Involved PIs: Hannes Hartenstein, Jörn Müller-Quade, Andy Rupp (Head), Ali Sunyaev

Active Researchers: Shalini Banerjee, Dennis Faut, Valerie Fetzer, Niclas Kannengießer, Marc Leinweber, Tapas Pal, Markus Raiber

Research Area “Privacy-Preserving Computation and Distributed Trust” (PPCDT) aims for practicality, comprehensible security and privacy, and distributed trust when designing privacy-preserving computation techniques dedicated to real-world applications. Regarding practicality, we do not only refer to computational and communicational efficiency but also to compliance with domain-specific laws and regulations, business models, value-added services, or user requirements, enabling a practical deployment in the first place. The technologies we apply and improve to achieve these goals include secure multi-party computation (MPC), zero-knowledge proofs (ZKPs), trusted execution environments (TEEs), and distributed ledger technology (DLT).

Involved PIs: Bernhard Beckert, Anne Koziolek, Ralf Reussner (Head)

Active Researchers: Sophie Corallo, Sebastian Hahner, Frederik Reiche, Jonas Schiffl

Research Area “Continuous Secure Software Development and Analysis” (CSSDA) aims to contribute methods for developing secure software. Overall, we envision a framework for security requirements validation which connects all levels of software development, and takes into account changes that happen over time. Security-related requirements and assumptions are modeled on the topmost level. With the help of natural language techniques, we trace the requirements as well as the relevant entities to the software architecture. Based on this information, established security analyses on design level can be ran to validate security requirements. However, to ensure that the final implementation also suffices the requirements, additional code analyses have to be executed, as design and implementation can diverge. In our research area we thus investigated how different analyses on the architecture and source code levels can be composed in order to obtain more comprehensive results. Thereby, we provide a continuous lifecycle for secure software development.

Involved PIs: Bernhard Beckert (Head), Hannes Hartenstein, Martina Zitterbart

Active Researchers: Matthias Grundmann, Jonas Schiffl

The main objective of Research Area “Design and Verification of Smart Contract” (DVSC) is security in the area of Smart Contracts (SCs). SCs are programs which run on decentralized platforms, in conjunction with a distributed ledger. They manage the resources on the ledger, e.g., cryptocurrencies or tokens representing real-world assets. The architecture underlying SCs guarantees that anyone calling a contract’s functions knows which program code is executed, and in which environment, without the need to trust any particular agent in the network. These characteristics make SCs useful in some areas. However, SCs are also vulnerable to attacks: Once deployed, a contract’s code cannot easily be changed. Therefore, any errors in the source code are likely to be found and exploited. Furthermore, SCs are often rewarding targets for attacks precisely because they manage valuable resources. We approach SCs from two perspectives: On one hand, some problems can be solved by using SCs, and we want to explore possible applications. On the other hand, SCs can pose security risks themselves, and we want to contribute methods for developing secure SC. This includes formal specification and verification of functional and security properties.

Involved PIs: Jürgen Beyerer, Veit Hagenmeyer, Thorsten Strufe, Martina Zitterbart (Head)

Active Researchers: Sine Canbolat, Ghada Elbez, Christian Haas, Ankush Meshram, Felix Neumeister, Jonas Vogl

Research Area “Adaptive Security for Communication in Critical Infrastructures” (ASCCI) focuses on resilient and secure communication in future production and energy communication networks. In particular, research in ASCCI addresses aspects of network isolation to protect potentially vulnerable systems, redundancy (multi-path routing and packet duplication) for enhanced network resilience, network attack detection and mitigation, as well as automatically assessing the risk of attacks based on the devices present in the network. The specific application to production and energy systems introduces novel challenges resulting from constrained resources as well as from real-time requirements of control processes. In order to enable flexible integration and adaptation of security and resilience mechanisms, Research Area ASCCI leverages emerging networking technologies such as Software-Defined Networking (SDN).