Schaad, Andreas
- 0781 205-4660
- andreas.schaad@hs-offenburg.de
- Raum: D304
- Badstraße 24, 77652 Offenburg
Funktion
-
Ersthelfer, Erste Hilfe D-Gebäude
Lehrveranstaltungen (aktuelles und vorhergehendes Semester)
-
Labor Software Engineering, M+I123
-
Zugriffskontrolle und Betriebssysteme, M+I382
-
Software Engineering (UN), M+I122
-
Objektorientiertes Programmieren, M015
-
Datenschutz, Unternehmens- & IT-Sicherheit im internationalen Umfeld, M+I255
-
E-Business-Applikationen, M+I240
-
Labor Security in Ubiquitous Computing, M+I817
-
Informatik II & Übungen, M+I115
-
Software Security, M+I809
-
Red Teaming & IT-Infrastruktur, M1200
-
Labor sichere heterogene Umgebungen, M+I236
-
Praktikum E-Business- Applikationen, M+I241
-
Security in Ubiquitous Computing, M+I816
-
Skripting & Hacking, M+I372
-
Seminar IT-Sicherheit, M+I378
-
Programmieren in Java & Übungen, M+I330
-
Security in Ubiquitous Computing Labor, M1126
-
Software Security Labor, M+I810
-
Reverse Engineering, M+I257
-
Software Engineering, M+I1222
-
Labor Red Teaming & IT-Infrastruktur, M1201
-
Sichere heterogene Umgebungen, M+I287
Lebenslauf
Akademischer Werdegang
1999-2003 PhD (EPSRC Scholarship) am Lehrstuhl High Integrity Systems, University of York, GB
1998-1999 MSc in Software Engineering, University of York, GB
1995-1998 Dipl. Betriebswirt (Wirtschaftsinformatik) Roche AG BA Mannheim, Deutschland
Berufstaetigkeit
03/2018 - jetzt Hochschule Offenburg Offenburg, DE
Professor (W2) für Informatik (insb. IT-Sicherheit)
2017 - 2018 Wibu-Systems AG Karlsruhe, DE
Leiter Stabstelle Corporate Technology
2015 - 2017 HUAWEI European Security Competence Center Darmstadt, DE
Wissenschaftlicher Leiter
2011 - 2014 SAP Product & Innovation Research Karlsruhe, DE
Research Manager
2006-2010 SAP Research Security & Trust Karlsruhe, DE
Research Architekt
2004-2006 SAP Research Security & Trust Sophia Antipolis, FR
(Senior) Researcher
2003-2004 Ernst & Young London, UK
IT Security Auditor
Auszeichnungen
1999-2003 Scholarship EPSRC
Forschungsschwerpunkte
Forschungsprojekte
2021 - 2024 KMU Innovativ „OVVL"
2018 - 2021 KMU Innovativ „CloudProtect"
2015 - 2018 EU H2020 „ESCUDO - Cloud"
2010 - 2013 BMBF / ANR Projekt „RescueIT"
2008 - 2010 BMBF Projekt „ORKA"
2006 - 2009 EU Integrated Project „R4eGov"
Kooperationen mit der Praxis
2022 WIBU-Systems AG Projekt MLSec IV "Machine Learning"
2021 WIBU-Systems AG Projekt MLSec III "Machine Learning"
2020 WIBU-Systems AG Projekt MLSec II "Machine Learning"
2019 WIBU-Systems AG Projekt MLSec I "Machine Learning"
2019 WIBU-Systems AG Projekt CBSec "Blockchain Security"
Patente Schutzrechte
9,495,545 Automatically generate attributes and access policies for securely processing outsourced audit data using attribute-based encryption (100%)
9,342,707 Searchable encryption for infrequent queries in adjustable enc. databases (20%)
9,037,860 Average Complexity Ideal-Security Order Preserving Encryption (20%)
9,213,764 Encrypted In-Memory Column-Store (20%)
9,003,204 Optimal Re-Encryption Strategy for Joins in Encrypted Databases (20%)
8,788,313 Decentralised audit system in collaborative workflow environment (100%)
8,751,282 Controls in collaborative workflow environment (50%)
8,689,352 Distributed access control for document centric collaborations (50%)
8,620,713 Mechanism to control delegation and revocation of tasks in workflow system (100%)
8,130,947 Privacy preserving social network analysis (50%)
8,726,151 Comparing encrypted Documents Having Structured Data (50%)
7,831,978 Review mechanism for controlling delegation of tasks in a workflow system (100%)
7,689,562 Access control system, a rule engine adaptor, a rule-based enforcement platform and a method for performing access control (100%)
