Send email Copy Email Address

RESEARCH AREAS

At CISPA, we explore every facet of cybersecurity, privacy, and trustworthy AI to shape a safer and more secure digital future. By addressing today’s complex threats and tomorrow’s emerging risks, we aim to drive innovation and strengthen trust in technology worldwide.

OUR RESEARCH AREAS

Our six research areas cover foundational theories as much as practical defenses, combining algorithmic innovation, secure system design, threat detection, formal verification, and the human factors of security. Together, they reflect our commitment to addressing the most pressing challenges in information security.


Algorithmic
Foundations &
Cryptography

 

Research on algorithms forms the foundation of many technological innovations. We explore how complex computational problems can be solved faster, more securely, and more efficiently. Our researchers develop cryptographic methods that can resist quantum attacks, investigate quantum-based techniques, and design ways to securely process sensitive cloud data without third-party access.

DISCOVER MORE


Trustworthy
Information
Processing

 

Digital technologies are part of our daily lives – from chatting and shopping to visiting the doctor. In the process, people generate vast amounts of data that ought to be processed securely and fairly. At CISPA, we develop methods to protect private and sensitive information without limiting innovation, focusing on privacy guarantees, resilient machine learning, and federated learning to build trustworthy systems.

DISCOVER MORE


Reliable
Security
Guarantees

 

Today’s IT security often feels like a never-ending arms race between attackers and defenders. At CISPA, we aim to break this cycle. Using formal methods based on precise mathematical models, we can systematically eliminate entire classes of attacks. Our researchers develop tools for automated analysis, runtime monitoring, and secure system design — making strong, reliable security guarantees a reality.

DISCOVER MORE


Threat
Detection &
Defenses

 

To protect complex IT systems, we first need a deep understanding of potential attack vectors. At CISPA, we develop methods to reliably detect, predict, and explain threats – even those using evasion techniques. Our research spans DDoS defense, security for industrial control systems, and software protection, aiming for precise detection, minimal false alarms, and autonomous system defenses.

DISCOVER MORE


Secure
Connected &
Mobile Systems

 

Connected systems are the backbone of critical infrastructures such as water and power networks, but their growing complexity also increases their attack surface. At CISPA, we design secure, reliable, and privacy-preserving system architectures. Our research spans software analysis and testing, anomaly detection, and wireless security ­ bridging algorithmic challenges with real-world system building.

DISCOVER MORE


Empirical &
Behavioral
Security

 

Understanding real-world threats is key to building safer technologies. At CISPA, we analyze attacks on critical web applications and user credentials, combining large-scale measurements with empirical research methods. Our research focuses on web security and usable security, aiming to create tools that help developers and users prevent attacks — making security not just stronger, but easier to use.

DISCOVER MORE

WHAT OUR FACULTY SAY

Security research in today’s interconnected world has so many different challenges. I am particularly excited about making complex security and privacy mechanisms more human-friendly.

Dr. Katharina Krombholz
Faculty

We are trying to determine ways to ascertain that current and future systems are secure. To achieve this, we develop analysis frameworks, methodologies, and tools. These enable us to identify attacks and propose more secure solutions.

Prof. Dr. Cas Cremers
Faculty

My group researches novel classes of vulnerabilities in Web applications and builds tools to detect and mitigate them. In addition, we investigate how to best notify affected sites about the vulnerabilities we found. This way, our insights do not only serve us, but can help administrators close their security holes, impacting the overall security of the Web.

Dr. Ben Stock
Faculty

Mobile devices can pose severe privacy threats but at the same time offer with their particular setting great opportunities to create more secure systems that put the users back into control over their data. In our research, we take this opportunity and improve mobile system security from hardware primitives to middleware design to the user's central role in the data protection.

Dr. Sven Bugiel
Faculty

Our research explores the boundaries of what is possible in secure computation: What are the strongest possible security guarantees and strongest functionality we can achieve under the weakest possible assumptions?

Dr. Nico Döttling
Faculty

I see Cyber-Physical Systems as the new frontier of cybersecurity: my goal is to understand threats & defenses based on interactions between physical and digital systems, and to translate cybersecurity principles to engineered systems.

Dr. Nils Ole Tippenhauer
Faculty

Our society regularly faces devastating and largely anonymous cyber attacks. We explore automated, reliable, and accurate methods to identify the origin of cyber attacks -- an important step to hold anonymous attackers responsible for their action.

Prof. Dr. Christian Rossow
Faculty

Recent advances in Artificial Intelligence and Machine Learning offer great benefits to industry and society in general. While we are advancing the state of the art of future intelligent systems, we equally seek compliance with our expectations on security, privacy and safety.

Prof. Dr. Mario Fritz
Faculty

OUR RESEARCH GROUPS

Across six closely connected research areas, CISPA researchers explore the future of information security and trustworthy artificial intelligence. From the mathematical foundations of cryptography and secure algorithms to privacy-preserving machine learning, from formal methods for verified systems to hardware-level security, and from securing connected devices to understanding human behavior in digital contexts — our more than 40 Faculty-led research groups work at the cutting edge of cybersecurity to make tomorrow’s digital world safer, smarter, and more trustworthy.

Discover More

PUBLICATIONS

MOST RECENT PUBLICATIONS

Year 2025

2025-08-25

Open Access Alert: Studying the Privacy Risks in Android WebView’s Web Permission Enforcement

Conference / Medium

ACM ASIA Conference on Computer and Communications Security (AsiaCCS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2025-08-13

Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements.

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Authors
Visit Detail Page
2025-08-13

Double-Edged Shield: On the Fingerprintability of Customized Ad Blockers

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
All Publications

SCIENTIFIC CAREER

If you decide to pursue a scientific career at CISPA, we offer opportunities at all career stages.

Faculty at CISPA

Senior researchers can apply for tenure track and tenured CISPA-Faculty positions in all areas related to cybersecurity, privacy, cryptography and trustworthy artificial intelligence.
© Jennifer Weyland

POST DOC at CISPA

We offer positions for research group leaders and postdocs. Postdocs have the opportunity to work with CISPA-Faculty on existing research lines and to develop their own research agenda.
© Tobias Ebelshäuser

PhD at CISPA

We offer full-time positions to PhD students. Working with our research-group leaders and Faculty, you will acquire new techniques and methods and find support for your research projects.
open job positions