Gerd Brost scite author profile

Gerd Brost

5Publications

81Citation Statements Received

40Citation Statements Given

How they've been cited

How they cite others

Affiliations

Fraunhofer Institute for Applied and Integrated Security

Publications

Order By: Most citations

LUCON: Data Flow Control for Message-Based IoT Systems

Schuette

Brost²

2018

View full text Add to dashboard Cite

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information -a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a realworld IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

show abstract

A collaborative cyber incident management system for European interconnected critical infrastructures

Settanni

Skopik

Shovgenya

et al. 2017

Journal of Information Security and Applications

View full text Add to dashboard Cite

Identifying Security Requirements and Privacy Concerns in Digital Health Applications

Brost

Hoffmann

2014

View full text Add to dashboard Cite

Security and privacy by design are important paradigms for establishing high protection levels in the eHealth domain. This means that security requirements and privacy concerns are considered and analyzed from the very beginning of any system design. For a reliable and robust system architecture and specifi cation we recommend a four-step approach: (1) Decompose the system and identify the assets on the basis of the multilateral security concept, i.e., taking all participants of an eHealth scenario as potential attackers into account; (2) evaluate threats based on STRIDE for a holistic and systematic modelling of threats; (3) defi ne use casespecifi c security requirements and privacy concerns as well as their relevance; and (4) mitigate threats by deciding what countermeasures should be implemented. After the introduction of each step this chapter illustrates the practical use in a stepby-step walkthrough with a real-world eHealth scenario and discusses advantages of security and privacy by design as well as its limitations.

show abstract

Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT

Hansch

Schneider

Brost

2019

View full text Add to dashboard Cite

K-Word Proximity Search on Encrypted Data

Gall

Brost

2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gerd Brost

LUCON: Data Flow Control for Message-Based IoT Systems

A collaborative cyber incident management system for European interconnected critical infrastructures

Identifying Security Requirements and Privacy Concerns in Digital Health Applications

Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT

K-Word Proximity Search on Encrypted Data

Contact Info

Product

Resources

About