University of Passau
University of Passau, a unique campus university in Bavaria/Germany, was founded in 1978 with faculties of Catholic Theology, Law, Humanities, and Economics; shortly after the Faculty of Computer Science and Mathematics was founded and took its first students. Since then it has developed into one of the premier academic addresses in Germany as regularly confirmed in national rankings. The university's Institute of IT-Security and Security Law (ISL) is characterized by its interdisciplinary approach to computer science, law and economics. For the first time, the technical and economical aspects of IT security are extended to the dimension of law. With this concept ISL is unique in Germany. Moreover, with this interdisciplinary focus on IT security, the institute has a broad research field and can serve a broad market. Synergy between theory and practice as well as research and industry are in ISL's focus. The institute is part of University of Passau's faculty of informatics and mathematics as well as part of the faculty of law. The involved chairs are: Chair of IT-Security (Prof. Dr. Joachim Posegga) Chair of Computer Networks and Communications (Prof. Dr. Hermann de Meer) Chair of Security in Information Systems (Prof. Dr. Hans Reiser) Chair of Public Law, in particular Security Law and Internet Law (Prof. Dr. Dirk Heckmann) Chair of Public Law, Information Technology Law and Legal Informatics (Prof. Dr. Gerrit Hornung) The ISL offers the following services to the public and private sector: Expert advice and seminars, surveys and analyses of IT products and information systems, development of IT security concepts for enterprises and civil services, consulting and support for audits of information systems, analysis of law compliance for security critical systems, industrial research in general, consulting and support in establishing IT security with respect to functional safety, as well as consulting and support in safety analysis according to functional safety in different areas. One research domain of the IT-Security group which will partly contribute to this project, focuses on the domain of software and application security. The group has addressed common problems of web applications. Appropriate work has been conducted in European projects (e.g. FP7-ICT project WebSand), publically funded projects (e.g. BMWi project secologic) and in industry funded projects (e.g. scanstud, SSMC – Secure Session Management Component), in particular research funded by the Siemens CERT in Munich. Main focus of this group is on the application of known software security technologies in the mobile, distributed, adapting, and resource restrictive domain of mobile devices and sensor platforms. It benefits from previous work conducted in the European Integrated FP6 Project BIONETS and the FP7 project COMPOSE. The group also addresses the design of modular and flexible security specification languages. Insights and results gained from this work and from appropriate projects (e.g. BMBF project ORKA: Organisational Control Architecture: From static rights management to dynamic organization-based control, FP6 Integrated Project R4eGov), represent valuable input for the integration of policy specification with software security modelling planned in this proposal. Other activities and the expertise of this group in the domain of trusted computing architectures are combined with the research on sensor platforms. The coupling of long-distance sensor platforms with smart cards is investigated and an appropriate hardware platform has been developed.