Schaad, Andreas  M.Sc.

Schaad, Andreas

Prof. Dr. phil. M.Sc.

Software Security, Cloud Security, IT Security, Informatik

  • Raum: D304
  • Badstraße 24 Offenburg


  • Fakultät Medien und Informationswesen (M+I), Professor*in
  • Fakultät Medien und Informationswesen (M+I), Auslandsbeauftragte*r

Lehrveranstaltungen (aktuelles und vorhergehendes Semester)

  • Programmieren in Java & Übungen, M+I330
  • Security in Ubiquitous Computing Labor, M+I817
  • Software Security Labor, M+I810
  • Skripting & Hacking, M+I372
  • Informatik II & Übungen, M+I115
  • Sichere heterogene Umgebungen, M+I287
  • Seminar IT-Sicherheit, M+I378
  • Security in Ubiquitous Computing, M+I816
  • Software Engineering, M+I122
  • Labor Software Engineering, M+I123
  • Software Security, M+I809
  • Datenschutz, Unternehmens- & IT-Sicherheit im internationalen Umfeld, M+I255
  • Labor sichere heterogene Umgebungen, M+I236


Akademischer Werdegang

1999-2003 PhD (EPSRC Scholarship) am Lehrstuhl High Integrity Systems, University of York, GB

1998-1999 MSc in Software Engineering, University of York, GB

1995-1998 Dipl. Betriebswirt (Wirtschaftsinformatik) Roche AG BA Mannheim, Deutschland



03/2018 - jetzt Hochschule Offenburg Offenburg, DE
Professor (W2) für Informatik (insb. IT-Sicherheit)

2017 - 2018 Wibu-Systems AG Karlsruhe, DE
Leiter Stabstelle Corporate Technology

2015 - 2017 HUAWEI European Security Competence Center Darmstadt, DE
Wissenschaftlicher Leiter

2011 - 2014 SAP Product & Innovation Research Karlsruhe, DE
Research Manager

2006-2010 SAP Research Security & Trust Karlsruhe, DE
Research Architekt

2004-2006 SAP Research Security & Trust Sophia Antipolis, FR
(Senior) Researcher

2003-2004 Ernst & Young London, UK
IT Security Auditor



1999-2003 Scholarship EPSRC



2021 - 2024 KMU Innovativ „OVVL"

2018 - 2021 KMU Innovativ „CloudProtect"

2015 - 2018 EU H2020 „ESCUDO - Cloud"

2010 - 2013 BMBF / ANR Projekt „RescueIT"

2008 - 2010 BMBF Projekt „ORKA"

2006 - 2009 EU Integrated Project „R4eGov"


Kooperationen mit der Praxis

2021 WIBU-Systems AG Projekt MLSec III "Machine Learning"

2020 WIBU-Systems AG Projekt MLSec II "Machine Learning"

2019 WIBU-Systems AG Projekt MLSec I "Machine Learning"

2019 WIBU-Systems AG Projekt CBSec "Blockchain Security"


Patente Schutzrechte

9,495,545 Automatically generate attributes and access policies for securely processing outsourced audit data using attribute-based encryption (100%)
9,342,707 Searchable encryption for infrequent queries in adjustable enc. databases (20%)
9,037,860 Average Complexity Ideal-Security Order Preserving Encryption (20%)
9,213,764 Encrypted In-Memory Column-Store (20%)
9,003,204 Optimal Re-Encryption Strategy for Joins in Encrypted Databases (20%)
8,788,313 Decentralised audit system in collaborative workflow environment (100%)
8,751,282 Controls in collaborative workflow environment (50%)
8,689,352 Distributed access control for document centric collaborations (50%)
8,620,713 Mechanism to control delegation and revocation of tasks in workflow system (100%)
8,130,947 Privacy preserving social network analysis (50%)
8,726,151 Comparing encrypted Documents Having Structured Data (50%)
7,831,978 Review mechanism for controlling delegation of tasks in a workflow system (100%)
7,689,562 Access control system, a rule engine adaptor, a rule-based enforcement platform and a method for performing access control (100%)


