Center for Research in Security and Privacy
Innovations are increasingly being driven by information technology in almost all sectors. This applies, for example, to Industry 4.0, energy supply, transport and mobility as well as healthcare. This significantly increases the opportunities for attacks and gateways for hackers. At the same time, the value of the personal data that each and every one of us leaves behind every day on the internet and when using a wide range of services is increasing. Our need for protection and the difficulties in ensuring this require special research efforts in IT security and privacy protection in order to prepare us today for future developments. The researchers at the Center for Research in Security and Privacy are therefore systematically tackling the core issues of cyber security in society, business and administration.
The research area “Secure Software Systems” develops methods, tools and techniques to make software systems more secure, through a rigorous software development process. Current software systems are inherently insecure, as proven by newly discovered vulnerabilities and resulting break-ins virtually every day. Those problems are the result of a software development process that considers security only after the fact, and at this stage usually cannot offer a holistic solution to today’s security demands. Within the research area “Secure Software Systems” we develop both proactive and reactive approaches to securing software systems, both of which are equally important. Developers can use pro-active approaches for newly created projects. Those approaches, typically based on enhanced programming languages and tools, allow developers to create software that has security inherently built in, thereby avoiding large classes of attack vectors by design. Reactive approaches are more suitable to the large amount of legacy applications. Such approaches typically analyze the existing system’s code base or runtime traces to identify vulnerabilities and counter their detrimental effects just in time, through enforcement techniques. We also develop approaches that combine both ideas, guaranteeing vulnerability-freedom for some program parts while securely encapsulating potential vulnerabilities in others.
Last but not least, the researchers try to understand and optimize the software development process. What are the reasons due to which vulnerabilities arise? How can such situations be avoided in the future?
Which methods and tools show real positive effects in this setting? Those are the questions we seek to answer.
Cloud computing is a new paradigm for the IT industry. IT services, such as infrastructures, platforms and applications, are provided remotely over the Internet. The key technical feature of cloud computing is the provision of virtual resources and services, controlled directly by end users through self-service interfaces. Cloud computing offers many benefits for customers, such as lower costs and dynamic resource allocation. However, it also comes with unprecedented risks: data and computations are outsourced to potentially insecure service providers, which means that customers lose direct control. Furthermore, the co-residency of different customers on the same hardware resources offers new attack vectors, such as data leaks between different virtual machines. Research in CYSEC on cloud security focuses on the creation of a high standard of confidentiality and integrity of outsourced data and computations, eliminating the need for users to trust cloud providers. Furthermore, CYSEC investigates innovative virtual system architectures and programming models to enhance the security of cloud environments.