Cybersecurity Engineering Research

Cybersecurity Engineering researchers work in the following areas. In addition, our researchers develop products and services, including curricula to help educate students and professionals.

Using Malware Analysis in Security Requirements Elicitation

This research uses information about previous cyberattacks to enhance requirements elicitation for software development.

Security Engineering Risk Analysis (SERA)

This research is focused on developing methods for analyzing security-related design weaknesses that cannot be corrected easily during operations. The goal is to enable the early detection and remediation of design weaknesses, thereby reducing residual security risk when a system is deployed.

Cybersecurity Quality Metrics

This research evaluates the feasibility of using specialized software quality models to improve the security of software and of using available quality and vulnerability data to effectively calibrate a specialized quality model to track and forecast security defects.

Security Quality Requirements Engineering (SQUARE)

This research and its resulting tool helps organizations to build security into the early stages of the production and acquisition lifecycles, including privacy.

Supply Chain and COTS Assurance

This research aims to help you evaluate and reduce supply chain risk, provides guidance you can use to manage these risks, and improve your use of resources in reducing these risks.

Cybersecurity and Software Assurance Measurement and Analysis

The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.

Software Assurance Ecosystem

This research involves investigating and developing viable, reasoned ways to describe problem complexity within the security assurance ecosystem with sufficient insight to identify opportunities for real improvement.