The University of Passau, a unique campus university in Bavaria/Germany, was founded in 1978 with faculties of catholic theology, law, humanities, and economics. Soon after, the Faculty of Computer Science and Mathematics was founded and accepted its first
students. Since then, it has developed into one of the premier academic addresses in Germany, as regularly confirmed in rankings (CHE Ranking 2009: Among the top four computer science departments and among the top three faculties of law).
The university's Institute of IT-Security and Security Law (ISL) is characterized by its interdisciplinary approach to computer science, law, and economics. For the first time,
the technical and economical aspects of IT security are extended to the dimension of law. With this concept, ISL is unique in Germany. Moreover, with this interdisciplinary focus on IT security, the institute has a broad research field and can serve a broad market. Synergy between theory and practice as well as among research and industry are in ISL's focus. The institute is part of the University of Passau's faculty of informatics and mathematics as well as part of the faculty of law. The involved chairs are:
- Chair of IT-Security (Prof. Dr. Joachim Posegga)
- Chair of Computer Networks and Communications (Prof. Dr. Hermann de Meer) Chair of Security in Information Systems (Prof. Dr. Hans Reiser)
- Chair of Public Law, in particular Security Law and Internet Law (Prof. Dr. Dirk Heckmann)
- Chair of Public Law, Information Technology Law and Legal Informatics (Prof. Dr. Gerrit Hornung)
The ISL offers the following services to the public and private sector: expert advice and seminars, surveys and analyses of IT products and information systems, development of IT security concepts for enterprises and civil services, consulting and support for audits of information systems, analysis of law compliance for security critical systems, industrial research in general, consulting and support in establishing IT security with respect to functional safety, as well as consulting and support in safety analysis according to functional safety in different areas.
One major research area of the IT-Security group that will contribute to this project focuses on the domain of software and application security. The group has addressed common problems of web applications (e.g., [71, 72,73, 74]). Appropriate work has been conducted in publicly funded projects (e.g. BMWi project secologic) and in industry funded projects (e.g., scanstud, SSMC – Secure Session Management Component), in particular research funded by the Siemens CERT in Munich.
The ISL's more recent work focuses on the application of known software security technologies in the mobile, distributed, adapting, and resource restrictive domain of mobile devices and sensor platforms (e.g., [75, 76, 77]). It benefits from previous work conducted in the European Integrated Project BIONETS. The latter developed
feasible mechanisms to support the security infrastructures of self-adapting and self-evolving services in
distributed and mobile runtime environments. Synergies with other projects, such as the FP7 STReP project
WebSand, in which the IT-Security group is a work package leader, are evident.
The group also addresses the design of modular and flexible security specification languages (e.g., [78, 79],). Insights and results gained from this work and from appropriate projects (e.g., BMBF project ORKA: Organisational Control Architecture: From static rights management to dynamic organization-based control, FP6
Integrated Project R4eGov), represent valuable input for the integration of policy specification with software security analysis mechanisms planned in this proposal.
Other activities, along with the expertise of this group in the domain of trusted computing architectures (e.g., [80, 81, 82, 83, and 84]), is combined with the group's research on sensor platforms. The group has investigated the coupling of long-distance sensor platforms with smart cards and has developed an appropriate hardware platform. This supported the research conducted in the publicly funded BMBF project RESCUE-IT and will partly influence the work of COMPOSE.