Reviewed Papers

Andreas Schaad, Dominik Binder: ML-Supported Identification and Prioritization of Threats in the OVVL Threat Modelling Tool. DBSec 2020: 274-285

Andreas Schaad: Project OVVL - Threat Modeling Support for the entire secure development lifecycle. Sicherheit 2020: 121-124

Andreas Schaad, Tobias Reski:"Open Weakness and Vulnerability Modeler" (OVVL): An Updated Approach to Threat Modeling. ICETE (2) 2019: 417-424

Andreas Schaad, Tobias Reski, Oliver Winzenried: Integration of a Secure Physical Element as a Trusted Oracle in a Hyperledger Blockchain. ICETE (2) 2019: 498-503

Andreas Schaad, Björn Grohmann, Oliver Winzenried:
CloudProtect - A Cloud-based Software Protection Service. SACMAT 2019: 219-221

Andreas Schaad, Björn Grohmann, Oliver Winzenried, Ferdinand Brasser, Ahmad-Reza Sadeghi:
Towards a Cloud-based System for Software Protection and Licensing. ICETE (2) 2018: 698-702

Angela Jäschke, Björn Grohmann, Frederik Armknecht, Andreas Schaad: Industrial Feasibility of Private Information Retrieval. SECRYPT 2017, Madrid.

Feng Wang, Mathias Kohler, Andreas Schaad: Initial Encryption of large Searchable Data Sets using Hadoop. SACMAT 2015: 165-168

Patrick Grofig, Isabelle Hang, Martin Härterich, Florian Kerschbaum, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Privacy by Encrypted Databases. APF 2014: 56-69

Andreas Schaad, Anis Bkakria, Florian Kerschbaum, Frédéric Cuppens, Nora Cuppens-Boulahia, David Gross-Amblard: Optimized and controlled provisioning of encrypted outsourced data. SACMAT 2014: 141-152

Andreas Schaad, Florian Kerschbaum et al.: Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data. GI Sicherheit, 2014

Florian Kerschbaum, Patrick Grofig, Isabelle Hang, Martin Härterich, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Adjustably encrypted in-memory column-store. ACM Conference on Computer and Communications Security 2013: 1325-1328

Florian Kerschbaum, Martin Härterich, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Optimal Re-encryption Strategy for Joins in Encrypted Databases. DBSec 2013: 195-210

Florian Kerschbaum, Martin Härterich, Mathias Kohler, Isabelle Hang, Andreas Schaad et al: An Encrypted In-Memory Column-Store: The Onion Selection Problem. ICISS 2013: 14-26

Axel Schröpfer, Andreas Schaad, Florian Kerschbaum, Heiko Boehm, Joerg Jooss: Secure benchmarking in the cloud. SACMAT 2013: 197-200

Ganna Monakova, Cristina Severin, Achim D. Brucker, Ulrich Flegel, Andreas Schaad: Monitoring Security and Safety of Assets in Supply Chains. Future Security 2012: 9-20

Schaad, A., Borozdin, M. TAM2 - Architectural Threat Analysis ACM SAC SE, Riva del Garda 2012

Monakova G., Brucker, A., Schaad, A. Security and Safety of Assets in Business Processes ACM SAC OE, Riva del Garda, 2012

Andreas Schaad, Alexandr Garaga: Automating architectural security analysis. ACM SACMAT 2012

Michael Clasen, Kai Fischbach, Rafael Pietrowski, Andreas Schaad: Sichere Warenketten durch RescueIT. GIL Jahrestagung 2011: 53-56

Ganna Monakova, Andreas Schaad: Visualizing security in business processes. ACM SACMAT 2011

Mohammad Ashiqur Rahaman, Henrik Plate, Yves Roudier, Andreas Schaad: Towards Secure Content Based Dissemination of XML Documents. IAS 2009: 721-724

