|
|
I am currently a senior researcher at the Center for Computing
Technologies (TZI) at the Universität Bremen.
Here, I'm the coordinator for the development of the topic "Information
Security".
Research
Interest
- Role-based
access control (RBAC)
- Secure mobile applications,
Java security
- Formal Methods and security
News
March 2021: Ive successfully defended my habilitation thesis.
The Magenta smart home app for Android (Telekom) contains a vulnerability w.r.t.
certificate checks (version < 4.9). This vulnerability allows an attacker
to perform a man-in-the-middle-attack on the local network under certain
circumstances. More details can be found in the bachelor thesis of Luca Glockow as well in this short report.
Timo Glander has detected two
vulnerabilities in the Siemens SmartClient app for Android (remote control of ICS). More details can be found here. Siemens AG has also published an advisory.
The BMBF has granted the SecureSmartHomeApp project, in which App-controlled smart home systems will be systematically
analyzed w.r.t. security. Based on these results and experiences, a reference
security architecture for such systems will be developed (security-by-design
approach).
We have found multiple vulnerabilities in the SAP app Mobile Documents Client (more details to come).
HP removed the app HPAnywhere from Google
Play after Christian Liebig had detected a code injection vulnerability. A
more detailed vulnerability report can be found here. Thanks to CERT/CC who coordinated communication with HP.
Siemens AG has published an advisory for the SPCAnywhere app (Android, iOS), in which Bernhard Berger, Kai
Hillmann and I have detected several security flaws. The SPCAnywhere app
allows a user to remotely control an alarm system; the security holes allow
an attacker to conduct a middleperson attack against the alarm system under
certain conditions. Siemens AG has published a further advisory, now concerning communications security of the Android app HomeControl for Room Automation.
Update: Siemens AG has also published an advisory for the SmartClient app for
Android (remote control of ICS); this app stored ICS passwords on the Android
device with an unsecure key (WiFi address).
Research Grants
Over the years, we received funding from various funding bodies, which
allowed us to establish the research area Information Security at the
Universität Bremen:
- XMELD -
Modeling E-Government Business Processes with UML and OCL
- ForRBAC -
Formal Specification, Verification and Enforcement of Role-Based
Security Policies (funded by the DFG)
- ORKA -
Organisational Control Architecture (funded by the BMBF)
- ITSec -
E-Learning Portal for IT-Security (Customer: Institut
für Wissenstransfer)
- RFIDSec -
Technology-centered RFID security (funded by
the BMBF)
- SIMOIT - Secure
Access of Mobile Employees to the IT Infrastructure of SMEs (funded by
the German Federal State of Bremen)
- SiWear -
Secure Wearable Computing (funded by the BMWI)
- Mobile Phone-Demonstrator - Demonstration of security risks of mobile
phones (BSI)
- FIDeS -Intrusion Detection System Based on
Combined Methods of Artificial Intelligence (funded
by the BMBF)
- VOGUE - Trusted
Mobile Access to Enterprise Networks (funded by the BMBF)
- ASKS -
Architecture-Centric Security Analysis of Business Applications (funded
by the BMBF)
- SAiM
Protection of Android through Intelligent Monitoring (funded by the BMBF)
- iMonitor
Implementation of Optimized and Parallel Inference Methods for SIEM
Systems (funded by BMWI)
- ZertApps
Certified Security of Mobile Applications (funded by the BMBF)
- SecurityPatterns
Detection and Validation of Security Patterns (funded
by the DFG)
- CertifiedApplications Lightweight Security Certification of Java
Applications with the Help of Tool-Supported Program Analyses (funded by the BMWi)
- PortSec IT-risk management in the port telematics
based on the software architecture (funded
by the BMBF)
- SecureSmartHomeApp Development of secure mobile
applications for controlling smart home systems (funded by the BMBF)
- SecAnalysisOSCI
Code Review of the OSCI-Library (Java) (Contractor: KoSIT)
- SecProPort
Scalable Security Architectures for Business Processes in German Ports (funded by the BMVI)
Publications
1. K. Sohr. Architectural Aspects of Software Security. Synopsis of the Habilitation Thesis. University of Bremen, 2021.
2. N. Zargham, M. Bahrini, G.
Volkmar, D. Wenig, K. Sohr, R. Malaka. What Could Go Wrong? Raising Mobile Privacy and Security Awareness
Through a Decision-Making Game. In Proc. of the 2019 ACM Annual Symposium on
Computer-Human Interaction in Play (Extended Abstracts), Barcelona, Spain,
2019.
