Reliably Secure Software Systems (RS3) –
DFG Priority Programme 1496

September 2017: The final event of RS3 will take place in Darmstadt on September 4–6.
August 2016: Heise online, the most frequently visited German-language IT news website, published a report about an 18-year-old vulnerability in the pseudo-random number generator of GnuPG that has been uncovered by RS3 researchers from the project DeduSec.
August 2016: Posters and demonstrators of the reference scenarios of RS3 were presented at the USENIX Security Symposium 2016 in Austin on August 11.
July 2016: Selected slides and pictures from the RS3 Practitioner Event are now online on the webpage of the event.
June 2016: The RS3 Practitioner Event took place on June 7–8, 2016 in Darmstadt.
April 2016: RS3 was presented by its coordinator Prof. Heiko Mantel in two talks on April 4 and 7 at the Royal Society Scientific Meeting on "Verified Trustworthy Software Systems" in London.

  • RS3 publications: Projects within RS3 in sum have more than 100 reviewed publications so far! See the full publication list for details!
  • Tools: A number of useful new security tools are being developed within RS3. See the tool list for details!

The final event of RS3 will take place on September 4–6 in Darmstadt.


The Priority Programme at a Glance


This Priority Programme assumes that a paradigm shift in IT-security is necessary in order to reliably guarantee the security of complex software systems. The current trust-based and mechanism-centric approaches to IT-security shall be complemented by property-oriented solutions. This paradigm shift shall enable a trustworthy certification of system-wide, technical security guarantees that adequately respects the semantics of programs and of security requirements. Bridging the gap from security in-the-small to security in-the-large will involve the improvement of conceptual foundations, the development of analysis and engineering tools, and their migration into practice. Collaborations between multiple sub-disciplines of Computer Science, primarily formal methods, IT-security, and programming languages, will be necessary to achieve the objectives of the programme.