Information Security

Information security means the protection of information and information systems.

Security means that the properties confidentiality, integrity and availability (CIA) are fulfilled, considering the dependability and security taxonomy [ALRL2004].

These properties need to be defined with respect to a system, trust and adversary model, and specified in an explicit security goal.

Information can be at rest or in communication, which implies the security of systems as well as protocols and can include hardware security, as well.

Other Interests: [Identity & Privacy]   [Applied Rigorous Methods]

Current Foci: Cloud and Cybercrime Security

  • Cloud Security Verification, which is information security for infrastructure cloud systems. It involves isolation analysis (confidentiality), topology configuration correctness (integrity/availability), and insider attacks (confidentiality, integrity and availability).

  • Cybercrime security (CCCS), which is security against crime committed by or through electronic means. Cybercrime inherently has a physical component as well as a human one.

Related Projects

Selected Papers

Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim. Automated Verification of Virtualized Infrastructures. In Proceedings of the CCS Cloud Security Workshop(CCSW) 2011.

Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson. Automated Information Flow Analysis of Virtualized Infrastructures. In Proceedings of the European Symposium on Research in Computer Security (ESORICS) 2011.

Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi. Browser Model for Security Analysis of Browser-Based Protocols. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), volume 3679 of Lecture Notes in Computer Science, pages 489-508. Springer-Verlag, Berlin Germany, September 2005.

Thomas Groß. Security analysis of the SAML single sign-on browser/artifact profile. In 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, 2003.


[ALRL2004] A. Avizienis, J.-C. Laprie, B. Randell and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing. 1 (1), Jan. 2004, pp. 11-33.