Mathias Kohler, Achim D. Brucker, Andreas Schaad: ProActive Caching: Generating Caching Heuristics for Business Process Environments. CSE (3) 2009: 297-304

Khaled Gaaloul, François Charoy, Andreas Schaad: Modelling task delegation for human-centric eGovernment workflows. D.GO 2009: 79-87

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: A Secure Comparison Technique for Tree Structured Data. ICIW 2009: 304-309

Florian Kerschbaum, Andreas Schaad, Debmalya Biswas: Practical privacy-preserving protocols for criminal investigations. ISI 2009: 197-199

Achim D. Brucker, Helmut Petritsch, Andreas Schaad: Delegation Assistance. POLICY 2009: 84-91

Mohammad Ashiqur Rahaman, Yves Roudier, Philip Miseldine, Andreas Schaad: Ontology-Based Secure XML Content Distribution. SEC 2009: 294-306

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Document-Based Dynamic Workflows: Towards Flexible and Stateful Services. SERVICES II 2009: 87-94

Mathias Kohler, Andreas Schaad: Avoiding Policy-based Deadlocks in Business Processes. ARES 2008: 709-716

Mathias Kohler, Andreas Schaad: ProActive Access Control for Business Process-Driven Environments. ACSAC 2008: 153-162

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Distributed Access Control For XML Document Centric Collaborations. EDOC 2008: 267-276

Philip Miseldine, Ulrich Flegel, Andreas Schaad: Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios. RELAW 2008: 31-34

Christian Wolter, Andreas Schaad, Christoph Meinel: Task-based entailment constraints for basic workflow patterns. SACMAT 2008: 51-60

Khaled Gaaloul, Andreas Schaad, Ulrich Flegel, François Charoy: A Secure Task Delegation Model for Workflows. SECURWARE 2008: 10-15

Florian Kerschbaum, Andreas Schaad: Privacy-preserving social network analysis for criminal investigations. WPES 2008: 9-14

C. Wolter, A. Schaad: Modeling of Task-Based Authorization Constraints in BPMN. BPM 2007: 64-79

Mohammad Ashiqur Rahaman, Andreas Schaad: SOAP-based Secure Conversation and Collaboration. ICWS 2007: 471-480

Mathias Kohler, Christian Liesegang, Andreas Schaad: Classification Model for Access Control Constraints. IPCCC 2007: 410-417

Christian Wolter, Andreas Schaad, Christoph Meinel: Deriving XACML Policies from Business Process Models. WISE Workshops 2007: 142-153

Andreas Schaad: A Framework for Evidence Lifecycle Management. WISE Workshops 2007: 191-200

Khaled Gaaloul, François Charoy, Andreas Schaad, Hannah Lee: Collaboration for Human-Centric eGovernment Workflows. WISE Workshops 2007: 201-212

Philip Robinson, Florian Kerschbaum, Andreas Schaad:From Business Process Choreography to Authorization Policies. DBSec 2006: 297-309

Andreas Schaad: Security in enterprise resource planning systems and service-oriented architectures. SACMAT 2006: 69-70

Andreas Schaad, Volkmar Lotz, Karsten Sohr: A model-checking approach to analysing organisational controls in a loan origination process. SACMAT 2006: 139-149

Mohammad A. Rahaman, Andreas Schaad, Maarten Rits: Towards secure SOAP message exchange in a SOA. SWS 2006: 77-84

Andreas Schaad: Revocation of Obligation and Authorisation Policy Objects. DBSec 2005: 28-39

Maarten Rits, Benjamin De Boe, Andreas Schaad: XacT: a bridge between resource management and access control in multi-layered applications. SESS@ICSE 2005: 1-7

Andreas Schaad, Pascal Spadone, Helmut Weichsel: A case study of separation of duty properties in the context of the Austrian "eLaw" process. SAC 2005: 1328-1332

