The CrossComITS research project seeks to train users from vulnerable target groups to become security mediators through a train-the-trainers concept based on technical courses, and thus to serve as contact persons for IT security in the community.

Duration: July 2022 - June 2025

More Information

Medical Centre Employee Centered Information Security Awareness (MedISA)

From patient records to diagnostic equipment, hospital care is based on the use of information technology. When computer systems fail, the consequences for patients can be dramatic. In particular, the rise of attacks and cybercrime poses a threat to seamless medical care. Security standards therefore exist to prevent threats from cyberspace. But in practice, improper handling of the IT infrastructure and users' insufficient awareness of information security often pose a problem. This is where the research project MedISA (Medical Centre Employee Centered Information Security Awareness) of the Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) comes in. In MedISA, strategies are being developed to sensitize employees in medical care facilities to IT security and data protection. The project is funded by the German Federal Ministry of Health (BMG) with approximately 450,000 euros over three years.

Duration: December 2021 - November 2024

More Information


More and more companies shift their business models to the Internet and use digital ecosystems as platforms. The COVID-19 pandemic further intensified this trend. However, data protection is perceived by many many companies as an obstacle to innovation, because there is a lack of knowledge and tools to implement the legal requirements correctly. The D'accord research project is therefore developing a so-called privacy cockpit. This software solution acts as a central contact point for data subjects who want to find out about the use of their personal data. Furthermore, data subjects can actively influence the use of their personal data and exercise their rights as data subjects.

Duration: September 2021 - September 2024

More Information

Own Device E-Asssessment on 5G (ODEA.5G)

The new mobile communications standard 5G is representative of innovative digitization projects in many different areas of society. In particular, the increased data rates and low latency make this network technology relevant for use at universities for a large number of simultaneous users. In order to be able to offer and carry out innovative teaching formats such as formative e-assessments, a suitable technical infrastructure is required with which learning status feedback and examinations can be implemented effectively and efficiently, even for large learning groups. In view of the increasing number of students and the associated decentralization of learning spaces, the equipment with previously used technologies such as W-LAN and provided end devices (e.g. stationary PCs) is becoming increasingly costly or is in some cases no longer feasible. In the ODEA.5G project, the H-BRS University of Applied Sciences and the University of Cologne are setting up 5G campus networks at both universities to test and evaluate state-of-the-art e-assessment systems. The focus here is particularly on large groups of participants who, thanks to the new technologies, will be able to take electronic examinations that are equal in terms of opportunity, comprehensible, reliable and secure.

Duration: March 2021 - February 2023

More Information

User Trust Experience (UTE)

In the research project "User Trust Experience" (UTE), the H-BRS University of Applied Sciences has been commissioned by TÜV TRUST IT in cooperation with Huawei UCD Center to examine influencing factors on users' trust in technical components. The studies relate to smartphone products of project partner HUAWEI, and especially to the permission management system inside the operating system EMUI. The team around Professor Luigi Lo Iacono investigates various technical design aspects that create an increased trust or even a loss of trust in modern technologies among end-users. For this purpose, the researchers will conduct analytical and empirical studies. The goal is to develop concrete improvements for the permission management system of EMUI. It should communicate secure handling of user data in a user-friendly way, to allow greater trust in the technology. The desired research outcome is a collection of general design principles for developing secure and trustworthy technology. The research cooperation combines the expertise of the project partners in the fields of "User-Centered Design", "Usable Security and Privacy" and "IT Security Certification".

Duration: July 2020 - January 2021

More Information

Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen (TrUSD)

In the course of digitalization, more and more data is being collected and evaluated in companies. This can optimize business processes, but also has the potential to affect employees' personal rights. The research project TrUSD builds a bridge between the potential of data analysis and the right of employees to privacy by developing so-called Privacy Dashboards. These dashboards provide employees with all the necessary privacy-related information, display it in an understandable way, and offer appropriate settings.

Duration: September 2018 - August 2021

More Information

Usability of Risk-based Implicit Authentication (URIA)

The research project URIA inspects the widely deployed password-based authentication. Nearly everyone knows the difficulty of choosing and, especially, remembering good passwords. Password-secured systems also inhere high security risks due to its fast "crackability". Hence, password-based authentication has weaknesses in terms of usability as well as security. In contrast to that, Risk-based authentication has the potential of improving security without degrading usability.

Duration: April 2018 - August 2021

More Information

Ultra-Large Scale Systems Security (ULS3)

The research project ULS3 elaborates and evaluates security mechanisms for ultra large-scale REST-based systems. The two main goals of ULS3 are: (1) the development of a general REST-Security framework while considering the architectural constraints of REST and (2) user-centric design of REST-Security APIs enabling software developers using security mechanisms in an effective as well as efficient manner.

Duration: April 2017 - March 2020

More Information


In the KieBox project, a usable solution for secure e-mail communication was developed. In collaboration with the company IESY, we created an easy-to-use communication solution based on software and hardware.

Duration: November 2017 - March 2020

More Information

Usable Security by Design (USecureD)

The research project USecureD aims at supporting small and medium-sized enterprises (SMEs) in facilitating the selection and incoperation of usable security by developing, evaluating and collecting principles, guidelines, patterns and tools for merging usability and security engineering.

Duration: June 2015 - April 2017

More Information

REAL SOA Security

Robust, Effective and Efficient SOA Security

Duration: March 2013 - March 2015

More Information