Forschungsschwerpunkte
- Sicherheit von Nutzer*innensystemen
- Privatheit von Daten
- Datensicherheit
- Systemsicherheit
- Maschinelles Lernen für IT-Sicherheit
- Sicherheit von KI-Systemen
- Authentifizierung
- User & Device Tracking
- Ubiquitäre Sicherheit
Vita
Akademische Ausbildung
- Doktor-Ingenieur (IT-Sicherheit)
- Master of Science (IT-Sicherheit)
- Dipl.-Wirt.-Inf. (FH)
Rufe
- WWU Münster, IT-Security (W1) – angenommen
- Cyber Securityangenommen
-
Lehre
Vorlesung
- V/Ü: Information Security [046020]
(zusammen mit Henry Hosseini)
[ - | | wöchentlich | Mo. | LEO 18.3 | Jun.-Prof. Thomas Hupperich]
[ - | | wöchentlich | Do. | LEO 18.3 | Jun.-Prof. Thomas Hupperich]
Seminar
- Doktorandenseminar: ERCIS - Lunchtime Seminar [046025]
(zusammen mit Prof. Dr. Fabian Gieseke, Prof. Dr. Stefan Klein, Prof. Dr. Heike Trautmann, Prof. Dr. Tobias Brandt, Prof. Dr. Bernd Hellingrath, Prof. Dr. Gottfried Vossen, apl. Prof. Christian Grimme, Prof. Dr. Jörg Becker, Dr. Rainer Böhme, Prof. Dr. Herbert Kuchen, Jun.-Prof. Benedikt Berger)
[ - | | wöchentlich | Di. | LEO 18.3 | Jun.-Prof. Thomas Hupperich]
Vorlesung
- Vorlesung: Einführung in die Wirtschaftsinformatik [044000]
(zusammen mit Dr. Armin Stein, Prof. Dr. Jan vom Brocke, Prof. Dr. Fabian Gieseke, Prof. Dr. Stefan Klein, Prof. Dr. Tobias Brandt, apl. Prof. Christian Grimme, Prof. Dr. Bernd Hellingrath, Dr. Bettina Distel, Prof. Dr. Herbert Kuchen, Jun.-Prof. Benedikt Berger, Dr. Katrin Bergener, Prof. Dr. Jörg Becker, apl. Prof. Rolf Teubner)
Seminare
- Doktorandenseminar: ERCIS - Lunchtime Seminar
(zusammen mit Dr. Stephan Meisel, Prof. Dr. Stefan Klein, Prof. Dr. Fabian Gieseke, Prof. Dr. Heike Trautmann, Prof. Dr. Herbert Kuchen, Prof. Dr. Gottfried Vossen, Prof. Dr. Bernd Hellingrath, Dr. Rainer Böhme, Prof. Dr. Jörg Becker) - Seminar: Anleitungen zum wissenschaftlichen Arbeiten
Sonstige Lehrveranstaltung
- Vertiefung: VM Inf: Game Hacking: Einführung in Dynamische Analyse [044067]
(zusammen mit Lukas Schmidt)
Vorlesung
- V/Ü: Information Security [042045]
(zusammen mit Henry Hosseini)
Seminare
- Doktorandenseminar: ERCIS - Lunchtime Seminar [042050]
(zusammen mit Prof. Dr. Fabian Gieseke, Prof. Dr. Stefan Klein, Dr. Stephan Meisel, Prof. Dr. Herbert Kuchen, Prof. Dr. Heike Trautmann, Prof. Dr. Bernd Hellingrath, Prof. Dr. Gottfried Vossen, Prof. Dr. Jörg Becker, Dr. Rainer Böhme) - Seminar: Anleitungen zum wissenschaftlichen Arbeiten [042063]
Sonstige Lehrveranstaltung
- Vertiefung: BA-VM-Inf: Game Hacking: Einführung in Dynamische Analyse [042070]
(zusammen mit Lukas Schmidt)
Vorlesung
- Vorlesung: Einführung in die Wirtschaftsinformatik [040025]
(zusammen mit Dr. Armin Stein, Prof. Dr. Fabian Gieseke, Prof. Dr. Stefan Klein, Dr. Stephan Meisel, Prof. Dr. Tobias Brandt, Prof. Dr. Heike Trautmann, Prof. Dr. Bernd Hellingrath, Dr. Bettina Distel, Prof. Dr. Herbert Kuchen, Jun.-Prof. Benedikt Berger, Dr. Katrin Bergener, Prof. Dr. Jörg Becker)
Seminare
- Doktorandenseminar: ERCIS - Lunchtime Seminar [040064]