3. B. Berger, K. Sohr,
R. Koschke. The Architectural Security Tool Suite ArchSec, 19th IEEE International Working Conference on Source Code Analysis
and Manipulation, Cleveland, Ohio, 2019. Best
Engineering Paper Award.
4. M. Bahrini, N. Wenig, G. Volkmar, J. Schmutte,
K. Sohr, R. Malaka. Make my Phone Secure!
Using Gamification for Mobile Security Settings. In Proc. of Mensch und
Computer 2019, Hamburg.
5. B. Berger, C. Maeder, R. W. Nguempnang, K.Sohr, C. E. Rubio-Medrano. Towards Effective Verification of Multi-Model Access Control
Properties. In Proceedings of the 24th ACM Symposium on Access Control Models
and Technologies (SACMAT 2019), Toronto, Canada, 2019.
6. M. Bahrini, N. Wenig, M. Meissner, K. Sohr, R. Malaka. HappyPermi: Presenting Critical Data Flows in Mobile Applications to Raise User
Security Awareness. In Proc. of the 2018 ACM CHI Conference on Human Factors
in Computing Systems (ACM CHI 2019), Late Breaking Work-Track, Glasgow, 2019.
7. K. Sohr, T. Mustafa,
M. Gulmann, P. Gerken. Towards Security Program Comprehension with Design by Contract and
Slicing, 2015. (This paper introduces a static analysis process that
replicates procedures for security code audits and hence simplifies these
processes.)
8. F. Hilken, M.
Schuster, K. Sohr, M. Gogolla. Integrating UML/OCL Derived Properties into Validation and
Verification Processes. In Proc. 16th International Workshop in OCL and Textual Modeling,
October 2, 2016, Saint-Malo, France.
9. B. Berger, K. Sohr,
R. Koschke. Automatically Extracting Threats from Extended Data Flow Diagrams. In Proc. 8th
International Symposium on Engineering Secure Software and Systems (ESSoS 2016), London, April 2016.
10. C. Medrano, G.-J. Ahn, K. Sohr. Achieving Security Assurance with Assertion-Based Application
Construction. EAI Endorsed Transactions on Collaborative Computing, 2015.
11. L. Hamann, K. Sohr,
M. Gogolla. Monitoring Database Access Constraints with an RBAC Metamodel: a
Feasibility Study. In Proc. 7th
International Symposium on Engineering Secure Software and Systems (ESSoS 2015), Milan, Italy,
March 2015.
12. C. Medrano, G.-J. Ahn, K. Sohr. Achieving Security Assurance with Assertion-Based Application
Construction. 9th
Workshop on Trusted Collaboration (TrustCol-2014), Miami, Florida,
2014.
13. B. Berger, K. Sohr,
U. Kalinna. Architekturelle
Sicherheitsanalyse für Android Apps, D-A-CH Security,
Graz, 2014.
14. T. Mustafa, K. Sohr. Understanding the Implemented Access Control Policy of Android System Services with
Slicing and Extended Static Checking, International Journal of Information Security, Springer, Berlin,
2014. Supersedes technical report.
15. S. Bartsch, B. J.
Berger, E. Bodden, A. D. Brucker, J. Heider, M. Kus, S. Maseberg,
K. Sohr, M. Volkamer. Zertifizierte
Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen (German only). In Proc. Sicherheit
Schutz und Zuverlässigkeit (GI Sicherheit 2014), Vienna, Austria, 2014.
