RESEARCH AREAS
At CISPA, we explore every facet of cybersecurity, privacy, and trustworthy AI to shape a safer and more secure digital future. By addressing today’s complex threats and tomorrow’s emerging risks, we aim to drive innovation and strengthen trust in technology worldwide.
Our six research areas cover foundational theories as much as practical defenses, combining algorithmic innovation, secure system design, threat detection, formal verification, and the human factors of security. Together, they reflect our commitment to addressing the most pressing challenges in information security.
Research on algorithms forms the foundation of many technological innovations. We explore how complex computational problems can be solved faster, more securely, and more efficiently. Our researchers develop cryptographic methods that can resist quantum attacks, investigate quantum-based techniques, and design ways to securely process sensitive cloud data without third-party access.
Digital technologies are part of our daily lives – from chatting and shopping to visiting the doctor. In the process, people generate vast amounts of data that ought to be processed securely and fairly. At CISPA, we develop methods to protect private and sensitive information without limiting innovation, focusing on privacy guarantees, resilient machine learning, and federated learning to build trustworthy systems.
Today’s IT security often feels like a never-ending arms race between attackers and defenders. At CISPA, we aim to break this cycle. Using formal methods based on precise mathematical models, we can systematically eliminate entire classes of attacks. Our researchers develop tools for automated analysis, runtime monitoring, and secure system design — making strong, reliable security guarantees a reality.
To protect complex IT systems, we first need a deep understanding of potential attack vectors. At CISPA, we develop methods to reliably detect, predict, and explain threats – even those using evasion techniques. Our research spans DDoS defense, security for industrial control systems, and software protection, aiming for precise detection, minimal false alarms, and autonomous system defenses.
Connected systems are the backbone of critical infrastructures such as water and power networks, but their growing complexity also increases their attack surface. At CISPA, we design secure, reliable, and privacy-preserving system architectures. Our research spans software analysis and testing, anomaly detection, and wireless security bridging algorithmic challenges with real-world system building.
Understanding real-world threats is key to building safer technologies. At CISPA, we analyze attacks on critical web applications and user credentials, combining large-scale measurements with empirical research methods. Our research focuses on web security and usable security, aiming to create tools that help developers and users prevent attacks — making security not just stronger, but easier to use.
Security research in today’s interconnected world has so many different challenges. I am particularly excited about making complex security and privacy mechanisms more human-friendly.
We are trying to determine ways to ascertain that current and future systems are secure. To achieve this, we develop analysis frameworks, methodologies, and tools. These enable us to identify attacks and propose more secure solutions.
My group researches novel classes of vulnerabilities in Web applications and builds tools to detect and mitigate them. In addition, we investigate how to best notify affected sites about the vulnerabilities we found. This way, our insights do not only serve us, but can help administrators close their security holes, impacting the overall security of the Web.
Mobile devices can pose severe privacy threats but at the same time offer with their particular setting great opportunities to create more secure systems that put the users back into control over their data. In our research, we take this opportunity and improve mobile system security from hardware primitives to middleware design to the user's central role in the data protection.
Our research explores the boundaries of what is possible in secure computation: What are the strongest possible security guarantees and strongest functionality we can achieve under the weakest possible assumptions?
I see Cyber-Physical Systems as the new frontier of cybersecurity: my goal is to understand threats & defenses based on interactions between physical and digital systems, and to translate cybersecurity principles to engineered systems.
Our society regularly faces devastating and largely anonymous cyber attacks. We explore automated, reliable, and accurate methods to identify the origin of cyber attacks -- an important step to hold anonymous attackers responsible for their action.
Recent advances in Artificial Intelligence and Machine Learning offer great benefits to industry and society in general. While we are advancing the state of the art of future intelligent systems, we equally seek compliance with our expectations on security, privacy and safety.
If you decide to pursue a scientific career at CISPA, we offer opportunities at all career stages.