Operating System Security
Operating systems are the basic underlying software on a computer that provides services and manages the resources of the system for user applications. Commonly used operating systems on PCs have fundamental architectural security problems which results in a major problem for privacy and security of private, organizational or even governmental data.
Research in secure operating systems exists for decades. But still, those principles are not transferred and integrated in standard operating systems for most devices, such as PCs or mobile phones. One reason for this lack of integration is because secure operating systems require a lot of work (strict design rules, formal specifications and proofs, etc.), which is very costly for standard systems. Hence, vendors do not want to have those costs and reject to incorporate well-known security concepts.
In one major line of work (during my PhD studies), I have analyzed how well-known security principles (such as the principle of a security kernel) can be integrated easily and efficiently (meaning with low cost) into operating systems for PCs and other main stream computing devices. Another line of my work was about exploring new technologies that can be integrated into operating system to provide new security functions. You can also read more about this in my section on Trusted Computing.
Research Works
Journal of Network and Computer Applications, Vol. 38, February 2014.
9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, 2013.
Technical Report HGI-TR-2013-002, Ruhr-University Bochum, 2013.
Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), ACM, 2010.
Technical Report HGI-TR-2010-002, Ruhr-University Bochum, 2010.
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.
Technical Report HGI-TR-2010-001, Ruhr-University Bochum, 2010.
4th International Workshop on Secure Systems Methodologies Using Patterns (SPattern 2010), Proceedings of ARES 2010: International Conference on Availability, Reliability, and Security., pp. 569-573, IEEE Computer Society, 2010.
20th International Workshop on Database and Expert Systems Application, (SPattern 2009: 3rd International Workshop on Secure Systems Methodologies Using Patterns), IEEE Computer Society, 2009.
Diplomarbeit, Universität Bonn, 2002.