Service & Application Security

In the year 2009, the Fraunhofer AISEC (using its former term Fraunhofer SIT) published the first comprehensive, German-language study of security in the field of cloud computing. Key results comprised of a systematic taxonomy for the analysis of security as well as guidance for the users of cloud computing services. A detailed, subsequent analysis of the market leaders in cloud computing on behalf of the Federal Office for Information Security (BSI), which ended in spring 2011, revealed deep insights into the state-of-the-art of developments and technology of the most widespread, commercial service offerings in cloud computing. In addition to this, we conduct interoperability and practical comparative analysis of these offerings with open-source solutions in our laboratory.

Fraunhofer AISEC supports customers with the conception, the design, the realization and evaluation of security and reliability related aspects, as well as the robustness of SOA and Cloud solutions. Consultation of users of cloud computing service offerings, such as small and midmarket businesses, is carried out by Fraunhofer AISEC in the areas of business process outsourcing and applications in cloud computing environments. We conduct security research and analysis and, where appropriate, develop tailored applications that enable the secure and comfortable usage of cloud computing service offerings. This includes the use of innovative technologies, which enable Security-as-a-Service, e.g. identity management in the sense of Identity-as-a-Service.

• Compliance to Web Application Security standards in accordance to OWASP
• Systematic identification of risks and scenarios of improper use in service infrastructures (including analysis for a need of protective measures, abuse-case-modeling, threat modeling)
• Implementation and introduction of monitoring concepts for the vertical surveillance of cloud infrastructures
• Execution of seamless resource migrations between cloud ecosystems using cloud roaming techniques
• Implementation of particular cryptographic algorithms in order to secure service infrastructures
• Integration and safeguarding of the interoperability of identity management systems in general and the New Identity Card in particular

• P. Stephanow, C. Banse and J. Schütte. "Generating Threat Profiles for Cloud Service Certification Systems". In: 17th IEEE High Assurance Systems Engineering Symposium (HASE), 2016.
• J. Schütte and G. Brost. "A Data Usage Control System using Dynamic Taint Tracking". In: Proceedings of the International Conference on Advanced Information Network and Applications (AINA), March 2016.
• M. Gall and G. Brost. "K-word Proximity Search on Encypted Data". In: Proceedings of the International Conference on Advanced Information Network and Applications (AINA), March 2016.
• C. Banse and S. Rangarajan. "A Secure Northbound Interface for SDN Applications". In: The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2015.
• I. Tsvihun and G. Brost. "Cloud Security - Sicherheit in der Wolke". ISIS Cloud & SaaS Report, Edition 2011.
• P. Stephanow, I. Tsvihun and A. Ruppel. "BITKOM Leitfaden: Cloud Computing - was Entscheider wissen müssen". Cloud Computing und Informationssicherheit, 2010.