr. Heiko Mantel (see address below). An eligible submission contains one paper copy and one CD-ROM containing the proposal and all appendices as pdf-files. The second funding period is planned to start in October 2012.
Please note that the guidelines for preparing proposals have changed compared to the initial call two years ago: Now, proposals within a Priority Programme have to follow guideline 50.05e part B (general framework for applying in a Priority Programme) and 54.01e (preparation guideline). Nonetheless, submission still has to take place on paper and CD-ROM.
Information about the Priority Programme is available at:
Proposal guidelines and preparation instructions are available on the DFG’s website at:
For scientific enquiries concerning the scope of the programme, please contact the Priority Programme’s coordinator:
Prof. Dr. Heiko Mantel
Fachbereich Informatik, MAIS, TU Darmstadt
Link auf E-Mailcoordinator@spp-rs3.de
For administrative enquiries, including questions on setting up the proposal, please contact:
Dr. Gerit Sonntag
phone: +49 228 885-2499
Link auf E-MailGerit.Sonntag@dfg.de