CISPA combines comprehensive foundational research on the discovery of new principles and approaches with their systematic further development into a universal toolbox of deployable security technologies and their systematic application and secure composition to large-scale systems. Our research is organized in five core research areas of major significance for society and industry.
The research area focuses on the assessment of security and privacy in nowadays IT systems, and on the development of corresponding protection. Ascertaining security requires the development of comprehensive analytical methodologies and tools for assessing the security of existing IT systems in a modular and automated manner. Similarly, the degree of an individual’s privacy when interacting with IT systems and services are being assessed, and corresponding protection technologies are being invented. Methodologicaly, the area ranges form foundational research, to the invention of reusable techonologies, to the development of prototypical systems.
The trustworthy information processing research area target the development of rigorous algorithmic and system approaches to enable a trustworthy and accountable processing of data.
Examples include accurate, privacy-friendly data acquisition; secure computation of privacy-sensitive information; rigorous cryptographic operations to ensure a trustworthy behaviour in malicious environments; and developing technical means for holding people accountable in case of misbehavior.
The resilient embedded systems research area explores the secure and dependable design and implementation of computing systems subject to stringent timing and resource constraints. In safety-critical domains, embedded real-time systems must be predictable, dependable and secure in the sense that correct outputs must always be produced at the right time, often under the presence of malicious actions. These requirements must be fulfiled on a tight resource budget, as embedded systems are commonly deployed in environments that impose severe space, weight, cost and power constraints.
Mobile and ubiquitous computing have already and will continue to heavily influence our every-day lives, be it our smart phones or new technologies like wearables. Since these smart computing devices are part of our daily routines and we heavily rely on their functionality, the more important become their security and privacy properties. The research in this area aims to develop ubiquitous computing systems with strong data confidentiality and integrity guarantees, as well as secure, controllable, and privacy-preserving mobile platforms.
The survivable systems and outsourced services research area focuses on the development of highly security-critical systems as well as defensive mechanisms against common coordinated threats, such as botnet and malware detection and defense. The success of the cloud and everything-as-a-service paradigm has made the outsourcing of computing and services a business reality. The outsourcing and distribution of computing leads to new threats for privacy and data confidentiality. Our work in this area addresses the complete spectrum from resilient high-performance distributed computing, to malware and botnet detection and defense, to privacy-preserving outsourced web user analytics.