Christian Gehrmann
YOU?
Author Swipe
View article: Resilient automatic model selection for mobility prediction
Resilient automatic model selection for mobility prediction Open
In order to avoid extensive machine learning models selection and optimizations, Automated Machine Learning (AutoML) has arisen as a practical and efficient way to apply machine learning to many different application areas. Data poisoning …
View article: CyberROAD: A cybersecurity risk assessment ontology for automotive domain aligned with ISO/SAE 21434:2021
CyberROAD: A cybersecurity risk assessment ontology for automotive domain aligned with ISO/SAE 21434:2021 Open
The automotive domain is becoming increasingly complex through the integration of new technologies. As a result, cybersecurity is recognized as a pressing issue. This study focuses on the ISO/SAE 21434:2021 standard for road vehicles cyber…
View article: Vulnerability Detection in Popular Programming Languages with Language Models
Vulnerability Detection in Popular Programming Languages with Language Models Open
Vulnerability detection is crucial for maintaining software security, and recent research has explored the use of Language Models (LMs) for this task. While LMs have shown promising results, their performance has been inconsistent across d…
View article: A Trust Establishment and Key Management Architecture for Hospital-at-Home
A Trust Establishment and Key Management Architecture for Hospital-at-Home Open
The landscape of healthcare is experiencing a digitalization shift, transferring many medical activities to the patients’ homes, a phenomenon commonly referred to as Hospital-at-Home. While Internet of Things (IoT) devices facilitate the b…
View article: From Generalist to Specialist: Exploring CWE-Specific Vulnerability Detection
From Generalist to Specialist: Exploring CWE-Specific Vulnerability Detection Open
Vulnerability Detection (VD) using machine learning faces a significant challenge: the vast diversity of vulnerability types. Each Common Weakness Enumeration (CWE) represents a unique category of vulnerabilities with distinct characterist…
View article: Regaining Dominance in CIDER and Lazarus
Regaining Dominance in CIDER and Lazarus Open
Ensuring availability is a critical requirement for the Internet of Things (IoT). CIDER, a recovery architecture, and its follow-up scheme, Lazarus, are solutions to address this issue. CIDER introduced a new hardware module, the Authentic…
View article: Attacks Against Mobility Prediction in 5G Networks
Attacks Against Mobility Prediction in 5G Networks Open
The $5^{th}$ generation of mobile networks introduces a new Network Function (NF) that was not present in previous generations, namely the Network Data Analytics Function (NWDAF). Its primary objective is to provide advanced analytics serv…
View article: Access Security Policy Generation for Containers as a Cloud Service
Access Security Policy Generation for Containers as a Cloud Service Open
The rapid development of containerization technology comes with remarkable benefits for developers and operation teams. Container solutions allow building very flexible software infrastructures. Although lots of efforts have been devoted t…
View article: Anharmonic Fluctuations Govern the Band Gap of Halide Perovskites
Anharmonic Fluctuations Govern the Band Gap of Halide Perovskites Open
We determine the impact of anharmonic thermal vibrations on the fundamental band gap of CsPbBr$_3$, a prototypical model system for the broader class of halide perovskite semiconductors. Through first-principles molecular dynamics and stoc…
View article: Static and Dynamic Disorder in Formamidinium Lead Bromide Single Crystals
Static and Dynamic Disorder in Formamidinium Lead Bromide Single Crystals Open
We show that formamidinium lead bromide is unique among the halide perovskite crystals because its inorganic sub-lattice exhibits intrinsic local static disorder that co-exists with a well-defined average crystal structure. Our study combi…
View article: RoSym
RoSym Open
Internet of Things (IoT) firmware upgrade has turned out to be a challenging task with respect to security. While Over-The-Air (OTA) software upgrade possibility is an essential feature to achieve security, it is also most sensitive to att…
View article: Probing\nthe Disorder Inside the Cubic Unit Cell of\nHalide Perovskites from First-Principles
Probing\nthe Disorder Inside the Cubic Unit Cell of\nHalide Perovskites from First-Principles Open
Strong deviations\nin the finite temperature atomic structure of\nhalide perovskites from their average geometry can have profound impacts\non optoelectronic and other device-relevant properties. Detailed mechanistic\nunderstandings of the…
View article: Transversal Halide Motion Intensifies Band-To-Band Transitions in Halide Perovskites
Transversal Halide Motion Intensifies Band-To-Band Transitions in Halide Perovskites Open
