Schaad, Andreas, Prof. Dr. phil.

Schaad,  Andreas, Prof. Dr. phil.
Raum: D324 Badstraße 24
77652 Offenburg
Software Security, Cloud Security, IT Security, Informatik 0781 205-4660



Software Security

Lehrveranstaltungen (aktuelles und vorhergehendes Semester)

  • Security in Ubiquitous Computing, M+I816
  • Security in Ubiquitous Computing Labor, M+I817
  • Skripting & Hacking, M+I372
  • Seminar IT-Sicherheit, M+I378
  • Informatik II & Übungen, M+I115
  • Programmieren in Java & Übungen, M+I330
  • Software Security, M+I809
  • Software Security Labor, M+I810
  • Datenschutz, Unternehmens- & IT-Sicherheit im internationalen Umfeld, M+I255


Akademischer Werdegang

1999-2003 PhD (EPSRC Scholarship) am Lehrstuhl High Integrity Systems, University of York, GB

1998-1999 MSc in Software Engineering, University of York, GB

1995-1998 Dipl. Betriebswirt (Wirtschaftsinformatik) Roche AG BA Mannheim, Deutschland



03/2018 - jetzt Hochschule Offenburg Offenburg, DE
Professor (W2) für Informatik (insb. IT-Sicherheit)

2017 - 2018 Wibu-Systems AG Karlsruhe, DE
Leiter Stabstelle Corporate Technology

2015 - 2017 HUAWEI European Security Competence Center Darmstadt, DE
Wissenschaftlicher Leiter

2011 - 2014 SAP Product & Innovation Research Karlsruhe, DE
Research Manager

2006-2010 SAP Research Security & Trust Karlsruhe, DE
Research Architekt

2004-2006 SAP Research Security & Trust Sophia Antipolis, FR
(Senior) Researcher

2003-2004 Ernst & Young London, UK
IT Security Auditor



1999-2003 Scholarship EPSRC



2018 - 2021 KMU Innovativ „CloudProtect"

2015 - 2018 EU H2020 „ESCUDO - Cloud"

2010 - 2013 BMBF / ANR Projekt „RescueIT"

2008 - 2010 BMBF Projekt „ORKA"

2006 - 2009 EU Integrated Project „R4eGov"


Kooperationen mit der Praxis

2019 WIBU-Systems AG Projekt MLSec "Machine Learning"

2019 WIBU-Systems AG Projekt CBSec "Blockchain Security"


Patente Schutzrechte

9,495,545 Automatically generate attributes and access policies for securely processing outsourced audit data using attribute-based encryption (100%)
9,342,707 Searchable encryption for infrequent queries in adjustable enc. databases (20%)
9,037,860 Average Complexity Ideal-Security Order Preserving Encryption (20%)
9,213,764 Encrypted In-Memory Column-Store (20%)
9,003,204 Optimal Re-Encryption Strategy for Joins in Encrypted Databases (20%)
8,788,313 Decentralised audit system in collaborative workflow environment (100%)
8,751,282 Controls in collaborative workflow environment (50%)
8,689,352 Distributed access control for document centric collaborations (50%)
8,620,713 Mechanism to control delegation and revocation of tasks in workflow system (100%)
8,130,947 Privacy preserving social network analysis (50%)
8,726,151 Comparing encrypted Documents Having Structured Data (50%)
7,831,978 Review mechanism for controlling delegation of tasks in a workflow system (100%)
7,689,562 Access control system, a rule engine adaptor, a rule-based enforcement platform and a method for performing access control (100%)


Reviewed Papers

Andreas Schaad, Björn Grohmann, Oliver Winzenried:
CloudProtect - A Cloud-based Software Protection Service. SACMAT 2019: 219-221

Andreas Schaad, Björn Grohmann, Oliver Winzenried, Ferdinand Brasser, Ahmad-Reza Sadeghi:
Towards a Cloud-based System for Software Protection and Licensing. ICETE (2) 2018: 698-702

Angela Jäschke, Björn Grohmann, Frederik Armknecht, Andreas Schaad: Industrial Feasibility of Private Information Retrieval. SECRYPT 2017, Madrid.