16. O. Hofrichter, M.
Gogolla, K. Sohr. UML/OCL based Design and Analysis of Role-Based Access Control
Policies. In Proc. of the 1st International MODELS Workshop Towards
the Model DrIven Organization (AMINO 2013), Miami,
USA, 2013.
17. S. Bartsch, B.
Berger, M. Bunke, K. Sohr. The Transitivity-of-Trust Problem in Android Application Interaction (Short Paper). In Proc. of the 8th International Conference on
Availability, Reliability and Security (AReS 2013),
Regensburg, Germany, 2013. To appear. A longer version as Technical Report available.
18. C. E. Rubio-Medrano, G.-J. Ahn, K. Sohr. Verifying Access Control Properties with Design by Contract: Framework
and Lessons Learned. In Proc. 37th Annual International Computer Software
& Applications Conference Kyoto, Japan, 2013.
19. B. Berger, K. Sohr,
R. Koschke. Extracting and Analyzing the Implemented Security Architecture of
Business Applications. In Proc. of the 17th European Conference on Software Maintenance and
Reengineering (CSMR 2013), Genova,
Italy, 2013.
20. M. Kuhlmann, K. Sohr,
M. Gogolla. Employing UML and OCL for Designing and Analyzing Role-Based Access
Control. In Mathematical Structures in Computer Science, Vol. 23, No. 4, 2013.
21. K. Sohr, M. Kuhlmann,
M.Gogolla, H. Hu, G.-J.Ahn.
Comprehensive Two-Level Analysis of Role-Based Delegation and
Revocation Policies with UML and OCL. In Information and Software Technology (IST), Vol. 54, No. 12,
December 2012.
22. H. Birkholz, I. Sieverdingbeck, K. Sohr, C. Bormann. IO: An interconnected asset ontology in support of risk management
processes. In Proc. of the 1st International Workshop on Security
Ontologies and Taxonomies(SecOnT 2012), 2012.
23. B. Berger, K. Sohr. An Approach to Detecting Inter-Session Data Flow Induced by Object
Pooling. In Proc. of the 27th IFIP
International Information Security and Privacy Conference (IFIP Sec 2012), Crete, Greece, 2012.
24. B. Berger, M. Bunke,
K. Sohr. An Android Security Case Study with Bauhaus (Short Paper). In Proc. of the 18th Working Conference on Reverse
Engineering (WCRE 2011), Limerick, Ireland,
2011.
25. C. Elfers, H.
Birkholz, B. Samjeske, K. Sohr. Unternehmensübergreifender
Austausch von sicherheitsrelevantem Wissen. In Datenschutz und
Datensicherheit (DuD), Vol. 4, 2011.
26. M. Kuhlmann, K. Sohr,
M. Gogolla. Comprehensive Two-Level Analysis of Static and Dynamic RBAC
Constraints with UML and OCL. In Proc. 5th IEEE
International Conference on Secure Software Integration and Reliability
Improvement (SSIRI 11), Jeju Island, South
Korea, June 2011. Best paper award.
27. M. Bunke, K. Sohr. An Architecture-Centric Approach to Detecting Security Patterns in
Software. In Proc. 3rd International Symposium on Engineering
Secure Software and Systems (ESSoS 2011),
Madrid, Spain,
February 2011.
28. K. Sohr, T. Mustafa, A. Nowak. Software Security Aspects of Java-Based Mobile Phones. In Proceedings of the 26th ACM Symposium on Applied
Computing, Taichung
(SAC 2011), Taiwan 2011.
29. N. Kuntze, R. Rieke,
G. Diederich, R. Sethmann, K. Sohr, T. Mustafa, K. Detken. Secure mobile business information processing. Proc. of the 6th IEEE/IFIP International Symposium on
Trusted Computing and Communications (TrustCom-10),
Hongkong, China,
December 2010.
30. R. Rittmeier, K. Sohr. A basic security concept for surgeries
with the help of attack trees and under consideration of health telematics (only
German). Proc. Workshop Secure IT for
tomorrow's health care, Mannheim,
Germany,
Springer, LNI P-174, 2010.
