CASED is funded by
Secure Services Research Department
Head of Department: Prof. Dr. Max Mühlhäuser
Coordinator: Dr. Sheikh Mahbub Habib
“How can the security and reliability of on-demand, component-based services be guaranteed over their full life-cycle – from development to execution?”
A powerful new stimulus for innovation is currently coming from the information technology (IT) sector, more precisely from the internet of things and, on a still broader scale, from the internet of services.
Everyday equipment and business transactions taking place in the real world are connected online with software intelligence in the background via ubiquitous computers embedded in objects and surroundings (the internet of things) or portable consumer equipment. All types of business transactions are increasingly being represented by internet services and the whole business process will, in the future, happen on the net: services (and by implication also goods) are sought, traded, negotiated and connected to more complex services globally on the net.
IT security is of central importance for the speed and success of all the above developments. Consequently IT security is facing substantially new problems, which are primarily of a technical nature (key word: IT security for services) or primarily of an operational and legal nature with significant technical implications. Research and technology transfer is, therefore, required particularly in the field of IT security for the internet of services (in short: “secure services”).
The re-use of services and global collaboration extending across domains between service providers and service users are key features of the internet of services. The security and reliability of on-demand, component-based, service-based applications and their integration into existing and new business processes represent a major challenge with completely new security requirements.
The CASED “Secure Services” research department is developing innovative solutions which support secure services throughout their full life cycle. The overall objective is to develop an approach encompassing the life cycle, extending from development and composition, through provision to execution. CASED is, therefore, engaged in particular in the following tasks:
In relation to the development, composition and provision of services, providers must be able to give guarantees of security and either enforce observance of these or make the degree of observance verifiable. Only thus can the service infrastructure and users respond adequately. The open internet of services requires appropriate risk management, especially in the case of development and performance.
Techniques for providing protected services on the open service platforms of the future are necessary for secure performance; this relates as much to secure high-performance communication mechanisms as to mobile access. Moreover, the aspect of trustworthiness closely associated with IT security must be incorporated; in the light of IT supported business transactions, new types of approaches are required for this. Moreover, new types of threats, requiring new identification and protection mechanisms, are arising on the internet of services through malware.By developing solutions closely matched to each other in all the above fields, security properties can be verifiably maintained over the full life cycle of a service.
Of particular importance is the incorporation of both operational and legal aspects of the business process based on the life cycle of negotiable IT services. These interlink in many respects, for example in the case of liabilities and guarantees. From a legal point of view, both conformity of the new concepts with the applicable laws and (in the case of incompatibility) further development of these are to be investigated.
Contact
Head
Prof. Dr. Max Mühlhäuser
CASED
Mornewegstraße 32
64293 Darmstadt
Tel.: +49 6151 16-23200
Fax: +49 6151 16-23202
max.muehlhaeuser
cased.de