Secure Connected and Mobile Systems
Faulty computer systems allow for spying on, as well as sabotaging even the most security-critical infrastructures -- this means that in daily life, our energy supply network, water supply, health network, communication network, transportation network, etc. are under continuous risk. Moreover, mobile, real-time and embedded systems are part of virtually all modern technologies such as cars, airplanes, robotics, etc, creating an even larger attack surface. When we in addition consider how strongly many of these systems are interconnected, that they can take autonomous decisions, and the implied efficiency and speed of attacks, it is easy to see we need a next generation of attack response that has to be autonomous and spontaneous as well. This research area explores the secure and dependable design and implementation of exactly such mobile and autonomous systems in security-critical domains. It strives to eventually span the entire range from the exploration of fundamental algorithmic issues to actual systems-building, and it particularly emphasizes the intersection of both research approaches. In the last years, topics of particular importance within this research area were: Android security in various facets, ranging from the in-depth analysis and testing of Android applications and the Android middleware, to Android security extensions, usability studies and solutions to the problems identified therein; as well as investigating the use of machine learning techniques in various security-relevant domains, in particular contributing to the novel area of adversarial machine learning in order to account for manipulated data that is input to autonomous systems.