School of Electrical, Information and Media Engineering

Research on web and data security

// Protection for the digital age


Digital systems are omnipresent - they control our smartphones, secure online banking transactions, regulate access to university networks and enable video conferencing in everyday life. They also ensure convenience and efficiency in modern cars, networked household appliances and wearables such as smartwatches.

However, with this increasing networking, the challenges of protecting these systems against attacks and misuse are also growing. This is precisely where our research comes in: We want to understand how vulnerabilities arise, how attacks work and how we can make digital systems more secure and trustworthy.

Whether you are interested in the security of modern web technologies, defence against sophisticated attacks or the protection of sensitive data - our topics offer exciting insights into current challenges in IT security and invite you to play an active role in shaping a secure digital future.

 

Main research areas

// Web security

  • Browser security: Cross-site leaks, same-origin policy
  • Web protocol security: Single Sign-On, OAuth, OpenID Connect, REST
  • Focusing on vulnerability detection, attack development, and flow analyses

// Data security

  • Document security: PDF, ODF, OOXML
  • Data format security: JSON, XML
  • Focusing on signature, encryption, information leakage, and code execution

Current research projects

// Security and privacy of PDF documents

PDF is the de facto standard for global document exchange. It is used daily by companies, government organisations and civil society.
Due to its widespread use, PDF documents are an attractive target for various attacks, such as malware that exploits gaps in implementation or weaknesses in cryptographic protection and is used for information theft.

In this project, we will address three security topics related to PDF documents: the use and detection of PDF malware, the manipulation of digitally signed PDFs and the detection of data protection leaks in PDFs. Finally, concrete countermeasures will be developed.