SVS Research Agenda

SVS performs practical IT security research for open, distributed systems; our definition of "practical" is: useful in real-world scenarios. Security is reasonably well understood for closed systems; since about one decade, however, closed systems are more and more moving into niches: Today's IT is governed by larger and larger software systems being interconnected over the Internet.

We try to understand how such systems can be run and used securely, i.e.: we investigate methods, tools, and architectures that help managing the risks involved. The different technological areas we are concerned with can roughly be structured across (OSI) layers:

• Application Security: Integrating security into applications. Here we are looking at workflow security, models for access control and related topics.
• Software Security: Providing secure implementation and application platforms. We investigate security properties of programming languages and work on tools for detecting and preventing vulnerabilities in software systems.
• Security Infrastructures: Here, we consider security infrastructures, services and protocols that lay the foundation for the security of platforms and applications in the layers above. Examples are: security in P2P networks, new paradigms like Bionets and advanced smart card technology.

We are working in various funded projects on these research challenges, and we also maintain more informal cooperations with industry and academia, e.g. by student exchanges or external diploma thesis. We are also active in the international security research community, as our involvement in conferences and workshops shows.