Michael P. Heinl

• Professor at Munich University of Applied Sciences

X.509 certificates play a crucial role in establishing secure com-munication over the internet by enabling authentication and dataintegrity. Equipped with a rich feature set, the X.509 standard isdefined by multiple, comprehensive ISO/IEC documents. Due to itsinternet-wide usage, there are different implementations in mul-tiple programming language...

More than once, computer history has shown that critical software vulnerabilities can have a large and media-effective impact on affected components. In the Free and open-source software (FOSS) ecosystem, most software is distributed via package repositories. Nowadays, keeping track of critical dependencies in a software system becomes crucial for...

X.509 certificates play a crucial role in establishing secure communication over the internet by enabling authentication and data integrity. Equipped with a rich feature set, the X.509 standard is defined by multiple, comprehensive ISO/IEC documents. Due to its internet-wide usage, there are different implementations in multiple programming languag...

Throughout computer history, it has been repeatedly demonstrated that critical software vulnerabilities can significantly affect the components involved. In the Free/Libre and Open Source Software (FLOSS) ecosystem, most software is distributed through package repositories. Nowadays, monitoring critical dependencies in a software system is essentia...

With the increasing sophistication and sheer number of cyberattacks, more and more companies come to the conclusion that they have to strengthen their cybersecurity posture. At the same time, well-educated information technology (IT) security personnel are scarce. Cybersecurity as a service (CSaaS) is one possible solution to tackle this problem by...

Public key infrastructures (PKIs) are a cornerstone for the security of modern information systems. They also offer a wide range of security mechanisms to industrial automation and control systems (IACS) and can represent an important building block for concepts like zero trust architectures and defense in depth. Hence, the ISA/IEC 62443 series of...

Remote electronic voting, often called online or Internet voting, has been subject to research for the last four decades. It is regularly discussed in public debates, especially in the context of enabling voters to conveniently cast their ballot from home using their personal devices. Since these devices are not under the control of the electoral a...

Big data continues to grow in the manufacturing domain due to increasing interconnectivity on the shop floor in the course of the fourth industrial revolution. The optimization of machines based on either real-time or historical machine data provides benefits to both machine producers and operators. In order to be able to make use of these opportun...

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certifica...

Internetwahlverfahren, informell "Internet-Voting" genannt, sind schon seit einigen Jahrzehnten im Fokus der Forschung und auch immer wieder Teil öffentlicher Debatten. Ein besonderes Hauptaugenmerk liegt dabei auf Internetwahlverfahren zur Nutzung in unkontrollierten Umgebungen, also Wahlverfahren, die Wählerinnen und Wähler bequem zu Hause vom ei...

Due to the scarcity of transplantable organs, patients have to wait on long lists for many years to get a matching kidney. This scarcity has created an illicit market place for wealthy recipients to avoid long waiting times. Brokers arrange such organ transplants and collect most of the payment that is sometimes channeled to fund other illicit acti...

In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by public key infrastructures. One of the key criticisms is the architecture’s implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a metric to compensate this as...

Android is the most popular mobile operating system. Its omnipresence leads to the fact that it is also the most popular target amongst malware developers and other computer criminals. Hence, this thesis shows the security-relevant structures of Android’s system and application architecture. Furthermore, it provides laboratory exercises on various...