Projects of the research group Information Security

Modern mobile devices are dense with pre-installed apps that are deeply integrated in the operating system. Unlike third-party apps, these system-level apps often operate with elevated privileges that allow them to bypass the standard Android permission model. This project investigates the…

The primary objective of the SePRIO project is to investigate and integrate security and privacy into distributed learning techniques, with a focus on health use cases involving IoT, and to analyze the limitations and trade-offs. The project will lead to an open-source software asset,…

Pre-installed apps on Android devices typically have elevated privileges, restricted removal options, and broader access to sensitive system resources. This privileged status makes them attractive targets for attackers, introducing significant security risks. However, their security evaluation is…

The SATUQ project aims to address the needs of trustworthy next-generation space-aerial-terrestrial integrated networks (SATIN) by developing a fast and lightweight network security fabric for the post-quantum era.

The project aims at enhancing security testing methodologies for Android pre-installed applications. It encompasses empirically evaluation of hindering factors associated with dynamic analysis of pre-installed apps on the Android emulator. To be more precise, the feasibility of rehosting Android…

The ambition of the EU NATWORK project funded by Horizon Europe - 6G SNS (2024-2026) is to set the foundations and deploy the very first economically realistic, energy efficient, and viable bio-inspired AI-based 6G cybersecurity and resilience framework for intelligent networking and services,…

The project Automated Web Server Classification (HD.ng++) creates a system to support an analyst in a Security Operations Center (SOC). The developed system provides meta-information on domains and IP addresses to assist SOC-Analysts by the investigation of potentially malicious domains or IP…

In this project, we focus on the current state of Android security. One main focus will be to determine current difficulties and limitations that hinder security researchers in performing a dynamic analysis of Android pre-installed software components such as pre-installed apps or native libraries.…

How can we better protect ourselves from cyber threats? The answer to this question is as complex as cyber security itself, because the right balance must always be found between technical possibilities and political, social and economic interests. The increasing digitalisation of critical…

In this R&D project, scanmeter - a service for the automated security analysis of IT systems - is being extended by three innovative components. This will significantly increase the level of automation and test coverage, significantly improve customer benefits, and expand the fields of applications.…

Companies like Apple or Signal use short, contextual privacy notices as a supplement to extensive, often ineffective privacy statements. In the project, the design and impact of these short notices will be investigated using app prototypes in a quantitative research design.

In this project, LUCY - a system for phishing awareness training - will be significantly extended in order to put such training on a scientific basis and to bring it to a new level of quality. The goal is to provide completely automated, effective and individualized phishing awareness training with…

This project extends Exeon Analytics' ExeonTrace product with HostDetective Next Generation (HD.ng), a tool to identify and mitigate Web-related data breaches. HD.ng implements a novel active and passive Web server assessment method to determine the type, purpose and risk score of a Web server. This…

INSPIRE-5Gplus aims to make a revolutionary shift in the 5G and Beyond (B5G) security vision by progressing 5G Security and by devising a smart, trustworthy and liability-aware 5G security platform for future connected systems, while contributing to its realization. It will allow, for the first…

Development and teaching of a course on various aspects of secure software development and hacking methods.

scanmeter® is a service of a Swiss company that has already been launched on the market (scanmeter.io). scanmeter allows automated security analyses of IT systems. This significantly increases the efficiency of security analyses compared to manual methods. The automated security analyses can be used…

Research on security requirements and innovation opportunities for a product for data capture and management in the domain of pharmaceutical product development.