31. C. Elfers, M.
Horstmann, K. Sohr, O. Herzog. Typed Linear Chain Conditional Random Fields and their Application to
Intrusion Detection. In Proceedings of the 11th International Conference on
Intelligent Data Engineering and Automated Learning (IDEAL 2010), LNCS, Paisley,
Scotland,
2010.
32. T. Mustafa, M. Drouineaud, K. Sohr. Towards Formal Specification and Verification of a Role-Based
Authorization Engine using JML (Position Paper). In Proceedings of the 5th ACM ICSE Workshop on Software
Engineering for Secure Systems (SESS10), Cape
Town, South Africa,
May 2010.
33. K. Sohr, B. Berger. Idea: Towards Architecture-Centric Security Analysis of Software. Proc. 2nd International Symposium on Engineering Secure
Software and Systems (ESSoS 2010). Pisa, Italy.
34. S. Edelkamp, C. Elfers, M. Horstmann, M.-S. Schröder, K.
Sohr, T. Wagner. Early Warning and Intrusion Detection based on Combined AI Methods. First Workshop on Intelligent Security (SecArt
09), Thessaloniki, Greece,
2009.
35. C. Alm, M. Drouineaud, U. Faltin, K. Sohr, R. Wolf. A Classification Framework Designed for
Advanced Role-based Access Control Models and Mechanisms, Technical Report No. 51, TZI at the
Universität Bremen,
2009.
36. S. Bartsch, K. Sohr,
C. Bormann. Supporting Agile Development of Authorisation Rules for SME
Applications. Proc. of the 3rd International Workshop on Trusted
Collaboration (TrustCol-2008), Orlando,
FL, USA,
November 13 - 16, 2008.
37. T. Mustafa, K. Sohr, D.-H. Dang, M. Drouineaud, S.
Kowski. Implementing Advanced RBAC Functionality with USE. Proc. of the 8th OCL Workshop at the UML/MoDELS Conferences, Toulouse,
Electronic Communications of the EASST, Volume 15, 2008.
38. K. Sohr, T. Mustafa,
G.-J. Ahn, X. Bao. Enforcing Role-Based Access Control Policies in Web Services with UML
and OCL, 24th Annual Computer Security Applications Conference, Anaheim CA,
December 2008. A slightly longer version can be found here.
39. S. Schäfer, K. Sohr. RFID-Authentisierung in der Lieferkette der Automobilindustrie, D-A-CH Security, Berlin, 2008.
40. K. Sohr, M. Drouineaud, G.-J. Ahn, M. Gogolla. Analyzing and Managing Role-Based Access Control Policies. IEEE Transactions on Knowledge and Data Engineering, Vol. 20, No. 7,
2008. Preprint available.
41. M.
Kus, M. Lawo,
M. Ronthaler,
R. Sethmann, K. Sohr, K. Wind. Angepasste Benutzerschnittstellen für das Wearable Computing im
Projekt SiWear.
Workshop Nomadic
& Wearable User Interfaces, Mensch und
Computer 2007, Weimar, September 2-5, 2007.
42. T. Hollstein, M. Glesner, U. Waldmann, H. Birkholz, K. Sohr. Security challenges for RFID key applications. 3rd Workshop on RFID Systems and Technologies, Duisburg,
Germany, 2007.
43. U. Waldmann, T.
Hollstein, K. Sohr. Technology-integrated Security for RFID Systems (only German). Study funded by the Federal Ministry of Research and
Education (BMBF), May 2007.
44. Schaad, K. Sohr, M.
Drouineaud. A Workflow-based Model-checking Approach to Inter- and Intra-analysis
of Organisational Controls in Service-oriented Business Processes, Journal of Information Assurance and Security, Volume 2, Issue 1,
2007.
45. Schaad, K. Sohr. A workflow instance-based model-checking approach to analysing
organisational controls in a loan origination process. 1st International Workshop on Secure Information Systems
(SIS Æ06). Wisla,
Poland, 2006.
46. Schaad, V. Lotz, K.
Sohr. A model-checking approach to analysing organisational controls in a
loan origination process. In Proceedings of the 11th ACM Symposium on Access Control Models
and Technologies, Lake Tahoe,
CA, 2006.
