Information Systems and IT-Security (Prof. Fischer) | Department of Information Systems

Information Systems and IT-Security (Prof. Fischer)

Over the last years, the Internet has evolved to more and more areas of our daily lives, e.g., financia transactions are communicated via the Internet and a convergence of the classical fixed line telephone network with the Internet to Voice Over IP (VoIP) communication has taken place.
Thus, our society has become more vulnerable from attacks on the availability of the Internet. Denial of Service (DoS) attacks are a severe threat and besides much more sophisticated and targeted attacks on companies and governmental institutions can be observed. To make it worse, as a new trend at the moment, the interconnection of the Internet with cyber physical systems takes place. Such systems, e.g., the energy network (smart grid), transportation systems and large industrial facilities, are critical infrastructures with severe results in case of their failure.
Thus, the Internet that interconnects these systems has evolved to a critical infrastructure itself. While a cyber attack on a web server may only lead to a disruption of an offered service for a certain time, a cyber attack on the smart grid in worst-case may even results in the loss of human lives.

Deriving from this scenario, the main research goal of the IT-Security group lies in maintaining the availability of critical infrastructures and services during cyber attacks. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Both techniques are essential to enable a graceful degradation of the overall system in the presence of attacks. Reactive techniques follow a three step approach:

Detection: The detection of attacks requires a monitoring of the system and thus falls into the research area of intrusion and anomaly detection systems.
Mitigation: The impact of the attack has to be restricted and graceful degradation of the system has to be ensured.
Healing: The impact of the attack has to be healed and normal system operation has to be restored.