Previous Research Projects

(This list is not exhaustive. I plan to provide more information soon.)

E-Health and System Security

I was the project coordinator and acting manager for two R&D projects in the System Security Lab at Ruhr-University Bochum. I led a small team consisting of fulltime research assistants as well as students, and we worked in both development and research efforts of the projects. As the two projects were industry-oriented R&D projects, I was also responsible for coordinating our work with the industry partners.

In the project RUBTrust/MediTrust we aimed at developing and evaluating a secure and trustworthy client platform for the administration and processing of sensitive data. RUBTrust concerns data of students in an electronic administration system of a university, and MediTrust concerns electronic health data of patients. Both projects included an intensive end-user study to evaluate the usability of the underlying security mechanisms.

In the project e-Business Plattform für Gesundheit (eBPG) we designed and developed a cryptographic protection of health care data that can be stored at decentralized and outsourced places (e.g. in the cloud). The cryptographic mechanism should be compatible to existing access control and management frameworks, but it should also be usable in practice, especially for older or technology-unskilled people. We developed a fully functioning prototype ranging from a OpenXDS-based electronic health record database, an own user front-end implementation, and of course the encryption and security components that allowed an easy to use end-to-end encryption of the health data.

Secure Password Manager

One of my main research projects was TruWallet, a wallet-based web authentication security architecture. It uses a password wallet to store login information for web sites, such as online banking or e-commerce sites, and a security kernel with trusted computing support to provide a secure and isolated execution environment for the wallet. The protected execution environment prevents malware or other unauthorized software from reading the passwords from the wallet database. The wallet itself verifies the legitimacy of websites and inserts automatically the login credentials on behalf of the user. Hence, the user does not need to care about checking websites or even about remembering all the passwords for all used websites and accounts. For more information, see the TruWallet project website (at Ruhr-University Bochum).