Sven Bugiel
Research Group Leader, Trusted Systems Group, CISPA
Sven Bugiel Research Group Leader, Trusted Systems Group, CISPA

I am security researcher with focus on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems.

Since May 2016 I am employed as the research group leader of the Trusted Systems Group at the Center for Information Security, Privacy, and Accountability (CISPA) in Saarbrücken, Germany.

Vita

Please check my full CV for more details.

Since May, 2016: Research Group Leader
of the Trusted Systems Group at the Center for Information Security, Privacy, and Accountability (CISPA), Saarbrücken, Germany
2013 - 2016: Research Assistant and Ph.D. Student
in the Information Security & Cryptography Group, Saarland University, Germany

Since Feb, 2016: Dr.-Ing. (Ph.D. in Security in Information Technology)
Ph.D. thesis title: "Establishing Mandatory Access Control on Android OS"
2010 - 2013: Research Assistant and Ph.D. Student
2008 - 2010: Erasmus Mundus Master's Programme
in Security and Mobile Computing on the KTH/DTU track.

Master of Science in Engineering, Security and Mobile Computing.
Master thesis title: "Using TCG/DRTM for application-specific credential storage and usage" (in cooperation with Nokia Research Center, Helsinki, Finland)
2008 - 2009: Summer Research Internships
in the Trustworthy Mobile Platforms Group at Nokia Research Center, Helsinki, Finland
2007 - 2008: Erasmus
at Helsinki University of Technology (now Aalto University)
2004 - 2008: Studies
at Horst Görtz Institute for IT Security, RuhrUniversity Bochum, Germany
2003: Abitur

Projects

Android Security Framework

Android Security Framework (ASF) is a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android’s software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android’s mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.

Source code, example security modules, and documentation can be retrieved from the current project website.

FlaskDroid

A generic security architecture for the Android OS that can serve as a flexible and effective ecosystem to instantiate different security solutions.

Source code and documentation can be retrieved from the project website at www.flaskdroid.org

Scientific Service

Program Committee Member

Reviewer

  • SPE’13 (Software: Practice and Experience)
  • IEEE TDSC’14 (IEEE Transactions on Dependable and Secure Computing)
  • IEEE TDSCSI’14 (IEEE Transactions on Dependable and Secure Computing Special Issue on Security and Privacy in Mobile Platforms)
  • IEEE TIFS’17 (IEEE Transactions on Information Forensics and Security)

Publications

List of publications can also be found on my Google Scholar page.

Peer-reviewed Conferences

Short Text Large Effect: Measuring the Impact of User Reviews on Android App Security \& Privacy
Duc Cuong NguyenErik DerrMichael Backes,  Sven Bugiel. In To appear in the Proceedings of the IEEE Symposium on Security & Privacy, May 2019, IEEE. 2019.

[PDF] BibTeX

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
Sanam Ghorbani Lyastani,  Michael Schilling,  Sascha FahlMichael Backes,  Sven Bugiel. In 28th USENIX Security Symposium (USENIX Security '18), USENIX. 2018.

PDF BibTeX

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Marten Oltrogge,  Erik Derr,  Christian Stransky,  Yasemin AcarSascha Fahl,  Christian Rossow,  Giancarlo Pellegrino,  Sven Bugiel,  Michael Backes. In 39th IEEE Symposium on Security and Privacy (SP '18), IEEE. 2018.

PDF BibTeX

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
Erik Derr,  Sven Bugiel,  Sascha FahlYasemin AcarMichael Backes. In 24th ACM Conference on Computer and Communication Security (CCS'17), ACM. 2017.

PDF BibTeX

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Jie Huang,  Oliver Schranz,  Sven Bugiel,  Michael Backes. In 24th ACM Conference on Computer and Communication Security (CCS'17), ACM. 2017.

PDF BibTeX

Seamless In-App Ad Blocking on Stock Android
Michael Backes,  Sven Bugiel,  Philipp von Styp-Rekowsky,  Marvin Wißfeld. In Mobile Security Technologies (MOST) 2017 Workshop, IEEE. 2017.