Despite their puzzling vibrational characteristics that include strong signatures of anharmonicity and thermal disorder already around room temperature, halide perovskites exhibit favorable optoelectronic properties for applications in pho…
View article: Demonstration: A cloud-native digital twin with adaptive cloud-based control and intrusion detection
Demonstration: A cloud-native digital twin with adaptive cloud-based control and intrusion detection Open
Digital twins are taking a central role in the industry 4.0 narrative. How- ever, they are still illusive. Many aspects of the digital-twins have yet to materialize. For example, to what degree will they be integrated into cloud and indust…
View article: Lic-Sec: An enhanced AppArmor Docker security profile generator
Lic-Sec: An enhanced AppArmor Docker security profile generator Open
Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Li…
View article: A decentralized dynamic PKI based on blockchain
A decentralized dynamic PKI based on blockchain Open
The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-c…
View article: Prototyping intrusion detection in an industrial cloud-native digital twin
Prototyping intrusion detection in an industrial cloud-native digital twin Open
Digital twins are poised to play a vital role in the industry 4.0 era. A cloud-based digital twin can augment the entity that it represents. To that effect, we envision that digital twins can have embedded control systems when paired with …
View article: AppArmor Profile Generator as a Cloud Service
AppArmor Profile Generator as a Cloud Service Open
Along with the rapid development of containerization technology, remarkable benefits have been created for developers and operation teams, and overall software infrastructure. Although lots of effort has been devoted to enhancing container…
View article: Lic-Sec: an enhanced AppArmor Docker security profile generator
Lic-Sec: an enhanced AppArmor Docker security profile generator Open
Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Li…
View article: Secure Ownership Transfer for the Internet of Things
Secure Ownership Transfer for the Internet of Things Open
With the increasing number of IoT devices deployed, the problem of switching ownership of devices is becoming more apparent. Especially, there is a need for transfer protocols not only addressing a single unit ownership transfer but secure…
View article: An Identity Privacy Preserving IoT Data Protection Scheme for Cloud Based Analytics
An Identity Privacy Preserving IoT Data Protection Scheme for Cloud Based Analytics Open
Efficient protection of huge amount of IoT produced data is key for wide scale data analytic services. The most efficient way is to use pure symmetric encryption as that allows both fast decryption at the analytic engine side as well as en…
View article: A Digital Twin Based Industrial Automation and Control System Security Architecture
A Digital Twin Based Industrial Automation and Control System Security Architecture Open
The digital twin is a rather new industrial control and automation systems concept. While the approach so far has gained interest mainly due to capabilities to make advanced simulations and optimizations, recently the possibilities for enh…
View article: Metadata filtering for user-friendly centralized biometric authentication
Metadata filtering for user-friendly centralized biometric authentication Open
While biometric authentication for commercial use so far mainly has been used for local device unlock use cases, there are great opportunities for using it also for central authentication such as for remote login. However, many current bio…
View article: SDN Access Control for the Masses
SDN Access Control for the Masses Open
View article: Bootstrapping trust in software defined networks
Bootstrapping trust in software defined networks Open
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity…
View article: TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
TruSDN: Bootstrapping Trust in Cloud Network Infrastructure Open
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity…
View article: TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
TruSDN: Bootstrapping Trust in Cloud Network Infrastructure Open
View article: Robust and Scalable DTLS Session Establishment
Robust and Scalable DTLS Session Establishment Open
The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-share…
View article: A high assurance virtualization platform for ARMv8
A high assurance virtualization platform for ARMv8 Open
This paper presents the first results from the ongoing research project HASPOC, developing a high assurance virtualization platform for the ARMv8 CPU architecture. Formal verification at machine code level guarantees information isolation …
View article: On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake
On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake Open