47. K. Sohr, G.-J. Ahn, M. Gogolla, L. Migge. Specification and validation of authorisation constraints with UML and
OCL. In Proceedings of 10th European Symposium on Research in Computer
Security (ESORICS), LNCS 3679, Milan,
Italy,
September 12-14, 2005.
48. K. Sohr, G.-J. Ahn,
L. Migge. Articulating and enforcing authorisation policies with UML and OCL. In Proceedings of ACM ICSE Workshop on Software Engineering for
Secure Systems (SESS05), St. Louis, Missouri, May 15-16, 2005 and ACM SIGSOFT
Software Engineering Notes.
49. K. Sohr, M.
Drouineaud, G.-J. Ahn. Formal specification of role-based security policies for clinical
information systems. In Proceedings of the 20th ACM Symposium on Applied Computing, Santa
Fe, New Mexico, 2005.
50. M. Drouineaud, M. Bortin, P. Torrini, K. Sohr. A first step towards the formal verification of security policy
properties of RBAC. In H.-D. Ehrich, K.-D. Schewe
(Eds.), Proceedings of the 4th International Conference on Quality Software
(QSIC), Braunschweig, Germany,
2004.
51. M. Drouineaud, A.
Lüder, K. Sohr. A role-based access control model for agent-based control systems. In Proceedings of the 1st IEEE International Conference on
Industrial Informatics, Banff, Canada, 2003.
52. T. Mossakowski, M. Drouineaud, K. Sohr. A temporal-logic extension of role-based access control covering dynamic
separation of duties. In Proceedings of the 4th International Conference on Temporal
Logic, July 2003.
53. S. Deter, K. Sohr. Pini: A Jini-Like Plug&Play
Technology for the KVM/CLDC. In Proceedings of the Innovative Internet Computing Systems,
International Workshop IICS 2001, Ilmenau, Germany,
June 21-22, 2001.
54. K. Sohr. Die
Sicherheitsaspekte von mobilem Code. Dissertation, Universitaet Marburg, July
2001.
55. K. Sohr. Sandkastenspiele. c't,
No. 11, 226-232, 2000.
56. K. Sohr. Nicht verifizierter
Code: eine Sicherheitslücke in Java. In C. Cap (Eds.),
JIT '99, Springer-Verlag, 171-181, September 1999.
Supervised Doctoral Theses
1. Dr. Tanveer Mustafa: Static
Security Analysis of Java Applications with an Approach Based on Design by
Contract, 2013
2. Dr. Michaela Bunke. Security-Pattern Recognition and Validation, 2019
Master and Diploma Theses
1. Kim Schoen: Sichere Kommunikation in sporadischen
Kundenbeziehungen, 2003
2. Daniela
Bork: Sicherheitszertifizierung am Beispiel eines Marktplatzverbundes, 2003
3. Ersin Ürer: Untersuchung von WLAN-Sicherheitsprotokollen, 2005
4. Lars Migge: Spezifikation und Durchsetzung rollenbasierter
Security Policies, 2005
5. Tanveer Mustafa: Design and Implementation of an Role-based
Authorization Engine, 2006
6. Xinyu Bao, Yan Guo: Durchsetzung von organisatorischen
Richtlinien in Web Services mit Hilfe von UML und OCL, 2007
7. Silke
Schäfer: Konstruktion sicherer RFID-Anwendungen, 2007
8. Adrian
Nowak: Sicherheitsaspekte mobiler Endgeräte, 2007
10. Meike
Klose: Grundzüge eines IT-Sicherheitskonzeptes für Apotheken unter der
