Junior Professorship of Computer Science
Headed by Professor Lucas Davi, the research group of Computer Science (secure software systems) researches practical issues in systems and software security. The development of innovative security technologies to prevent software attacks is a high priority. Such attacks exploit security gaps in software in order to manipulate the regular program flow and execute malware. The research groups studies a variety of computer architectures and application domains. It develops innovative update mechanisms for microcomputers used in embedded systems that can fix security gaps during the system runtime. In particular, this allows medical devices to be updated without a restart. In the field of PC software, the researchers carry out automated security analyses for trusted execution environments, such as Intel SGX and ARM TrustZone. Their analyses of software used for fingerprint sensors in Dell, HP and Lenovo laptops have detected severe security issues and helped the manufacturers safeguard their systems. In the field of blockchain technologies, the group has worked on the development of analytics systems and update mechanisms for smart contracts in partnership with NEC Laboratories Europe. Their project has shown that attacks on smart contracts (in particular, re-entrancy attacks), which have facilitated the theft of more than 50 million US dollars’ worth of cryptocurrency in the past, can be prevented. Based on the analytics technology produced for this purpose, the researchers developed the first automated update mechanisms for smart-contract software, allowing blockchain developers to protect the vulnerable smart-contract code quickly and effectively. The research group is currently funded within the scope of major DFG projects. In the Collaborative Research Centre CROSSING, they develop attestation protocols that enable the use of verification mechanisms for embedded platforms. In the DFG Excellence Cluster CASA, the group studies analytics tools for secure computing environments and mechanisms to ward off software attacks on PC software, such as web browsers. A further DFG-funded project in the Nano-Security Priority Programme focuses on developing security solutions for future embedded platforms. Professor Davi has been a member of the editorial boards of ACM Transactions on Privacy and Security (TOPS) and a programme committee member of the most renowned IT security conferences: ACM CCS, USENIX Security, PETS and ISOC NDSS.