Our research is centered around practical IT Security, i.e. we carry out academic research on real-world security problems. Our activities are often in the context of security of mobile and embedded systems on one hand, and on Web-Security on the other hand; both nicely complement each other in areas like the Internet of Things and Cyber-physical Systems.
We maintain a technology-oriented view on IT-Security and investigate methods, tools, and architectures that help manage the risks involved with running such systems; more specifically, we are in particular interested in:
- Application Security, which is about conceptually integrating security into complex application scenarios.
- Implementation and Software Security, where we investigate security properties of implementation and application platforms and work on tools for detecting and preventing vulnerabilities in software systems.
- Security Infrastructures, where we consider services and protocols that lay the foundation for the security of applications in the layers above.
Securing real-word systems requires a good understanding of how and where systems are actually being applied, since security of systems is tightly coupled to their usage. The application scenarios that inspire our research are often tied to projects we are involved in; the main areas we are currently working on are: Security in the Internet of Things (COMPOSE, RERUM), Web-based enterprise systems (Websand, RescueIT), Air-Traffic Management Communication Systems (INCONAV) and biologically-inspired self-organising systems (BIOMICS).
We also maintain more informal cooperations with industry and academia, e.g. by student exchanges or external diploma thesis. We are also active in the international security research community, as our involvement in conferences and workshops shows.