The research area focuses on the assessment of security and privacy in nowadays IT systems, and on the development of corresponding protection.
Whenever a system that contains components from potentially untrusted vendors or sources, which is virtually always the case nowadays, security analysis constitutes the indispensable tool to assess their security guarantees. Ascertaining the security of such systems in a credible manner requires the development of comprehensive analytical methodologies and tools for analyzing and assessing the security of existing IT systems in a modular and automated manner. Similarly, the degree of an individual’s privacy when interacting with IT systems and services are being assessed, and corresponding protection technologies are being invented. Methodologicaly, the area ranges form foundational research, to the invention of reusable techonologies, to the development of prototypical systems.
Recent research in the area has focused on assessing privacy in large-scale systems such as online social networks, privacy-preserving Web analytics and advertising, Web browser security, security against run-time attacks, anonymity networks, formal analysis and verification of security-critical systems, as well as security- and privacy-enhancing techniques for mobile devices.