Feng Wang, Mathias Kohler, Andreas Schaad: Initial Encryption of large Searchable Data Sets using Hadoop. SACMAT 2015: 165-168

Patrick Grofig, Isabelle Hang, Martin Härterich, Florian Kerschbaum, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Privacy by Encrypted Databases. APF 2014: 56-69

Andreas Schaad, Anis Bkakria, Florian Kerschbaum, Frédéric Cuppens, Nora Cuppens-Boulahia, David Gross-Amblard: Optimized and controlled provisioning of encrypted outsourced data. SACMAT 2014: 141-152

Andreas Schaad, Florian Kerschbaum et al.: Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data. GI Sicherheit, 2014

Florian Kerschbaum, Patrick Grofig, Isabelle Hang, Martin Härterich, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Adjustably encrypted in-memory column-store. ACM Conference on Computer and Communications Security 2013: 1325-1328

Florian Kerschbaum, Martin Härterich, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Optimal Re-encryption Strategy for Joins in Encrypted Databases. DBSec 2013: 195-210

Florian Kerschbaum, Martin Härterich, Mathias Kohler, Isabelle Hang, Andreas Schaad et al: An Encrypted In-Memory Column-Store: The Onion Selection Problem. ICISS 2013: 14-26

Axel Schröpfer, Andreas Schaad, Florian Kerschbaum, Heiko Boehm, Joerg Jooss: Secure benchmarking in the cloud. SACMAT 2013: 197-200

Ganna Monakova, Cristina Severin, Achim D. Brucker, Ulrich Flegel, Andreas Schaad: Monitoring Security and Safety of Assets in Supply Chains. Future Security 2012: 9-20

Schaad, A., Borozdin, M. TAM2 - Architectural Threat Analysis ACM SAC SE, Riva del Garda 2012

Monakova G., Brucker, A., Schaad, A. Security and Safety of Assets in Business Processes ACM SAC OE, Riva del Garda, 2012

Andreas Schaad, Alexandr Garaga: Automating architectural security analysis. ACM SACMAT 2012

Michael Clasen, Kai Fischbach, Rafael Pietrowski, Andreas Schaad: Sichere Warenketten durch RescueIT. GIL Jahrestagung 2011: 53-56

Ganna Monakova, Andreas Schaad: Visualizing security in business processes. ACM SACMAT 2011

Mohammad Ashiqur Rahaman, Henrik Plate, Yves Roudier, Andreas Schaad: Towards Secure Content Based Dissemination of XML Documents. IAS 2009: 721-724

Mathias Kohler, Achim D. Brucker, Andreas Schaad: ProActive Caching: Generating Caching Heuristics for Business Process Environments. CSE (3) 2009: 297-304

Khaled Gaaloul, François Charoy, Andreas Schaad: Modelling task delegation for human-centric eGovernment workflows. D.GO 2009: 79-87

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: A Secure Comparison Technique for Tree Structured Data. ICIW 2009: 304-309

Florian Kerschbaum, Andreas Schaad, Debmalya Biswas: Practical privacy-preserving protocols for criminal investigations. ISI 2009: 197-199

Achim D. Brucker, Helmut Petritsch, Andreas Schaad: Delegation Assistance. POLICY 2009: 84-91

Mohammad Ashiqur Rahaman, Yves Roudier, Philip Miseldine, Andreas Schaad: Ontology-Based Secure XML Content Distribution. SEC 2009: 294-306

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Document-Based Dynamic Workflows: Towards Flexible and Stateful Services. SERVICES II 2009: 87-94

Mathias Kohler, Andreas Schaad: Avoiding Policy-based Deadlocks in Business Processes. ARES 2008: 709-716