(zusammen mit Prof. Dr. Fabian Gieseke, Prof. Dr. Stefan Klein, Prof. Dr. Tobias Brandt, Prof. Dr. Herbert Kuchen, Prof. Dr. Heike Trautmann, Jun.-Prof. Benedikt Berger, Prof. Dr. Bernd Hellingrath, Prof. Dr. Jörg Becker) - Seminar: MA-CS: WiFi Security: Creating a Hackable Device [040105]
- V/Ü: Information Security [046020]
Projekte
- FOR 5393: Die digitale Mittelstadt der Zukunft - Teilprojekt: Vertrauensmanagement in der Digitalen Mittelstadt ( – )
Teilprojekt in DFG-Verbund koordiniert an der Universität Münster: DFG - Forschungsgruppe | Förderkennzeichen: DI 2760/1-1 - Standortübergreifendes Graduiertenkolleg: „North Rhine-Westphalian Experts on Research in Digitalization“ (NERD) - Tandempromotion: "MedMax: Preparing Hospital Environments for Future Cyber lncidents"
( – )
participations in other joint project: MKW - Förderlinie „Digitale Sicherheit“ - Standortübergreifendes Graduiertenkolleg | Förderkennzeichen: 005-2201-0014 - FOR 5393: Die digitale Mittelstadt der Zukunft - Teilprojekt: IT-Sicherheit: Security Orchestration, Automation and Response als Sicherheitsstrategie der mittelstädtischen Digitalisierung ( – )
Teilprojekt in DFG-Verbund koordiniert an der Universität Münster: DFG - Forschungsgruppe | Förderkennzeichen: HU 3005/2-1 - FOR 5393: Die digitale Mittelstadt der Zukunft ( – )
DFG-Hauptprojekt koordiniert an der Universität Münster: DFG - Forschungsgruppe - IIP – Intelligenter lntermodaler Pendlerverkehr ( – )
participations in bmbf-joint project: Bundesministerium für Bildung und Forschung | Förderkennzeichen: 16KISA121
- FOR 5393: Die digitale Mittelstadt der Zukunft - Teilprojekt: Vertrauensmanagement in der Digitalen Mittelstadt ( – )
Publikationen
- . . ‘A Bilingual Longitudinal Analysis of Privacy Policies Measuring the Impacts of the GDPR and the CCPA/CPRA.’ Proceedings on Privacy Enhancing Technologies 2024, Nr. 2: 434–463. doi: https://doi.org/10.56553/popets-2024-0058.
- . . ‘Improving Trace Synthesis by Utilizing Computer Vision for User Action Emulation.’ In Proceedings of the Digital Forensics Research Conference USA (DFRWS USA) 2023. doi: 10.1016/j.fsidi.2023.301557.
- . . ‘Assessing the Security and Privacy of Baby Monitor Apps.’ Journal of Cybersecurity and Privacy 3, Nr. 3. doi: https://doi.org/10.3390/jcp3030016.
- . . ‘Utilizing Blockchains in Opportunistic Networks for Integrity and Confidentiality.’ Blockchain: Research and Applications 100167.
- . . ‘A Tale of Two Regulatory Regimes: Creation and Analysis of a Bilingual Privacy Policy Corpus.’ In Proceedings of the 13th Conference on Language Resources and Evaluation, edited by , 5460–5472. France: European Language Resources Association. doi: https://aclanthology.org/2022.lrec-1.585.
- . . ‘Automated Search for Leaked Private Keys on the Internet: Has Your Private Key Been Pwned?’ In Proceedings of the 17th International Conference on Software Technologies, edited by , 649–656. Lisbon, Portugal: SciTePress. doi: 10.5220/0011308000003266.
- . . ‘Discovering Vulnerabilities and Patches for Open Source Security.’ In Proceedings of the 17th International Conference on Software Technologies, edited by . Lisbon, Portugal: SciTePress.