Publikationen
Reviewed Papers
Vanessa Barnekow, Dominik Binder, Niclas Kromrey, Pascal Munaretto, Andreas Schaad, Felix Schmieder:
Creation and Detection of German Voice Deepfakes. FPS 2021: 355-364
Andreas Schaad, Dominik Binder: FEX - A Feature Extractor for Real-Time IDS. ISC 2021: 221-2371)
Vanessa Barnekow, Dominik Binder, Niclas Kromrey, Pascal Munaretto, Andreas Schaad, Felix Schmieder:
Creation and Detection of German Voice Deepfakes. CoRR abs/2108.01469 (2021)
Andreas Schaad, Dominik Binder: ML-Supported Identification and Prioritization of Threats in the OVVL Threat Modelling Tool. DBSec 2020: 274-285
Andreas Schaad: Project OVVL - Threat Modeling Support for the entire secure development lifecycle. Sicherheit 2020: 121-124
Andreas Schaad, Tobias Reski:"Open Weakness and Vulnerability Modeler" (OVVL): An Updated Approach to Threat Modeling. ICETE (2) 2019: 417-424
Andreas Schaad, Tobias Reski, Oliver Winzenried: Integration of a Secure Physical Element as a Trusted Oracle in a Hyperledger Blockchain. ICETE (2) 2019: 498-503
Andreas Schaad, Björn Grohmann, Oliver Winzenried:
CloudProtect - A Cloud-based Software Protection Service. SACMAT 2019: 219-221
Andreas Schaad, Björn Grohmann, Oliver Winzenried, Ferdinand Brasser, Ahmad-Reza Sadeghi:
Towards a Cloud-based System for Software Protection and Licensing. ICETE (2) 2018: 698-702
Angela Jäschke, Björn Grohmann, Frederik Armknecht, Andreas Schaad: Industrial Feasibility of Private Information Retrieval. SECRYPT 2017, Madrid.
Feng Wang, Mathias Kohler, Andreas Schaad: Initial Encryption of large Searchable Data Sets using Hadoop. SACMAT 2015: 165-168
Patrick Grofig, Isabelle Hang, Martin Härterich, Florian Kerschbaum, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Privacy by Encrypted Databases. APF 2014: 56-69
Andreas Schaad, Anis Bkakria, Florian Kerschbaum, Frédéric Cuppens, Nora Cuppens-Boulahia, David Gross-Amblard: Optimized and controlled provisioning of encrypted outsourced data. SACMAT 2014: 141-152
Andreas Schaad, Florian Kerschbaum et al.: Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data. GI Sicherheit, 2014
Florian Kerschbaum, Patrick Grofig, Isabelle Hang, Martin Härterich, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Adjustably encrypted in-memory column-store. ACM Conference on Computer and Communications Security 2013: 1325-1328
Florian Kerschbaum, Martin Härterich, Patrick Grofig, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert: Optimal Re-encryption Strategy for Joins in Encrypted Databases. DBSec 2013: 195-210
Florian Kerschbaum, Martin Härterich, Mathias Kohler, Isabelle Hang, Andreas Schaad et al: An Encrypted In-Memory Column-Store: The Onion Selection Problem. ICISS 2013: 14-26
Axel Schröpfer, Andreas Schaad, Florian Kerschbaum, Heiko Boehm, Joerg Jooss: Secure benchmarking in the cloud. SACMAT 2013: 197-200
Ganna Monakova, Cristina Severin, Achim D. Brucker, Ulrich Flegel, Andreas Schaad: Monitoring Security and Safety of Assets in Supply Chains. Future Security 2012: 9-20
Schaad, A., Borozdin, M. TAM2 - Architectural Threat Analysis ACM SAC SE, Riva del Garda 2012
Monakova G., Brucker, A., Schaad, A. Security and Safety of Assets in Business Processes ACM SAC OE, Riva del Garda, 2012
Andreas Schaad, Alexandr Garaga: Automating architectural security analysis. ACM SACMAT 2012
Michael Clasen, Kai Fischbach, Rafael Pietrowski, Andreas Schaad: Sichere Warenketten durch RescueIT. GIL Jahrestagung 2011: 53-56
Ganna Monakova, Andreas Schaad: Visualizing security in business processes. ACM SACMAT 2011
Mohammad Ashiqur Rahaman, Henrik Plate, Yves Roudier, Andreas Schaad: Towards Secure Content Based Dissemination of XML Documents. IAS 2009: 721-724