Mathias Kohler, Andreas Schaad: ProActive Access Control for Business Process-Driven Environments. ACSAC 2008: 153-162

Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Distributed Access Control For XML Document Centric Collaborations. EDOC 2008: 267-276

Philip Miseldine, Ulrich Flegel, Andreas Schaad: Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios. RELAW 2008: 31-34

Christian Wolter, Andreas Schaad, Christoph Meinel: Task-based entailment constraints for basic workflow patterns. SACMAT 2008: 51-60

Khaled Gaaloul, Andreas Schaad, Ulrich Flegel, François Charoy: A Secure Task Delegation Model for Workflows. SECURWARE 2008: 10-15

Florian Kerschbaum, Andreas Schaad: Privacy-preserving social network analysis for criminal investigations. WPES 2008: 9-14

C. Wolter, A. Schaad: Modeling of Task-Based Authorization Constraints in BPMN. BPM 2007: 64-79

Mohammad Ashiqur Rahaman, Andreas Schaad: SOAP-based Secure Conversation and Collaboration. ICWS 2007: 471-480

Mathias Kohler, Christian Liesegang, Andreas Schaad: Classification Model for Access Control Constraints. IPCCC 2007: 410-417

Christian Wolter, Andreas Schaad, Christoph Meinel: Deriving XACML Policies from Business Process Models. WISE Workshops 2007: 142-153

Andreas Schaad: A Framework for Evidence Lifecycle Management. WISE Workshops 2007: 191-200

Khaled Gaaloul, François Charoy, Andreas Schaad, Hannah Lee: Collaboration for Human-Centric eGovernment Workflows. WISE Workshops 2007: 201-212

Philip Robinson, Florian Kerschbaum, Andreas Schaad:From Business Process Choreography to Authorization Policies. DBSec 2006: 297-309

Andreas Schaad: Security in enterprise resource planning systems and service-oriented architectures. SACMAT 2006: 69-70

Andreas Schaad, Volkmar Lotz, Karsten Sohr: A model-checking approach to analysing organisational controls in a loan origination process. SACMAT 2006: 139-149

Mohammad A. Rahaman, Andreas Schaad, Maarten Rits: Towards secure SOAP message exchange in a SOA. SWS 2006: 77-84

Andreas Schaad: Revocation of Obligation and Authorisation Policy Objects. DBSec 2005: 28-39

Maarten Rits, Benjamin De Boe, Andreas Schaad: XacT: a bridge between resource management and access control in multi-layered applications. SESS@ICSE 2005: 1-7

Andreas Schaad, Pascal Spadone, Helmut Weichsel: A case study of separation of duty properties in the context of the Austrian "eLaw" process. SAC 2005: 1328-1332

Andreas Schaad: An Extended Analysis of Delegating Obligations. DBSec 2004: 49-64

Andreas Schaad, Jonathan D. Moffett: Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles. SAC 2004: 1380-1384

Axel Kern, Andreas Schaad, Jonathan D. Moffett: An administration concept for the enterprise role-based access control model. SACMAT 2003: 3-11

Andreas Schaad, Jonathan D. Moffett: A Framework for Org. Control Principles. ACM ACSAC 2002

Andreas Schaad, Jonathan D. Moffett: Delegation of Obligations. POLICY 2002: 25-35

Andreas Schaad, Jonathan D. Moffett: A lightweight approach to specification and analysis of role-based acess control extensions. SACMAT 2002: 13-22

Axel Kern, Martin Kuhlmann, Andreas Schaad, Jonathan D. Moffett: Observations on the role life-cycle in the context of enterprise security management. SACMAT 2002: 43-51

Andreas Schaad: Detecting Conflicts in a Role-Based Delegation Model. ACSAC 2001: 117-126

Andreas Schaad, Jonathan Moffett: The role-based access control system of a European bank: a case study and discussion. SACMAT 2001: 3-9




Member of the ACM