The PortSec project develops a systematic and comprehensive IT risk management for port community systems based on the software architecture while considering legal and economic security requirements. The software-centric approach focuses on the prevention of attacks and not primarily on attack detection and defense. The approach is innovative as it is currently not being considered in the processes and standards of information security management systems (ISMS). The Universität Bremen will (semi-)automatically reconstruct the implemented software architecture from the source code of the port community system. Business processes and corresponding legal as well as economic security requirements will be formalized. Checking these requirements against the reconstructed software and system architecture contributes to the identification of specific IT risks. Within the R&D project PortSec, the Universität Bremen will reconstruct the security architecture of port telematics systems semi-automatically. With the help of static program analyses, the security architecture will be reconstructed from the Java code of the port community system. Furthermore, the IT environment of the port community system will be systematically determined to obtain a comprehensive picture of the whole system security architecture. The system security architecture will then be visualized and analyzed. The Universität Bremen will also formalize business processes relevant for port telematics and their security requirements (e.g., with UML/OCL, graph formalisms or logics). The resulting formalized security rules will then be checked against the (semi-)automatically reconstructed IT-security architecture.
Period: 01/09/2016 -31/08/2018
Partners: Institute of Shipping Economics and Logistics (ISL), datenschutz cert GmbH, dbh Logistics IT GmbH
Funding Body: BMBF