Mathias Kohler, Achim D. Brucker, Andreas Schaad: ProActive Caching: Generating Caching Heuristics for Business Process Environments. CSE (3) 2009: 297-304
Khaled Gaaloul, François Charoy, Andreas Schaad: Modelling task delegation for human-centric eGovernment workflows. D.GO 2009: 79-87
Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: A Secure Comparison Technique for Tree Structured Data. ICIW 2009: 304-309
Florian Kerschbaum, Andreas Schaad, Debmalya Biswas: Practical privacy-preserving protocols for criminal investigations. ISI 2009: 197-199
Achim D. Brucker, Helmut Petritsch, Andreas Schaad: Delegation Assistance. POLICY 2009: 84-91
Mohammad Ashiqur Rahaman, Yves Roudier, Philip Miseldine, Andreas Schaad: Ontology-Based Secure XML Content Distribution. SEC 2009: 294-306
Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Document-Based Dynamic Workflows: Towards Flexible and Stateful Services. SERVICES II 2009: 87-94
Mathias Kohler, Andreas Schaad: Avoiding Policy-based Deadlocks in Business Processes. ARES 2008: 709-716
Mathias Kohler, Andreas Schaad: ProActive Access Control for Business Process-Driven Environments. ACSAC 2008: 153-162
Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad: Distributed Access Control For XML Document Centric Collaborations. EDOC 2008: 267-276
Philip Miseldine, Ulrich Flegel, Andreas Schaad: Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios. RELAW 2008: 31-34
Christian Wolter, Andreas Schaad, Christoph Meinel: Task-based entailment constraints for basic workflow patterns. SACMAT 2008: 51-60
Khaled Gaaloul, Andreas Schaad, Ulrich Flegel, François Charoy: A Secure Task Delegation Model for Workflows. SECURWARE 2008: 10-15
Florian Kerschbaum, Andreas Schaad: Privacy-preserving social network analysis for criminal investigations. WPES 2008: 9-14
C. Wolter, A. Schaad: Modeling of Task-Based Authorization Constraints in BPMN. BPM 2007: 64-79
Mohammad Ashiqur Rahaman, Andreas Schaad: SOAP-based Secure Conversation and Collaboration. ICWS 2007: 471-480
Mathias Kohler, Christian Liesegang, Andreas Schaad: Classification Model for Access Control Constraints. IPCCC 2007: 410-417
Christian Wolter, Andreas Schaad, Christoph Meinel: Deriving XACML Policies from Business Process Models. WISE Workshops 2007: 142-153
Andreas Schaad: A Framework for Evidence Lifecycle Management. WISE Workshops 2007: 191-200
Khaled Gaaloul, François Charoy, Andreas Schaad, Hannah Lee: Collaboration for Human-Centric eGovernment Workflows. WISE Workshops 2007: 201-212
Philip Robinson, Florian Kerschbaum, Andreas Schaad:From Business Process Choreography to Authorization Policies. DBSec 2006: 297-309
Andreas Schaad: Security in enterprise resource planning systems and service-oriented architectures. SACMAT 2006: 69-70
Andreas Schaad, Volkmar Lotz, Karsten Sohr: A model-checking approach to analysing organisational controls in a loan origination process. SACMAT 2006: 139-149
Mohammad A. Rahaman, Andreas Schaad, Maarten Rits: Towards secure SOAP message exchange in a SOA. SWS 2006: 77-84
Andreas Schaad: Revocation of Obligation and Authorisation Policy Objects. DBSec 2005: 28-39
Maarten Rits, Benjamin De Boe, Andreas Schaad: XacT: a bridge between resource management and access control in multi-layered applications. SESS@ICSE 2005: 1-7
Andreas Schaad, Pascal Spadone, Helmut Weichsel: A case study of separation of duty properties in the context of the Austrian "eLaw" process. SAC 2005: 1328-1332
Andreas Schaad: An Extended Analysis of Delegating Obligations. DBSec 2004: 49-64
Andreas Schaad, Jonathan D. Moffett: Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles. SAC 2004: 1380-1384