Andreas Schaad: An Extended Analysis of Delegating Obligations. DBSec 2004: 49-64

Andreas Schaad, Jonathan D. Moffett: Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles. SAC 2004: 1380-1384

Axel Kern, Andreas Schaad, Jonathan D. Moffett: An administration concept for the enterprise role-based access control model. SACMAT 2003: 3-11

Andreas Schaad, Jonathan D. Moffett: A Framework for Org. Control Principles. ACM ACSAC 2002

Andreas Schaad, Jonathan D. Moffett: Delegation of Obligations. POLICY 2002: 25-35

Andreas Schaad, Jonathan D. Moffett: A lightweight approach to specification and analysis of role-based acess control extensions. SACMAT 2002: 13-22

Axel Kern, Martin Kuhlmann, Andreas Schaad, Jonathan D. Moffett: Observations on the role life-cycle in the context of enterprise security management. SACMAT 2002: 43-51

Andreas Schaad: Detecting Conflicts in a Role-Based Delegation Model. ACSAC 2001: 117-126

Andreas Schaad, Jonathan Moffett: The role-based access control system of a European bank: a case study and discussion. SACMAT 2001: 3-9


Vortraege Interviews

2018, HS Offenburg Cloud Security Workshop "Software Security for Industry 4.0"

2016, Huawei Shenzhen R&D Headquarter Expert Lecture Series „Cloud Encryption"

2015, University of Bristol Workshop on „Industrial R&D in Multiparty Computation" (Prof. Smart)

2014, Swedish Institute of Computer Science „Encrypted Data Processing" (Prof. Gehrman)

2014, University of Royal Holloway „Implementing a searchable encrypted DB" (Prof. Crampton)

2014, Global SAP Security Day „Searchable Encryption in SAP HANA"

2014, Kuppinger& Cole GRC Analystenkonferenz „Searchable Encryption in SAP HANA"




2020 Gutachter für das BMBF: "Zivile Sicherheit"

2018 Gutachter für das BMBF: "Kritische Strukturen und Prozesse in Produktion und Logistik"

2014 - 2016 Gutachter für EU Kommission: H2020 SMEINST

2013-2015 Gutachter für EU Kommission: Projekt SYSSEC (NoE)

2014 Gutachter für das BMBF: "Zivile Sicherheit - Schutz vor organisierter Kriminalität" 2014

2013 Gutachter für das BMBF: "Zivile Sicherheit - Schutz vor Wirtschaftskriminalität" 2013



2020 Journal of Computer Security

2019 33rd Conference on Data and Applications Security and Privacy (DBSEC) PC Member

2018 ACM Asia Conference on Computer & Communications Security ASIA CCS PC Member

2018 International Conference on Security and Cryptography (SECRYPT 2018) PC Member

2018 ACM Asia Conference on Computer & Communications Security ASIA CCS PC Member

2018 Jahrestagung Gesellschaft für Informatik (GI) Sicherheit PC Member

2014 - 2017 European Symposium on Research in Computer Security (ESORICS) PC Member

2005 - 2015 ACM SACMAT (Symposium of Access Control Models and Technologies) PC Member

2005 - 2015 IFIP WG 11.3 Working Conference on Data and Applications Security PC Member

2005 - 2015 Secure Data Management (SDM), Workshop of the VLDB PC Member

2005 - 2011 IEEE Symposium on Policies for Distributed Systems and Networks PC Member

2016 International Conference on Security and Cryptography (SECRYPT 2016) PC Member

2016 2nd International Workshop on Cloud Security and Data Privacy PC Member

2016 15h International Conference on Cryptology and Network Security (CANS) PC Member

2016 11th International Workshop on Data Privacy Management (DPM) PC Member

2016 15th Workshop on Privacy in the Electronic Society (WPES) PC Member

2015 29th Conference on Data and Applications Security and Privacy (DBSEC) PC Member

2015 Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) PC Member

2015 International Conference on Security and Cryptography (SECRYPT 2015) PC Member