Berücksichtigung der Gesundheitstelematik, 2008
11. Marc Ebler: Eine Sicherheitsanalyse zum Einsatz von mobilen
Endgeräten im Außendienst, 2008
12. Assoulian Mkliwa Tchamsi: Umsetzung von dynamischen RBAC Policies mit Hilfe von UML und OCL, 2009
14. Jan Osmers: Guidelines for high
information security concerning mobile work, 2010
15. David Kamga Adamo: Development of a role-based authorization engine
for workflows based on a model checker, 2010
16. Florian Junge: Dynamic generation of attack trees for networks with
the help of a modular tool, 2010
18. Bernd Samjeske: Entwicklung eines erweiterbaren ontologiebasierten Asset-Managements (German only),
2011
19. Timo
Reimerdes: Sicherheit und Privatsphäre in Sozialen
Netzwerken, 2012
20. Bastian
Breit: Sicherheitsaspekte von
Android und mobilen Verkaufsportalen, 2013
21. Dimitri Hellmann: Angriffsszenarien
ausgehend von Android-Anwendungen, 2013
25. Oliver Schnieders: Identitätsmanagement im
E-Commerce, 2014
26. Tim Schleier: Erstellung einer bidirektionellen Kommunikation mit CBOR als Datenformat,
2014
28. Katharina Hafner: Modellierung von
Rollenkonzepten für Krankenhäuser mittels UML und OCL, 2015
31. Kai Hillmann: Sicherheitsanalyse von
App-gesteuerten Alarmanlagen, 2015
33. Henning
Ziegler: Analyse der Verwendung von Kryptographie-APIs in Java-basierten
Anwendungen, 2016
34.Philipp Hirch: Automatische Inferenz von
JML-Sicherheitsspezifikationen mit Exception
Handling, 2016
37.Philipp Kolloge: Erweiterte Sicherheitsanalyse eines App-gesteuerten
Smart Home Systems, 2018
38. Dario Treffenfeld-Mäder: Konzeption und prototypische
Entwicklung einer Plattform zur Unterstützung des Programmverstehens der
IT-Sicherheit von Anwendungen Handling, 2018
40.Jörg
Wilhelms: Sicherheitstechnische Untersuchung von Debug-Schnittstellen auf
Android-basierten Smart-TVs und Smartphones, 2018
41. Jan
Bartkowski: Evaluation der Machbarkeit von Threat Modeling und
automatisierten Sicherheitstests für eine reale Cloud-Anwendung, 2018
42. Mathias Detmers.
Sicherheitsanalyse der OSCI 1.2 Transport Bibliothek, 2019.
Bachelor Theses
1.
Kai Hillmann. Darstellung und Analyse eines
Konzeptes zur digitalen Beweissicherung, 2011
2.
Philipp Nguyen. NFC-Sicherheit mit Smartphones Sicherheitsanalyse
von Android-Applikationen mit NFC-Funktionalität, 2013
3.
Markus Gulmann. Sicherheitsanalyse ausgewählter Systemservices des
mobilen Betriebssystems Android, 2013
4.
Alexander Neer. Richtlinien für den sicheren
SSL/TLS-Einsatz, 2013
5.
Malte Batram. Dynamische Sicherheitsanalyse von ActionScript-bsaierten Webanwendungen, 2014
6.
Malte Kuhn. Anomalieerkennung von Applikationsverhalten auf Android,
2014
7.
Denis Szadkowski. Evaluation eines Werkzeugs zur statischen
Analyse von SSL/TLS-Schwachstellen, 2014
8.
Patrick
Hofmann. Entwicklung einer modularen Penetration-Test-Suite zur
Sicherheitsanalyse auf Android-Geräten, 2014
9.
