During my career the following research areas have become my main focus points.


In conjunction with proper authentication mechanisms proper authorization of access requests is crucial to ensure the security of a service and the related data. While the standardization of role-based access control has been a great advancement to support authorization within an organization, it does not consider additional attributes of a user especially in which organizational unit (department, team etc) this role is executed. In larger organizations a single administration point is not suitable to model appropriate policies, thus a distributed administration has to be provided [3,5,6,9]. These to aspects have been the key components of my PhD thesis [10], which also ensured that organizational hierarchies are strictly observed.

These distributed definition of policies could also be supported by extending the XACML standard as shown during the EU FP7 project SWIFT [16,18,19]. While working with XACML several other application areas including controlling the utilization of media devices [14,15] and choosing the most appropriate authentication method [25] have been investigated and prototyped. An important feature in addition to the actual authorization decision are obligations which could be used to trigger the said additional activities. In a distributed environment it has to be ensured that these obligations are understood by all components [20]. As a matter of course some work has been done to ensure a fast evaluation of such XACML policies [26].

Identity Management

Integrating and bridging between various identity protocols such as SAML, Liberty Alliance or OpenID has been part of my research work at NEC Laboratories Europe, which included also various activities in standardization bodies. Utilizing different identities to ensure the privacy of a user in web context as well as in modern IMS based networks has been another area.

Security Analytics

Recently, protecting IT and critical infrastructures has become a focus of my research work. As existing methods are failing against advanced persistent threats analyzing all kind of logs and traffic information of a system enables us to determine the baseline behavior and detect outliers. Although the volume as well as the velocity of the related data is huge, technologies like Hadoop and Storm are tackle this Big Data challenge in real-time.