Project partners

The Universität Hamburg is involved in the project with the two work areas Computer Networks (NET, Prof. Dr. Mathias Fischer) and Security in Distributed Systems (SVS, Prof. Dr. Hannes Federrath). Prof. Dr. Mathias Fischer and Prof. Dr. Hannes Federrath both take the consortium leadership of the project. NET works on the interface between networks and classical IT security. Research topics are resilient distributed systems, critical infrastructure protection and the development of methods for attack detection and handling. The research activities of SVS are in the areas of information security and technical data protection. Beyond technical methods of IT security, cross-cutting aspects of IT security such as multilateral security and economic aspects of information security are also covered.

In the project, UHH will primarily conduct research on methods for detecting targeted cyber attacks, the privacy-friendly exchange of threat intelligence, and methods for dynamic risk assessment.

Airbus is today a world leader in aerospace and related services. It was founded in 1970 as a cooperation between the French Aerospatiale and the German Arbeitsgemeinschaft Airbus, an association of several German aviation companies, with the aim of developing a European commercial aircraft. The cooperation was supplemented in the course of the 1970s by partners from Great Britain and Spain. Today’s Airbus Operations GmbH is part of the civil aircraft division, which is the largest part of Airbus.

In the project, Airbus Operations GmbH will conduct research on approaches to dynamic risk assessment and the use of modeling and simulation to study safety aspects of embedded communication and control systems. These systems are not limited to aviation, but can also be applied to the areas of production and process automation, as well as to critical infrastructures in general.

The Fraunhofer institute for Angewandte und Integrierte Sicherheit (AISEC), headquartered in Garching near Munich and with branch offices in Weiden in der Oberpfalz and Berlin, supports companies from all industries and service sectors in securing their systems, infrastructures, products and offerings. The work within this project is performed by the Secure Operating Systems research department. One research focus of the department concerns all facets of operating system security. For Linux-based systems in particular, the research area’s scientists analyze and develop secure software architectures and techniques to protect system integrity, resilience and the isolation of critical components and data. Another research focus of the area is the security of hardware-related software development.

Fraunhofer AISEC will focus primarily on secure hardware, secure operating systems and confidential computing.

The Deutsche Cyber-Sicherheitsorganisation GmbH (DCSO GmbH) is a cyber security competence center, which was founded in 2015 in the merger of Allianz SE, BASF SE, Bayer AG and Volkswagen AG as a manufacturer-independent, trustworthy partner. DCSO is an industry-founded company and sees itself as a partner to its members and customers. The DCSO is an agile part of a network between market, economy, society and politics. DCSO’s self-image is based on the core of its vision to create more cybersecurity for Germany - independent of the market and free of third-party interests.

In the project, DCSO will work on methods for APT detection and handling.

The Helmut Schmidt University Hamburg/ University of the Federal Armed Forces Hamburg (HSU) is one of two universities of the German Federal Armed Forces. With its 2500 students, the HSU academically educates part of the next generation of officers of the Bundeswehr. The HSU offers courses in electrical engineering, humanities and social sciences, mechanical and civil engineering as well as economics and social sciences.

In the project, HSU will focus primarily on secure hardware based on FPGAs and application-specific processors.

Langlauf Security Automation GmbH (LL) is a technology supplier, tool manufacturer and implementation partner for the security testing of supplied software. Due to the high degree of innovation, Langlauf qualified for the “EXIST” funding program of the BMWi as well as for inclusion in the renowned and highly endowed BMBF initiative “StartUpSecure”. Langlauf’s special competence is the combination of (academic) technical expertise and practical industry experience, which has been proven in numerous projects, among others with two well-known DAX corporations.

In the project, Langlauf will mainly work on methods for automated detection of security vulnerabilities in software, software supply chain attacks, and approaches to software-based attribution.

Tenzir GmbH is a Hamburg-based startup that develops technology and products at the interface of security analytics and data engineering. The eponymous flagship product Tenzir complements SIEM systems and can be deployed as a lightweight log management solution. Tenzir is open source software at its core (BSD license) and Tenzir offers commercial extensions and SaaS fleet management for enterprise customers and managed security service providers.

In the project, Tenzir will work on distributed monitoring and APT detection. Tenzir will be the backbone of the data infrastructure, ensuring that all participants and functions are equipped with the right data.

The Institute for IT Security (ITS) at the University of Lübeck, headed by Prof. Dr. Thomas Eisenbarth, is a research institute dedicated to investigating the security of modern IT systems. Due to its specialization in security research, ITS has extensive experience in various application areas ranging from embedded systems and IoT devices to web applications and cloud computing, where issues of applied cryptography, secure execution environments, side-channel analysis, and software analysis and hardening are at the forefront.

As part of the project, ITS will work in particular on methods for detecting vulnerabilities and on their automated patching. New approaches and technologies will also be tested in order to identify and fix vulnerabilities quickly and efficiently.