Darstellung
von Ergebnissen statischer Codeanalysen installierter Android apk-Dateien auf dem Gerät des Nutzers, 2015
10. Patrick Gerken. Statische Sicherheitsanalyse von Java
Enterprise-Anwendungen mittels Program Slicing, 2015
11. Florian Thomas. Modellierung von Informationen zur
Interprozesskommunikation in Android-Anwendungen für Datenflussdiagramme,
2015
12. Sebastian Feldmann. Konzeption und Implementierung
einer Eingabeprüfung für Struts-basierte Webanwendungen, 2015
14. Daniel Schwarz. Sicherheitsanalyse der
clientseitigen Umsetzung des OAuth-Protokolls in
Android-Anwendungen, 2016
15. Maximilian Schönborn. Detektion von Shared Preferences-Einträgen in
Android-Applikationen mit Hilfe statische Programmanalyse, 2016
17. Mathias Detmers. Evaluation des WALA-Slicers
bzgl. der Anwendbarkeit auf sicherheitskritische Java-Programme, 2016
18. Patrick
Lorenz. Sicherheitsanalyse von Smarthome Android Apps, 2017
19. Paul Warsewa. Informationssicherheit für Laien, 2017
21. Jonas Rahlf. Prüfung des korrekten Einsatzes von Krypto-APIs
mit der Java Modeling Language und eines Extended Static Checkers, 2017
22. Luca Glockow. Sicherheitsanalyse einer Smarthome-Zentrale,
2017
23. Christoph
Wohlers. Sicherheitsuntersuchung der Kommunikation eines FHSS-basierten
Babyfons, 2018
24. Arian Mehrfard. Sicherheitsuntersuchung einer Android App für
den Zugriff auf den Personalausweis, 2018
25. Jerome
Schmidt. Entwicklung eines Eingabeformates zur Definition von Securitypatterns für ein Sicherheitsanalysewerkzeug, 2018
26. Tristan Bruns. Security Analysis of a Smart Home System: The Example of
IKEA TRÅDFRI, 2018
27. Lorenz
Hüther. Analyse von Datenerhebungsmethoden durch Smart-TVs, 2018
28. Jannis Ötjengerdes, Connor Lanigan.
IT-Sicherheitsanalyse der Smarthome-Plattform openHAB2, 2018
29. Lasse Künzel.
Sichere Vewendung der Qt-Bibliothek,
2018
30. Tobias Osmers. Sicherheitsanalyse der TLS-Client-Implementierung
von Android-Anwendungen bezüglich ihrer Kommunikation mit einem Gerät im
lokalen Netz, 2018
31. Jannis Fink. Low-Level Security Patterns for Android Apps controlling IoT
device. 2019
32. Alim Kerimov.
Evaluation eines auf Slicing basierenden Codeanalyse-Werkzeugs in Bezug auf
seine praktische Anwendbarkeit im Kontext der IT-Sicherheit, 2019
33. Jasper
Wiegratz. Sicherheitsgrundlagen von Docker-Images im Kontext der
Softwareentwicklung mit DevOps am Beispiel eines Continuous Integration und
Delivery Prozesses, 2019
Teaching
14. Fall 2019: Information security I (with Prof. Dr. Carsten Bormann)
Scientific Service
1.
Journal
of Systems and Software (JSS)
2.
Science
of Computer Programming (SoCP)
3.
Information
and Software Technology (IST)
4.
Computer
Standards & Interfaces (CSI)
5.
Journal of Interactive Media
6.
IEEE
Transactions on Parallel and Distributed Systems (TPDS)
7.
IEEE
Software
Also, I
was reviewer for the Netherlands Organisation
for Scientific Research (NWO) and the National Research Foundation of Korea
(NRF).
Talks
1. Software Security Demonstrated with Android-Applications (German only), Universität Marburg, Germany, October 2014
2. Architectural Risk Analysis for Android Applications (English version), 12th Annual Meeting of the GI Working Group Formal
Methods and Software Engineering for Safety and Security, Bremen, March 2015
3. PortSec-2 IT-Risk Management in Port Community Systems (German only), at the event Crime
Scene Ship: Cyber Security, Bremen, March 2018 (with Dr. Meyer-Larsen,
Institute of Shipping Economics and Logistics)
Other Responsibilities
2.
Information
Security Bremen (more to come)
3.
BremSec-Forum (a network for security officers of organisations; co-organiser: Siemens Bremen
and GDD)
Contact
|
Dr.
Karsten Sohr
Center for Computing Technologies (TZI)
Bibliothekstr. 1
D-28359 Bremen
Germany
|
Phone: +49 421 218 63922
Fax: +49 421 218 7000
E-Mail: sohrATtzi.de
Office: MZH, Room 5100
My PGP key
|
|
|
