Information Security
We Advance IT Security
The Information Security Research Group of the InIT is the first address for education and applied research and development in the field of information security in the Zurich area and beyond. Our vision is to combine science and practice to develop innovative security solutions for companies and the public to ensure the cyber security of tomorrow.
The knowledge gained from applied research and development also flows into our educational programs in the Bachelor's, Master's, PhD and Continuous Education program.
The Information Security research group is part of the ZHAW Cybersecurity Community.
Security by Design
In the area of security by design, we develop systems and methods that integrate security into the design process from the outset. This includes systems with security functions, such as cybersecurity management systems for organizations or systems to support analysts in a Security Operation Center (SOC), as well as systems in which security is only a means to an end, such as the development of secure communication networks or the secure processing of sensitive data.
A current project in this research area:
In the HD.ng++ project we develop a system to support a cybersecurity analyst in a Security Operations Center (SOC). The developed system provides meta-information about domains and IP addresses to support SOC analysts in the investigation of potentially malicious domains or IP addresses.
Security Analysis
In the field of security analysis, we examine systems for potential vulnerabilities. We are interested in a wide range of systems, from hardware-based communication systems to applications and firmware on mobile devices to web applications. We use our specialist knowledge for the analysis and develop systems that search for vulnerabilities as automatically as possible. Through our work, we can warn those affected of potential threats while advancing the state of the art of analysis tools.
A current project in this research area:
In the FirmewareDroid project, we identify the current difficulties and limitations that hinder security researchers in performing a dynamic analysis of pre-installed Android software components, such as pre-installed apps or native libraries. Based on the results of a literature review, we derive potential solution ideas and develop a concept for a security testing framework that enables researchers to dynamically test pre-installed Android software. We test the concept with proof-of-concept prototypes that demonstrate the feasibility of our basic solution ideas. We then use these prototypes to analyze a large data collection of Android firmware for potential vulnerabilities.
Continuing Education
Our CAS Applied IT Security (German only) offers the opportunity to computer scientists, practitioners and career changers the opportunity to build and enhance their foundation in IT Security, one of the most important growth markets in IT. Participants will be introducted into security architecture and management, cryptology and network security as well as software and systems security. They will be given the opportunity to apply their new skills in extensive and practice oriented labs.
As part of the reorganization of the research database, the previous lists of research projects are no longer available. Die Zukunft geht in Richtung Volltextsuche und Filterung, um bestmögliche Suchergebnisse für unsere Besucher:innen zur Verfügung zu stellen.
In the meantime, you can easily find the projects via text search using the following link: «To the new search in the project database»
-
Trammell, Ariane; Gehring, Benjamin; Isele, Marco; Spielmann, Yvo; Zahnd, Valentin,
2024.
Towards automated information security governance [paper].
In:
Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP.
10th International Conference on Information Systems Security and Privacy (ICISSP), Rome, Italy, 26-28 February 2024.
SciTePress.
pp. 120-127.
Available from: https://doi.org/10.5220/0012357500003648
-
Ochoa Ronderos, Martin; Vanegas, Hernán; Toro-Pozo, Jorge; Basin, David,
2023.
SealClub : computer-aided paper document authentication [paper].
In:
ACSAC '23: Proceedings of the 39th Annual Computer Security Applications Conference.
39th Annual Computer Security Applications Conference (ACSAC ’23), Austin, TX, USA, 4–8 December 2023.
New York, NY:
Association for Computing Machinery.
pp. 163-177.
Available from: https://doi.org/10.1145/3627106.3627176
-
Basin, David; Guarnizo Hernandez, Juan David; Krstic, Srđan; Nguyen, Hoang; Ochoa Ronderos, Martin,
2023.
Is modeling access control worth it? [paper].
In:
CCS '23 : Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security.
30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, 26-30 November 2023.
Association for Computing Machinery.
pp. 2830-2844.
Available from: https://doi.org/10.1145/3576915.3623196
-
Heeb, Zeno; Kalinagac, Onur; Soussi, Wissem; Gür, Gürkan,
2023.
IoMiRCA : root cause analysis in IoT-extended 5G microservice environments [poster].
In:
SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing.
38th ACM/SIGAPP Symposium on Applied Computing (ACM SAC), Tallinn, Estonia, 27-31 March 2023.
New York:
Association for Computing Machinery.
pp. 106-108.
Available from: https://doi.org/10.1145/3555776.3577840
-
Sutter, Thomas; Tellenbach, Bernhard,
2023.
FirmwareDroid : towards automated static analysis of pre-installed android apps [paper].
In:
Klein, Jacques; Wei, Lili, eds.,
2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft).
10th International Conference on Mobile Software Engineering and Systems (MOBILESoft), Melbourne, Australia, 14-15 May 2023.
IEEE.
pp. 12-22.
Available from: https://doi.org/10.1109/MOBILSoft59058.2023.00009