PDF BibTeX

ARTist: The Android Runtime Instrumentation and Security Toolkit
Michael Backes,  Sven Bugiel,  Oliver SchranzPhilipp von Styp-RekowskySebastian Weisgerber. In 2nd IEEE European Symposium on Security and Privacy (EuroS\&P'17), IEEE. 2017.

PDF BibTeX

Reliable Third-Party Library Detection in Android and its Security Applications
Michael Backes,  Sven Bugiel,  Erik Derr. In 23rd ACM Conference on Computer and Communications Security (CCS'16), ACM. 2016. (Acceptance rate: 16.5% (137/831))

PDF BibTeX

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
Michael Backes,  Sven Bugiel,  Erik DerrPatrick McDaniel,  Damien Octeau,  Sebastian Weisgerber. In 26th USENIX Security Symposium (USENIX Security '16), USENIX. 2016. (Acceptance rate: 15.6% (72/463))

PDF BibTeX

R-Droid: Leveraging Android App Analysis with Static Slice Optimization
Michael Backes,  Sven Bugiel,  Erik DerrSebastian GerlingChristian Hammer. In 11th ACM Asia Conference on Computer and Communications Security (ASIACCS '16), ACM. 2016. (Invited paper)

PDF BibTeX

SoK: Lessons Learned From Android Security Research For Appified Software Platforms
Yasemin AcarMichael Backes,  Sven Bugiel,  Sascha FahlPatrick McDaniel,  Matthew Smith. In 37th IEEE Symposium on Security and Privacy (SP '16), IEEE. 2016.

PDF BibTeX

Boxify: Full-fledged App Sandboxing for Stock Android
Michael Backes,  Sven Bugiel,  Christian HammerOliver SchranzPhilipp von Styp-Rekowsky. In 24th USENIX Security Symposium (USENIX Security '15), USENIX. 2015. (Acceptance rate: 15.7% (67/426))

PDF BibTeX

Scippa: System-Centric IPC Provenance on Android
Michael Backes,  Sven Bugiel,  Sebastian Gerling. In 30th Annual Computer Security Applications Conference (ACSAC'14), ACM. 2014.

PDF BibTeX

Android Security Framework: Extensible Multi-Layered Access Control on Android
Michael Backes,  Sven Bugiel,  Sebastian GerlingPhilipp von Styp-Rekowsky. In 30th Annual Computer Security Applications Conference (ACSAC'14), ACM. 2014.

PDF BibTeX

Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
Sven Bugiel,  Stephan HeuserAhmad-Reza Sadeghi. In 22nd USENIX Security Symposium (USENIX Security '13), USENIX. 2013. (Acceptance rate: 15.9% (44/277))

PDF BibTeX

Client-controlled Cryptography-as-a-Service in the Cloud
Sören Bleikertz,  Sven Bugiel,  Hugo IdelerStefan NürnbergerAhmad-Reza Sadeghi. In 11th International Conference on Applied Cryptography and Network Security (ACNS'13), Springer. 2013.

PDF BibTeX

Softer Smartcards: Usable Cryptographic Tokens with Secure Execution
Franz Ferdinand Brasser,  Sven Bugiel,  Atanas Filyanov,  Ahmad-Reza SadeghiSteffen Schulz. In Financial Cryptography and Data Security (FC), Springer. 2012.

PDF BibTeX

Towards Taming Privilege-Escalation Attacks on Android
Sven Bugiel,  Lucas DaviAlexandra DmitrienkoThomas FischerAhmad-Reza Sadeghi,  Bhargava Shastry. In 19th Annual Network \& Distributed System Security Symposium (NDSS'12), 2012.

PDF BibTeX

AmazonIA: When Elasticity Snaps Back
Sven Bugiel,  Thomas PöppelmannStefan NürnbergerAhmad-Reza SadeghiThomas Schneider. In 18th ACM Conference on Computer and Communications Security (CCS'11), ACM. 2011. (Acceptance rate: 14% (60/429))

PDF BibTeX

Practical and Lightweight Domain Isolation on Android
Sven Bugiel,  Lucas DaviAlexandra DmitrienkoStephan HeuserAhmad-Reza Sadeghi,  Bhargava Shastry. In 1st ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM'11), ACM. 2011.