Axel Kern, Andreas Schaad, Jonathan D. Moffett: An administration concept for the enterprise role-based access control model. SACMAT 2003: 3-11
Andreas Schaad, Jonathan D. Moffett: A Framework for Org. Control Principles. ACM ACSAC 2002
Andreas Schaad, Jonathan D. Moffett: Delegation of Obligations. POLICY 2002: 25-35
Andreas Schaad, Jonathan D. Moffett: A lightweight approach to specification and analysis of role-based acess control extensions. SACMAT 2002: 13-22
Axel Kern, Martin Kuhlmann, Andreas Schaad, Jonathan D. Moffett: Observations on the role life-cycle in the context of enterprise security management. SACMAT 2002: 43-51
Andreas Schaad: Detecting Conflicts in a Role-Based Delegation Model. ACSAC 2001: 117-126
Andreas Schaad, Jonathan Moffett: The role-based access control system of a European bank: a case study and discussion. SACMAT 2001: 3-9
Vanessa Barnekow, Dominik Binder, Niclas Kromrey, Pascal Munaretto, Andreas Schaad, Felix Schmieder:
Creation and Detection of German Voice Deepfakes. CoRR abs/2108.01469 (2021)
Vortraege Interviews
2018, HS Offenburg Cloud Security Workshop "Software Security for Industry 4.0"
2016, Huawei Shenzhen R&D Headquarter Expert Lecture Series „Cloud Encryption"
2015, University of Bristol Workshop on „Industrial R&D in Multiparty Computation" (Prof. Smart)
2014, Swedish Institute of Computer Science „Encrypted Data Processing" (Prof. Gehrman)
2014, University of Royal Holloway „Implementing a searchable encrypted DB" (Prof. Crampton)
2014, Global SAP Security Day „Searchable Encryption in SAP HANA"
2014, Kuppinger& Cole GRC Analystenkonferenz „Searchable Encryption in SAP HANA"
Sonstiges
Fachorganisationen
2020 Gutachter für das BMBF: "Zivile Sicherheit"
2018 Gutachter für das BMBF: "Kritische Strukturen und Prozesse in Produktion und Logistik"
2014 - 2016 Gutachter für EU Kommission: H2020 SMEINST
2013-2015 Gutachter für EU Kommission: Projekt SYSSEC (NoE)
2014 Gutachter für das BMBF: "Zivile Sicherheit - Schutz vor organisierter Kriminalität" 2014
2013 Gutachter für das BMBF: "Zivile Sicherheit - Schutz vor Wirtschaftskriminalität" 2013
Gutachter
2022 BMBF Gutachter "Zivile Sicherheit"
2022 35th Conference on Data and Applications Security and Privacy (DBSEC) PC Member
2021 EU Gutachter Projekt "SANCUS"
2020 Journal of Computer Security
2019 33rd Conference on Data and Applications Security and Privacy (DBSEC) PC Member
2018 ACM Asia Conference on Computer & Communications Security ASIA CCS PC Member
2018 International Conference on Security and Cryptography (SECRYPT 2018) PC Member
2018 ACM Asia Conference on Computer & Communications Security ASIA CCS PC Member
2018 Jahrestagung Gesellschaft für Informatik (GI) Sicherheit PC Member
2014 - 2017 European Symposium on Research in Computer Security (ESORICS) PC Member
2005 - 2015 ACM SACMAT (Symposium of Access Control Models and Technologies) PC Member
2005 - 2015 IFIP WG 11.3 Working Conference on Data and Applications Security PC Member
2005 - 2015 Secure Data Management (SDM), Workshop of the VLDB PC Member
2005 - 2011 IEEE Symposium on Policies for Distributed Systems and Networks PC Member
2016 International Conference on Security and Cryptography (SECRYPT 2016) PC Member
2016 2nd International Workshop on Cloud Security and Data Privacy PC Member
2016 15h International Conference on Cryptology and Network Security (CANS) PC Member
2016 11th International Workshop on Data Privacy Management (DPM) PC Member
2016 15th Workshop on Privacy in the Electronic Society (WPES) PC Member
2015 29th Conference on Data and Applications Security and Privacy (DBSEC) PC Member
2015 Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) PC Member
2015 International Conference on Security and Cryptography (SECRYPT 2015) PC Member