Software plays a key role in the security of IT systems. Most attacks on IT systems are carried out using malware, which is itself software. This malware exploits vulnerabilities (from a security perspective - programming errors) in regularly installed software on the victim system. Therefore, software security has to deal not only with the detection of malware but also with methods for the development of more secure software.
Malware attacks pose a nascent and ever-increasing threat to IT infrastructure, not just in the private sector, but also most notably in the operational and public sectors. The amount of newly detected malware each year is already in the double-digit million range. As a result, the importance of analysing suspicious code and developing defence measures (antivirus software and intrusion-detection systems) is increasing.
The research focus of software security is mainly concerned with the dynamic analysis of malware. The suspicious code samples are executed in a secure environment and the activities are logged. For these execution traces, patterns for particular (malicious) behaviours are then defined. In order to detect, categorize and classify these patterns, among other things, data-mining algorithms are applied. Another focus is the use of formal methods to describe malignant (or also "normal") behavioural patterns.
Intrusion detection/prevention systems are another area of application for dynamic (behavioural) detection and definition of security-relevant patterns.