Projects
Dezentrale digitale Unterstützung für Pflegebedürftige und ihre An- und Zugehörigen
DECURA
February 2026 - January 2029 (ongoing)
The DECURA research project addresses a challenge that often arises suddenly: family members and other close individuals find themselves unexpectedly responsible for home care, facing a steep learning curve in a short period of time. The project investigates how digital tools can provide concrete support in this situation – for example through clear, personalised guidance on carrying out care procedures or using assistive devices, as well as digital assistance with the often burdensome communication with care insurance funds and other institutions. A particular focus is placed on the protection of sensitive personal data: unlike many digital applications, DECURA takes a decentralised approach, processing data locally on users’ own devices wherever possible so that individuals retain control over their personal information. The project is funded by the Federal Ministry for Research, Technology and Space with two million euros and is carried out by a consortium of five partners led by the German Institute for Applied Nursing Research (DIP) in Cologne, including the Institute of Computer Science at Justus Liebig University Giessen.
DREAM
November 2025 - October 2028 (ongoing)
The DREAM project develops innovative solutions for secure and autonomous cloud usage through decentralized data spaces, which enable companies - especially SMEs - to maintain maximum control over their data while ensuring high flexibility and compliance.
HuSecMe
November 2025 - October 2026 (ongoing)
Im Vorhaben „HuSecMe“ soll eine Plattform entwickelt werden, mit deren Hilfe die Wirksamkeit von Security-Awareness-Maßnahmen niedrigschwellig, skalierbar und datengestützt ausgewertet werden kann. Mit Methoden der empirischen Sozialforschung soll der durch die Maßnahmen erzielte Lerneffekt in Organisationen untersucht werden. So wird eine fundierte Bewertung der Wirksamkeit möglich. Die Ergebnisse sollen in Form eines differenzierten Wirksamkeits-Scores aufbereitet und über ein Dashboard verständlich visualisiert werden. Damit zielt das System darauf ab, den Zugang zu komplexen Fragestellungen rund um die Wirksamkeit von Security-Awareness-Maßnahmen in Organisationen zu vereinfachen und exemplarisch anhand verschiedener Anwendungsfälle wie Phishing-Simulationen, Awareness-Trainings oder Policy-Maßnahmen abzubilden.
Unboxing.IoT.Privacy
November 2023 - October 2026 (ongoing)
The aim of Unboxing.IoT.Privacy is to develop tool-supported evaluation procedures and metrics that, on the one hand, enable all citizens to make an informed privacy assessment of IoT products before making a purchase decision and, on the other hand, enables the general public to carry out methodical, structured and comprehensible tests of IoT products and to provide the test results via a platform, based on the product life cycle from purchase selection to initialisation, operation, update management, decommissioning and disposal.
CrossComITS
July 2022 - December 2025
The CrossComITS research project seeks to train users from vulnerable target groups to become security mediators through a train-the-trainers concept based on technical courses, and thus to serve as contact persons for IT security in the community.
Developer-centric Tools for Side-Channel Analysis
DevToSCA
July 2022 - December 2025
The goal of the project DevToSCA is to investigate automated methods for testing the side-channel resistance of applications during software development and deployment, reducing their complexity, and building expertise in security testing.
Medical Centre Employee Centered Information Security Awareness
MedISA
December 2021 - November 2024
From patient records to diagnostic equipment, hospital care is based on the use of information technology. When computer systems fail, the consequences for patients can be dramatic. In particular, the rise of attacks and cybercrime poses a threat to seamless medical care. Security standards therefore exist to prevent threats from cyberspace. But in practice, improper handling of the IT infrastructure and users’ insufficient awareness of information security often pose a problem. This is where the research project MedISA (Medical Centre Employee Centered Information Security Awareness) of the Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) comes in. In MedISA, strategies are being developed to sensitize employees in medical care facilities to IT security and data protection. The project is funded by the German Federal Ministry of Health (BMG) with approximately 450,000 euros over three years.
