The Information Security (IS) research group deals with novel and innovative approaches to secure data and IT systems and to protect them against various cyber-attacks. The research and development projects are usually carried out in cooperation with partners from the private sector and the group has extensive experience in both national (e.g. Innosuisse) and international (e.g. EU) projects.
The knowledge gained from applied research and development is passed on to students of computer science courses in modules such as IT security (focusing on IT security fundamentals), Software and System Security 1 (focusing on secure software development), Software and System Security 2 (focus on IT infrastructure security) and IT security (the latter in the Master's programme).
The Secure Applications and Systems topic deals with the development of secure software and services. We investigate, develop and extend methods and tools to safely design and implement software and services and we develop novel security mechanisms and protocols. We are also involved in automated security testing of software and services in order to significantly improve the quality, efficiency and reproducibility of such tests.
The Information Infrastructure Protection topic deals with the protection of classic and cloud-based IT infrastructures. The aim is the early detection of possible attacks or the detection of attacks that have already occurred, e.g. by means of system and network monitoring, open source intelligence, new honeypot approaches or those based on machine learning. In addition, we deal with tools in the area of security training and testing of IT infrastructures, primarily with a focus on malware issues.
Our CAS Applied IT Security (German only) offers the opportunity to computer scientists, practitioners and career changers the opportunity to build and enhance their foundation in IT Security, one of the most important growth markets in IT. Participants will be introducted into security architecture and management, cryptology and network security as well as software and systems security. They will be given the opportunity to apply their new skills in extensive and practice oriented labs.
FASTscan: Fully Automated Security Testing with scanmeter
In this R&D project, scanmeter - a service for the automated security analysis of IT systems - is being extended by three innovative components. This will significantly increase the level of automation and test coverage, significantly improve customer benefits, and expand the fields of applications. Specifically, ...
Remote, Hands On Computer Networks Lab
OptiPhish - Effective and Measurable Phishing Awareness Training
In this project, LUCY - a system for phishing awareness training - will be significantly extended in order to put such training on a scientific basis and to bring it to a new level of quality. The goal is to provide completely automated, effective and individualized phishing awareness training with measurable ...
Proceedings of the 7th International Conference on Information Systems Security and Privacy.
ICISSP 2021, online, 11-13 February 2021.
Available from: https://doi.org/10.5220/0010300102040216
Gür, Gürkan; Porambage, Pawani; Liyanage, Madhusanka,
IEEE Communications Standards Magazine.
Available from: https://doi.org/10.1109/MCOMSTD.011.1900045
Journal of Communications and Networks.
Available from: https://doi.org/10.21256/zhaw-21644
Siriwardhana, Yushan; Gür, Gürkan; Ylianttila, Mika; Liyanage, Madhusanka,
Available from: https://doi.org/10.1016/j.icte.2020.10.002
The 6th International Conference on Mobile, Secure and Programmable Networking (MSPN 2020), Paris (France), virtual, 28-29 October 2020.