Security & privacy assessment and protection

Mission

header/research_header_column.jpg

The research area focuses on the assessment of security and privacy in nowadays IT systems, and on the development of corresponding protection.

Whenever a system that contains components from potentially untrusted vendors or sources, which is virtually always the case nowadays, security analysis constitutes the indispensable tool to assess their security guarantees. Ascertaining the security of such systems in a credible manner requires the development of comprehensive analytical methodologies and tools for analyzing and assessing the security of existing IT systems in a modular and automated manner. Similarly, the degree of an individual’s privacy when interacting with IT systems and services are being assessed, and corresponding protection technologies are being invented. Methodologicaly, the area ranges form foundational research, to the invention of reusable techonologies, to the development of prototypical systems.

Recent research in the area has focused on assessing privacy in large-scale systems such as online social networks, privacy-preserving Web analytics and advertising, Web browser security, security against run-time attacks, anonymity networks, formal analysis and verification of security-critical systems, as well as security- and privacy-enhancing techniques for mobile devices.

Publications

A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and its Application to Fair Exchange

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

P2P Mixing and Unlinkable Bitcoin Transactions

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

Thread modularity at many levels: a pearl in compositional verification

RedQueen: An Online Algorithm for Smart Broadcasting in Social Networks

"My friend Cayla" - eine nach § 90 TKG verbotene Sendeanlage?

Datenschutz für Minderjährige nach der Europäischen Datenschutz-Grundverordnung (DSGVO) vom 27. April 2016

Richterliche Unabhängigkeit und Bring Your Own Device (BYOD) – Weg in die Zukunft oder unvertretbares Sicherheitsrisiko?

Mit Schirm, Charme und Kamera – Verbotene Sendeanlagen i.S.d. § 90 TKG

Mail vom Rechtsanwalt? Herausforderungen sicherer Mandantenkommunikation

Membership Privacy in MicroRNA-based Studies

Profile Linkability despite Anonymity in Social Media Systems

On Statistically Secure Obfuscation with Approximate Correctness

Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles

An Empirical Study of Textual Key-Fingerprint Representations

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

Smart-Home-Systeme in Zeiten digitaler Kriminalität

R-Susceptibility: An IR-Centric Approach to Assessing Privacy Risks for Users in Online Communities

Mining Apps for Anomalies

Kizzle: A Signature Compiler for Detecting Exploit Kits

Mining Sandboxes

Implementation-level Analysis of the JavaScript Helios Voting Client

The Impact of Tangled Code Changes on Defect Prediction Models

On Testing Embedded Software

Smart Mobility für das Saarland: Identifikation von Chancen und Handlungsempfehlungen für eine digital vernetzte Mobilität

Soziale Netzwerke im Fokus von Phishing-Angriffen - Eine Analyse aus technischer und rechtlicher Sicht -

Metadaten – eine neue juristische Problemkategorie im Rahmen der elektronischen Aktenführung?

Pokémon GO – Technische Innovation und Strafrecht im Konflikt

EU-Datenschutz nach „Safe Harbor“

EncFS goes Multi-User: Adding Access Control to an Encrypted File System

Sicherheit in der Gebäudeautomation

Hacking Session beim 25. EDV-Gerichtstag – Praktische Demonstrationen zur IT-Sicherheit

Sicherheit der Kommunikation zwischen Rechtsanwalt und Mandant

Hardware-Keylogger: Die Tastatur in der Hand des Feindes

Personenbezug bei dynamischen IP-Adressen – Anmerkung zur Entscheidung des EuGH vom 19.10.2016

Ransomware als moderne Piraterie: Erpressung in Zeiten digitaler Kriminalität

Herausgabe der Personalakte eines Beamten an ein privates Unternehmen zum Zwecke der Aktendigitalisierung, Anmerkung zu OVG Schleswig, Beschl. v. 27.07.2016 – 2 MB 11/16

POSTER: In the Net of the Spider - Measuring the Anonymity-Impact of Network-level Adversaries Against Tor

Affine Refinement Types for Secure Distributed Programming

Symbolic Malleable Zero-knowledge Proofs

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information