Sven Bugiel
Dr.-Ing. | Faculty


  • Trusted Systems Group
  • Building E9 1, Room 3.09
  • +49 681 302 57362
  • bugiel(aeht)cispa.saarland
  • Personal Webpage

Curriculum Vitae

Please check my full CV for more details.

Since Feb, 2016 Dr.-Ing. (Ph.D. in Security in Information Technology)
Ph.D. thesis title: "Establishing Mandatory Access Control on Android OS"
Since 2013 Research Assistant and Ph.D. Student
in the Information Security & Cryptography Group , Saarland University , Germany
2010 - 2013 Research Assistant and Ph.D. Student
at the Center for Advanced Security Research Darmstadt , Germany
2008 - 2010 Erasmus Mundus Master's Programme
in Security and Mobile Computing on the KTH / DTU track.

Master of Science in Engineering, Security and Mobile Computing.
Master thesis title: "Using TCG/DRTM for application-specific credential storage and usage" (in cooperation with Nokia Research Center, Helsinki, Finland)
2008 - 2009 Summer Research Internships
in the Trustworthy Mobile Platforms Group at Nokia Research Center, Helsinki, Finland
2007 - 2008 Erasmus
at Helsinki University of Technology (now Aalto University )
2004 - 2008 Studies
at Horst Görtz Institute for IT Security , RuhrUniversity Bochum, Germany

Awards

  • 2012 – TeleTrusT Innovation Award 2012;
    Awarded for the development of the BizzTrust solution, in cooperation with Stephan Heuser and Ahmad-Reza Sadeghi of the Cyber-physical and Mobile Systems Security group at the Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany.
  • 2012 – Finalist 4th German IT Security Award;
    Finalist with the project CloudMiner: Automatic Tool for Security and Privacy Analysis of Cloud Infrastructures.
  • 2012 – Finalist 4th German IT Security Award;
    Finalist with the BizzTrust solution for dual-persona smartphones, in cooperation with Stephan Heuser and Ahmad-Reza Sadeghi of the Cyber-physical and Mobile Systems Security group at the Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany.

Projects

Android Security

Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. Its security concept based on app isolation and access control however is unsatisfactory. This projects researches program analyses that ameliorate this situation. For example our system AppGuard enforces security policies at runtime without requiring root permissions.

Android Access Control

Enabling generic, multi-layered, and extensible access control on Android.

Android App Vetting

Application vetting at app stores and market places is the first line of defense to protect mobile end-users from malware, spyware, and immoderately curious apps. However, the lack of a highly precise yet large-scaling static analysis has forced market operators to resort to less reliable and only small-scaling dynamic or even manual analysis techniques. This project introduces Bati, an analysis framework specifically tailored to perform highly precise static analysis of Android apps.

Publications

2017

ARTist: The Android Runtime Instrumentation and Security Toolkit

2016

Reliable Third-Party Library Detection in Android and its Security Applications

Boxify: Bringing Full-Fledged App Sandboxing to Stock Android

R-Droid: Leveraging Android App Analysis with Static Slice Optimization

SoK: Lessons Learned From Android Security Research For Appified Software Platforms

2015

Boxify: Full-fledged App Sandboxing for Stock Android

2014

Android Security Framework: Extensible Multi-Layered Access Control on Android

Scippa: System-Centric IPC Provenance on Android

2013

Advances in Mobile Security

Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies

Client-controlled Cryptography-as-a-Service in the Cloud

2012

Softer Smartcards: Usable Cryptographic Tokens with Secure Execution

Towards Taming Privilege-Escalation Attacks on Android

2011

AmazonIA: When Elasticity Snaps Back

Practical and Lightweight Domain Isolation on Android

Twin Clouds: Secure Cloud Computing with Low Latency

Scalable Trust Establishment with Software Reputation

2010

TruWalletM: Secure Web Authentication on Mobile Platforms

Implementing an Application-Specific Credential Platform Using Late-Launched Mobile Trusted Module

2009

Trust in a Small Package: Minimized MRTM Software Implementation for Mobile Secure Environments