Security & privacy assessment and protection

Mission

header/research_header_column.jpg

The research area focuses on the assessment of security and privacy in nowadays IT systems, and on the development of corresponding protection.

Whenever a system that contains components from potentially untrusted vendors or sources, which is virtually always the case nowadays, security analysis constitutes the indispensable tool to assess their security guarantees. Ascertaining the security of such systems in a credible manner requires the development of comprehensive analytical methodologies and tools for analyzing and assessing the security of existing IT systems in a modular and automated manner. Similarly, the degree of an individual’s privacy when interacting with IT systems and services are being assessed, and corresponding protection technologies are being invented. Methodologicaly, the area ranges form foundational research, to the invention of reusable techonologies, to the development of prototypical systems.

Recent research in the area has focused on assessing privacy in large-scale systems such as online social networks, privacy-preserving Web analytics and advertising, Web browser security, security against run-time attacks, anonymity networks, formal analysis and verification of security-critical systems, as well as security- and privacy-enhancing techniques for mobile devices.

Publications

Identifying Personal DNA Methylation Profiles by Genotype Inference

DeepCity: A Feature Learning Framework for Mining Location Check-ins

Efficient and Flexible Discovery of PHP Application Vulnerabilities

A Novel Approach for Reasoning about Liveness in Cryptographic Protocols and its Application to Fair Exchange

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

P2P Mixing and Unlinkable Bitcoin Transactions

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

Thread modularity at many levels: a pearl in compositional verification

RedQueen: An Online Algorithm for Smart Broadcasting in Social Networks

"My friend Cayla" - eine nach § 90 TKG verbotene Sendeanlage?

Datenschutz für Minderjährige nach der Europäischen Datenschutz-Grundverordnung (DSGVO) vom 27. April 2016

Richterliche Unabhängigkeit und Bring Your Own Device (BYOD) – Weg in die Zukunft oder unvertretbares Sicherheitsrisiko?

Mit Schirm, Charme und Kamera – Verbotene Sendeanlagen i.S.d. § 90 TKG

Mail vom Rechtsanwalt? Herausforderungen sicherer Mandantenkommunikation

Towards a Visual Privacy Advisor: Understanding and Predicting Privacy Risks in Images

Adversarial Image Perturbation for Privacy Protection -- A Game Theory Perspective

Exploiting saliency for object segmentation from image level labels

Speaking the Same Language: Matching Machine to Human Captions by Adversarial Training

Membership Privacy in MicroRNA-based Studies

Profile Linkability despite Anonymity in Social Media Systems

A Survey on Routing in Anonymous Communication Protocols

On Statistically Secure Obfuscation with Approximate Correctness

An Empirical Study of Textual Key-Fingerprint Representations

Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

Smart-Home-Systeme in Zeiten digitaler Kriminalität

R-Susceptibility: An IR-Centric Approach to Assessing Privacy Risks for Users in Online Communities

Mining Apps for Anomalies

Kizzle: A Signature Compiler for Detecting Exploit Kits

Mining Sandboxes

Implementation-level Analysis of the JavaScript Helios Voting Client

The Impact of Tangled Code Changes on Defect Prediction Models

On Testing Embedded Software

Smart Mobility für das Saarland: Identifikation von Chancen und Handlungsempfehlungen für eine digital vernetzte Mobilität

Soziale Netzwerke im Fokus von Phishing-Angriffen - Eine Analyse aus technischer und rechtlicher Sicht -

Metadaten – eine neue juristische Problemkategorie im Rahmen der elektronischen Aktenführung?

Pokémon GO – Technische Innovation und Strafrecht im Konflikt

EU-Datenschutz nach „Safe Harbor“

EncFS goes Multi-User: Adding Access Control to an Encrypted File System

Sicherheit in der Gebäudeautomation

Hacking Session beim 25. EDV-Gerichtstag – Praktische Demonstrationen zur IT-Sicherheit

Sicherheit der Kommunikation zwischen Rechtsanwalt und Mandant

Hardware-Keylogger: Die Tastatur in der Hand des Feindes

Personenbezug bei dynamischen IP-Adressen – Anmerkung zur Entscheidung des EuGH vom 19.10.2016