Send email Copy Email Address
Research Group

Backes

Information Security & Cryptography

The group is headed by CISPA director Prof. Dr. Dr. h. c. Michael Backes and focuses on various aspects of IT security and privacy and ranges from the design, analysis, and verification of protocols and systems, mechanisms for protecting end-user privacy, and research on new attack vectors to universal solutions in software and network security. The group is part of CISPA – the German Research Center for IT-Security, Privacy and Accountability.

Head of Group

Michael Backes

Email

Address

Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Members

Sanam Ghorbani Lyastani

Kathrin Grosse

Jie Huang

Robert Künnemann
Placeholder

Marten Oltrogge

David Pfaff

Ivan Pryvalov

Tahleen Rahman

Ahmed Salem

Jonas Schneider-Bensch

Patrick Speicher

Bartlomiej Surma

Marie-Therese Walter

Aurore Fass

Julian Biehl

Min Chen

Ilkan Esiyok

Alexander Fink

Hamid Reza Ghaeini
Placeholder

Inken Hagestedt

Alfusainey Jallow
Placeholder

Ebrima Jallow
Placeholder

Marvin Moog

Tin Nguyen
Placeholder

Banji Olorundare
Placeholder

Parthipan Ramesh
Placeholder

Hamed Rasifard

Sebastian Roth

Michael Schilling

Ezekiel Soremekun

Joshua Steffensky
Placeholder

Nicolas Tran

Marco Vassena
Placeholder

Rui Ye
Placeholder

Zhikun Zhang
Placeholder

Yang Zou
Placeholder

Benoît-Michel Cogliati

Ninja Marnau

Hamed Nemati
Placeholder

Francis Dolière Somé
Placeholder

Guido Patrick Battiston

Most Recent Publications

Year 2021

2021-08-11

PrivSyn: Differentially Private Data Synthesis

Conference / Medium

USENIX-Security
USENIX Security Symposium

Tags
Trustworthy Information Processing
Authors
Download Visit Detail Page
2021-08

Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications

Conference / Medium

USENIX-Security
30th USENIX Security Symposium (USENIX Security 21)30th USENIX Security Symposium (USENIX Security 21)

Tags
Reliable Security Guarantees Secure Mobile and Autonomous Systems
Authors
Download Visit Detail Page
2021-07

Accountability in the Decentralised-Adversary Setting

Conference / Medium

CSF
CSF 2021

Tags
Reliable Security Guarantees
Authors
Download Visit Detail Page
2021-06

On Compositional Information Flow Aware Refinement

Conference / Medium

CSF
IEEE Computer Security Foundations Symposium34th IEEE Computer Security Foundations Symposium

Tags
Trustworthy Information Processing
Authors
Download Visit Detail Page

Year 2020

2020-12

Up2Dep: Android Tool Support to Fix Insecure Code Dependencies

Conference / Medium

ACSAC
Annual Computer Security Applications Conference (ACSAC 2020)

Tags
Secure Mobile and Autonomous Systems
Authors
Download Visit Detail Page

PROJECTS

The common practice of exploitable software which becomes patched, creates a cat-and-mouse game that cannot be tolerated in the presence of critical infrastructure or personal data.
In order to mitigate this cat-and-mouse game, we need new technologies that revolutionize the way systems are build and maintained. Our research area tackles this problem by giving foundations for the system design that incorporate security-by-design and methods for the analysis of existing systems. We currently in particular have a strong focus on conceptually understanding adversarial machine learning and its implications on security-critical systems.

With the advent of Online Social Networks and other Online Services, users, often unknowingly, publicly disseminate tremendous amounts of personal information through their online interactions. All of this information is then readily available to data collectors which use it for personal gain or for malicious actions against the user.
Protection of personal data is therefore of paramount importance in a day and age where data disseminated in the Internet, is completely visible and available to anyone who wants to collect it. In our group we develop foundational methods for quantifying privacy and anonymity in the Internet. Our methods allow for the analysis of existing privacy-enhancing technologies, but also for the development of novel, privacy-enhancing solutions. A particular focus at the moment is privacy assessment and protection for genetic data.

Not only smartphones and tablets have become ubiquitous but also everyday household appliances and infrastructure have been computerized – or became ‘smart’. The endless possibilities of app stores have brought diversity and ingenuity to the way we interact with our world. However, the simplicity of developing and distributing apps together with their omnipresence has made it easy for attackers to gain access to our most personal data or extort us, all under the pretext of being a helpful app.
We conduct research as to how to protect user’s data and privacy on mobile, embedded, and other’smart’ devices, we analyse attacks and data breaches and we construct more secure operating systems.

Usable security and privacy research became an important field of research over the last decade. While many IT security mechanisms offer (very) strong security guarantees in theory, humans are a limiting factor in many cases. Choosing secure passwords, understanding and adhering SSL warning messages or encrypting email is a tough challenge for end users. Developers struggle with using secure cryptographic APIs and webmasters are overwhelmed with configuring X.509 certificates. We collect real data from real users of IT security systems and then build systems to help users make sensible decisions.

NEWS

Oct 18, 2018

4 papers at EuroS&P accepted
Sep 24, 2018

Michael Backes co-chairing ACM CCS 2018 Program Committee
May 11, 2018

Two Publications at IEEE EuroS&P 2018