PDF BibTeX

Twin Clouds: Secure Cloud Computing with Low Latency
Sven Bugiel,  Stefan NürnbergerAhmad-Reza SadeghiThomas Schneider. In Communications and Multimedia Security Conference (CMS'11), Springer. 2011. (Best Paper Award)

PDF BibTeX

Scalable Trust Establishment with Software Reputation
Sven Bugiel,  Lucas DaviSteffen Schulz. In Workshop on Scalable Trusted Computing (STC'11), ACM. 2011.

PDF BibTeX

TruWalletM: Secure Web Authentication on Mobile Platforms
Sven Bugiel,  Alexandra DmitrienkoKari KostiainenAhmad-Reza SadeghiMarcel Winandy. In 2nd Conference on Trusted Systems (INTRUST'10), 2010.

PDF BibTeX

Implementing an Application-Specific Credential Platform Using Late-Launched Mobile Trusted Module
Sven Bugiel,  Jan-Erik Ekberg. In 5th Annual Workshop on Scalable Trusted Computing (STC'10), ACM. 2010.

PDF BibTeX

Trust in a Small Package: Minimized MRTM Software Implementation for Mobile Secure Environments
Jan-Erik Ekberg,  Sven Bugiel. In 4th Annual Workshop on Scalable Trusted Computing (STC'09), ACM. 2009.

PDF BibTeX

Technical Reports

Android Security Framework: Enabling Generic and Extensible Access Control on Android
Michael Backes,  Sven Bugiel,  Sebastian GerlingPhilipp von Styp-Rekowsky. Technical report A/01/2014, Saarland University, April, 2014.

PDF BibTeX

Towards a Framework for Android Security Modules: Extending SE Android Type Enforcement to Android Middleware
Sven Bugiel,  Stephan HeuserAhmad-Reza Sadeghi. Technical report TUD-CS-2012-0231, Center for Advanced Security Research Darmstadt, December, 2012.

PDF BibTeX

myTunes: Semantically Linked and User-Centric Fine-Grained Privacy Control on Android
Sven Bugiel,  Stephan HeuserAhmad-Reza Sadeghi. Technical report TUD-CS-2012-0226, Center for Advanced Security Research Darmstadt, November, 2012.

PDF BibTeX

XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks
Sven Bugiel,  Lucas DaviAlexandra DmitrienkoThomas FischerAhmad-Reza Sadeghi. Technical report TR-2011-04, Technische Universität Darmstadt, 2011.

PDF BibTeX

Books and Bookchapters

European Research Activities in Cloud Computing
Alysson Bessani,  Imad M. Abbadi,  Sven Bugiel,  Emanuele Cesena,  Mina Deng,  Michael Gröne,  Ninja Marnau,  Stefan Nürnberger,  Marcelo Pasin,  Norbert Schirmer. European Research Activities in Cloud Computing, ch. TClouds: Privacy and Resilience for Internet-scale Critical Infrastructures, pp. 151 - 177. Cambridge Scholars Publishing, 2011.

[PDF] BibTeX

Teaching

Current courses

I am currently offering the following courses:

Past courses

Past courses the Trusted Systems Group offered:

I was involved in the following courses by the Information Security & Cryptography Group:

Courses I was involved in at the System Security Lab at TU Darmstadt:

  • Secure, Trusted and Trustworthy Computing (winter term 12/13)
  • Smartphone Security Lab (winter term 12/13)
  • Embedded System Security (summer term 12)
  • Mobile Security Seminar (summer term 12)
  • Secure, Trusted and Trustworthy Computing (winter term 11/12)
  • Smartphone Security Lab (winter term 11/12)
  • Embedded System Security (summer term 11)
  • Secure, Trusted and Trustworthy Computing (winter term 10/11)

Contact:

Dr.-Ing. Sven Bugiel
Saarland University
Campus E9 1
Room 3.09
66123 Saarbrücken
Germany
Phone
P: +49 (0)681 - 302 - 57362
F: +49 (0)681 - 302 - 57365
eMail
bugiel@cs.uni-saarland.de
GPG Key