Cyber Resilient Architectures and Security (CRAS)
How secure is our networked world?
We are currently experiencing the digital transformation of our economy and society. This fundamental change is accompanied by extensive digitization and networking in all areas, creating a world in which the previous separation between off - and online no longer predominates. The physical world is merging with the digital world.
This presents many new opportunities and possibilities, but also an equal number of challenges and risks.
ICT security in particular can no longer rely solely on established models and solution strategies. The trinity of privacy, integrity, and availability as the fundamental base of IT-Security must be reconsidered and revised to fit the new global cyberworld. In the networked world, previously self-suffi cient systems have suddenly become elements of a global "system of systems". The fusion of heterogeneous application systems increases the number of targets for cyberattacks and their harmful effects. Security gaps in soft- and hardware represent one of the biggest challenges, since they are deeply rooted in these systems’ own development histories. Over and above this, the deep integration of, and high level of interdependency between, ICT and physical systems present new areas for attack, for which innovative defense concepts are hard to find.
The discovery of the ›Meltdown‹ hardware gap, that can be exploited using the ›Spectre‹ attack scenario, illustrated that full protection against cyber-attacks can never be guaranteed. Such gaps in security as these serious processor errors often remain undiscovered for years, during which time they can be exploited by attackers. A further problematic issue is soft- and hardware components that use outdated security solutions that, in addition to this, were often never intended to be used within a system of systems. These solutions often lack basic options for retrospective back-ups, such as patch management. Security experts have thus been giving warnings about inadequate quality control in the Internet of Things for many years now. The fight for market share often comes at the cost of product security, in turn often fi rst made possible by the lack of quality control standards.
The Cyber Resilient Architectures and Security competence cluster is addressing these challenges, answering them with a four-point model that makes systems robust, stable, and adjustable when faced with flexible, cooperative, intelligently acting attackers:
- A state-of-the-art security architecture for end-point and communications security provides the basis.
- A resilience architecture mitigates the eff ects and scope of impact of attacks.
- Metrics, methods, processes, and standards to measurably and verifiably secure the elements of these architectures and their interaction in development, evolution, and implementation.
- Usability and controllability of key user interfaces despite increasing system complexity.
Persons
B
E-Mail: susanne.boll(at)informatik.uni-oldenburg.de, Phone: +49 441 9722-213, Room: O 47
D
F
E-Mail: martin.fraenzle(at)offis.de, Phone: +49 441 9722-566, Room: D 119/120
E-Mail: sibylle.froeschle(at)offis.de, Phone: +49 441 9722-521, Room: SUG09
K
E-Mail: Christina.Kronberg(at)offis.de, Phone: +49 441 9722-161, Room: I6-U03
L
E-Mail: sebastian.lehnhoff(at)offis.de, Phone: +49 441 9722 240, Room: O 50
M
E-Mail: jorge.marx-gomez(at)offis.de, Phone: +49 441 798 - 4470, Room: A4-3-315
N
S
U
V
E-Mail: Sebastian.vander.maelen(at)offis.de, Phone: +49 441 9722-176, Room: SEG08
Projects
P
Polymorphic agents as cross-sectional software technology for the analysis of the operational safety of cyber-physical systems
Duration: 2019 - 2022S
Software Methods and Technologies for Modular Updates of Cyber-Physical Systems
Duration: 2018 - 2021
Publications
2019
Michael Brand, Shoaib Ansari, Felipe Castro, Ranim Chakra, Batoul Hage Hassan, Carsten Krüger, Davood Babazadeh, Sebastian Lehnhoff; PowerTech; 2019
Fischer, Lars and Memmen, Jan-Menno and Veith, Eric M. S. P. and Tröschel, Martin; ENERGY 2019, The Ninth International Conference on Smart Grids, Green Communications and IT Energy-aware Technologies; 2019
Eric M.S.P. Veith, Lars Fischer, Martin Tröschel, Astrid Nieße; International Conference on Artificial Intelligence, Robotics and Control; December / 2019
Brand, Michael and Babazadeh, Davood and Lehnhoff, Sebastian and Engel, Dominik; EPJ Web of Conferences; 2019
2018
Farhat, Soha and Hassan, Batool Hage and Samhat, Abed Ellatif; 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob); 2018
Lars Fischer and Sebastian Lehnhoff; Handbook on Resilience of Socio-technical Systems; 2018
Jithin Zacharias and Sibylle Fröschle; 2018 IEEE Vehicular Networking Conference (VNC); 2018
Marie Clausen, Marion Gottschalk, Sebastian Hanna, Christina Kronberg, Christine Rosinger, Maike Rosinger, Judith Schulte, Johann Schütz, Mathias Uslar; CIRED WORKSHOP 2018 proceedings "Microgrids and local energy communities"; June / 2018
2017
Sibylle Fröschle and Alexander Stühring; European Symposium on Research in Computer Security (ESORICS'17), Part I; 2017
Marion Koelle and Yvonne Brück and Vanessa Cobus and Wilko Heuten and Susanne Boll; Datenschutz und Datensicherheit; 2017
