Our research is centered around practical IT Security, i.e. we carry out academic research on real-world security problems. Our
activities are often in the context of security of mobile and embedded systems on one hand, and on Web-Security on the other
hand; both nicely complements each other in areas like the Internet of Things and Cyber-physical Systems.
We maintain a technology-oriented view on IT-Security and investigate methods, tools, and architectures that help managing
the risks involved with running such systems; more specifically, we are in particular interested in:
- Application Security, which is about conceptually integrating security into complex application scenarios.
- Implementation and Software Security, where we investigate security properties of implementation and application platforms and work on tools for detecting and preventing vulnerabilities in software systems.
- Security Infrastructures, where we consider services and protocols that lay the foundation for the security of applications in the layers above.
Securing real-word systems requires a good understanding of how and where systems are actually being applied, since security of
systems is tightly coupled to their usage. The application scenarios that inspire our research are often tight to projects we
involved in; the main areas we are currently working on are: Security in the Internet of Things (COMPOSE,
RERUM), Web-based enterprise systems (Websand,
RescueIT), Air-Traffic Management Communication Systems
(INCONAV), and biologically-inspired self-organising systems
(BIOMICS).More information on our projects is available on
We also maintain more informal cooperations with industry and academia, e.g. by student exchanges or external diploma thesis.
We are also active in the international security research community, as our involvement in conferences and workshops shows.