D'accord
September 2021 - September 2024
More and more companies shift their business models to the Internet and use digital ecosystems as platforms. The COVID-19 pandemic further intensified this trend. However, data protection is perceived by many many companies as an obstacle to innovation, because there is a lack of knowledge and tools to implement the legal requirements correctly. The D’accord research project is therefore developing a so-called privacy cockpit. This software solution acts as a central contact point for data subjects who want to find out about the use of their personal data. Furthermore, data subjects can actively influence the use of their personal data and exercise their rights as data subjects.
Own Device E-Asssessment on 5G
ODEA.5G
March 2021 - February 2023
The new mobile communications standard 5G is representative of innovative digitization projects in many different areas of society. In particular, the increased data rates and low latency make this network technology relevant for use at universities for a large number of simultaneous users. In order to be able to offer and carry out innovative teaching formats such as formative e-assessments, a suitable technical infrastructure is required with which learning status feedback and examinations can be implemented effectively and efficiently, even for large learning groups. In view of the increasing number of students and the associated decentralization of learning spaces, the equipment with previously used technologies such as W-LAN and provided end devices (e.g. stationary PCs) is becoming increasingly costly or is in some cases no longer feasible. In the ODEA.5G project, the H-BRS University of Applied Sciences and the University of Cologne are setting up 5G campus networks at both universities to test and evaluate state-of-the-art e-assessment systems. The focus here is particularly on large groups of participants who, thanks to the new technologies, will be able to take electronic examinations that are equal in terms of opportunity, comprehensible, reliable and secure.
User Trust Experience
UTE
July 2020 - January 2021
In the research project “User Trust Experience” (UTE), the H-BRS University of Applied Sciences has been commissioned by TÜV TRUST IT in cooperation with Huawei UCD Center to examine influencing factors on users’ trust in technical components. The studies relate to smartphone products of project partner HUAWEI, and especially to the permission management system inside the operating system EMUI. The team around Professor Luigi Lo Iacono investigates various technical design aspects that create an increased trust or even a loss of trust in modern technologies among end-users. For this purpose, the researchers will conduct analytical and empirical studies. The goal is to develop concrete improvements for the permission management system of EMUI. It should communicate secure handling of user data in a user-friendly way, to allow greater trust in the technology. The desired research outcome is a collection of general design principles for developing secure and trustworthy technology. The research cooperation combines the expertise of the project partners in the fields of “User-Centered Design”, “Usable Security and Privacy” and “IT Security Certification”.
Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen
TrUSD
September 2018 - August 2021
In the course of digitalization, more and more data is being collected and evaluated in companies. This can optimize business processes, but also has the potential to affect employees’ personal rights. The research project TrUSD builds a bridge between the potential of data analysis and the right of employees to privacy by developing so-called Privacy Dashboards. These dashboards provide employees with all the necessary privacy-related information, display it in an understandable way, and offer appropriate settings.
Usability of Risk-based Implicit Authentication
URIA
April 2018 - August 2021
The research project URIA inspects the widely deployed password-based authentication. Nearly everyone knows the difficulty of choosing and, especially, remembering good passwords. Password-secured systems also inhere high security risks due to its fast “crackability”. Hence, password-based authentication has weaknesses in terms of usability as well as security. In contrast to that, Risk-based authentication has the potential of improving security without degrading usability.
KieBox
November 2017 - March 2020
In the KieBox project, a usable solution for secure e-mail communication was developed. In collaboration with the company IESY, we created an easy-to-use communication solution based on software and hardware.
Ultra-Large Scale Systems Security
ULS3
April 2017 - March 2020
The aim of Unboxing.IoT.Privacy is to develop tool-supported evaluation procedures and metrics that, on the one hand, enable all citizens to make an informed privacy assessment of IoT products before making a purchase decision and, on the other hand, enables the general public to carry out methodical, structured and comprehensible tests of IoT products and to provide the test results via a platform, based on the product life cycle from purchase selection to initialisation, operation, update management, decommissioning and disposal.
Usable Security by Design
USecureD
June 2015 - April 2017
The research project USecureD aims at supporting small and medium-sized enterprises (SMEs) in facilitating the selection and incoperation of usable security by developing, evaluating and collecting principles, guidelines, patterns and tools for merging usability and security engineering.