- . . ‘Improving the Performance of Opportunistic Networks in Real World Applications Using Machine Learning Techniques.’ Journal of Sensor and Actuator Networks 11 (4): 61–90. doi: 10.3390/jsan11040061.
- . . ‘Blossom: Cluster-Based Routing for Preserving Privacy in Opportunistic Networks.’ Journal of Sensor and Actuator Networks 11, Nr. 4: 75. doi: 10.3390/jsan11040075.
- . . ‘Unifying Privacy Policy Detection.’ Proceedings on Privacy Enhancing Technologies 2021, Nr. 4: 480–499. doi: 10.2478/popets-2021-0081.
- . . ‘Secure and privacy preserving structure in Opportunistic Networks.’ Computers and Security 103.
- . . Challenges and Potentials of Digitalisation for Small and Mid-sized Towns: Proposition of a Transdisciplinary Research Agenda Working Papers, Nr. 36. Münster: European Research Center for Information Systems, .
- . . ‘On the Usefulness of User Nudging and Strength Indication concerning Unlock Pattern Security.’ Contributed to the IEEE International Conference On Trust, Security And Privacy In Computing And Communications, Guangzhou.
- . . ‘Opportunistic Tracking in Cyber-Physical Systems.’ Contributed to the IEEE International Conference On Trust, Security And Privacy In Computing And Communications, Guangzhou.
- . . ‘A Secure and Reliable Structure in Opportunistic Networks.’ Journal of Information System Security 2020.
- . . ‘HeadPrint: Detecting Anomalous Communications through Header-based Application Fingerprinting.’ Contributed to the ACM Symposium on Applied Computing, Brno, Czech Republic.
- . . ‘An Empirical Study on Online Price Differentiation.’ Contributed to the ACM Conference on Data and Applications Security and Privacy (CODASPY 2018), Tempe, Arizona, USA.
- . . On the feasibility and impact of digital fingerprinting for system recognition Dissertationsschrift, Ruhr-Universität Bochum, Germany.
- . . ‘May the Force Be with You: The Future of Force-Sensitive Authentication.’ IEEE Internet Computing 21, Nr. 3: 64–69. doi: 10.1109/MIC.2017.78.
- . . ‘An Empirical Study on Price Differentiation Based on System Fingerprints.’ arXiv preprint arXiv:1712.03031 2017.
- . . ‘Leveraging Sensor Fingerprinting for Mobile Device Authentication.’ In DIMVA 2016: Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, edited by , 377–396. Spain: Springer. doi: 10.1007/978-3-319-40667-1_19.
- . . ‘Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness.’ Contributed to the 9th International Conference on Trust & Trustworthy Computing (TRUST), Vienna, Austria. doi: 10.1007/978-3-319-45572-3_3.
- . . ‘Use the force: Evaluating force-sensitive authentication for mobile devices.’ Contributed to the welfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, USA.
- . . ‘On the robustness of mobile device fingerprinting: Can mobile users escape modern web-tracking mechanisms?’ Contributed to the 31th Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA.
- . . ‘Going wild: Large-scale classification of open DNS resolvers.’ Contributed to the 15th ACM Internet Measurement Conference (IMC), Tokyo, Japan.
- . . Mobile Device Fingerprinting.
- . . ‘On the Effectiveness of Fingerprinting Mobile Devices Investigating Modern Web-Tracking Mechanisms.’ Horst Görtz Institut für IT-Sicherheit (HGI) 2015.
- . . ‘Tactile One-Time Pad: Leakage-Resilient Authentication for Smartphones.’ Contributed to the Financial Cryptography and Data Security, San Juan, Puerto Rico. doi: 10.1007/978-3-662-47854-7_15.
- . . ‘Tactile one-time pad: smartphone authentication resilient against shoulder surfing.’ Tech. rep., Horst Görtz Institute for IT-Security (HGI), HGI-2014–003; 2014.
- . . ‘Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.’ Contributed to the 8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, California, USA.
- . . ‘Exit from Hell? Reducing the Impact of Amplification DDoS Attacks.’ Contributed to the 23rd USENIX Security Symposium, San Diego, California, USA.
- . . Amplification DDoS Attacks.
- . . ‘Flexible patient-controlled security for electronic health records.’ Contributed to the ACM SIGHIT International Symposium on Health Informatics (IHI), Miami, Florida, USA.