Critical Information Infrastructures/en
= Critical Information Infrastructures=
Critical information infrastructures are sociotechnical systems comprising essential software components and information systems with pivotal impact on individuals, organizations, governments, economies, and society. We work on research challenges concerned with the design, development, and evaluation of reliable, secure, and purposeful software and information systems. Our research features a strong domain focus, in particular, on internet and health care industries as well as on the industry-specific application of secure and trustworthy AI models. The principal goal of our research is theorizing on and designing the applications and methods required for creation and innovation of sociotechnical systems with auspicious value propositions. In our studies, we rigorously employ a variety of interdisciplinary methods and build on theories from information systems and related disciplines. Our work accounts for the multifaceted use contexts of information and communication technologies with research on human behavior affecting critical information infrastructures and vice versa. This enables us to rigorously generate strong theoretical insights while simultaneously producing research outputs of relevance to practical audiences.
Our main research contexts are reliable, secure, and purposeful software and information systems within the scope of critical infrastructures, innovative health IT applications, cloud computing services, blockchain technologies, trustworthy AI, continuous, DLT-based auditing of AI systems, and auditing/certification of IT in general.
- Jan Bartsch
- Mikael Beyene
- Mandy Goram
- Malte Greulich
- Anton Grube
- Shanshan Hu
- Niclas Kannengießer
- Jens Lansing
- Florian Leiser
- Sebastian Lins
- Felix Morsbach
- Konstantin Pandl
- Sascha Rank
- Maximilian Renner
- Manuel Schmidt-Kraepelin
- Michael Sosna
- Heiner Teigeler
- Scott Thiebes
- Philipp Toussaint
- Ekaterina Babaskina
- Tessa Buttenberg
- Maren Cordts
- Lisa Drawe
- Yannick Erb
- Niklas Hasebrook
- Tobias Hilt
- Ella Lutzweiler
- Rano Permana
- Pranjal Ranka
- Maximilian Rauh
- Cedric Smith
- Yanxiu Wuwang
- Vinzenz Zinecker
- Frederic von Normann
Our research is funded by
|European Cloud Service Data Protection Certification|
The objective of the research project “European Cloud Service Data Protection Certification” (AUDITOR) is the conception, exemplary implementation and testing of an enduring EU-wide data protection certification for cloud services. As project leader, we engage in every project activity to achieve this goal.
|BloG3 – Blockchain-based health data management for holistic health profiles|
The BloG3 project aims to develop and deploy a blockchain-based platform for the management of health data in aftercare. The platform enables patients to manage their data and give doctors access to them via an app. The platform will be used and evaluated at the Charité in Berlin and the Pflegewerk Berlin.
|COOLedger – A COnfiguration toOL for Distributed Ledgers|
The goal of the research project is to support the selection and configuration of a suitable distributed ledger through a model that identifies the dependencies between DLT characteristics and presents them in an understandable way. The model will be embedded in a process and implemented as software, which facilitates finding the suitable configuration of distributed ledgers for specific applications.
|digilog@bw − Digitalisierung im Dialog|
The aim of "digilog@bw" is to identify the influence of digitisation on people and the resulting social changes and to analyse them in an interdisciplinary approach in order to lay the foundations for shaping digital change in a technically and politically positive way for the benefit of people.
|Distributed Ledger Technology for Life Sciences|
The aim of the research project “Distributed Ledger Technology for Life Sciences” (DLT4Life) is to develop a secure and privacy preserving DLT-based infrastructure for data exchange in the life sciences. The research project is part of the Helmholtz Information & Data Science School for Health (HIDSS4Health) and is carried out in cooperation with the German Cancer Research Center (DKFZ) in Heidelberg.
|ePill - electronic Patient Information Leaflets|
ePill (Electronic Patient Information LeafLets) is a web application that offers patient-friendly aggregation and refinement of information in patient information leaflets. ePill avoids drawbacks of patient information leaflets regarding readability, comprehensibility, and content. Besides improving the presentation of information in patient information leaflets, ePill can contribute to the solution of the prevalent problem of medication compliance by alleviating the process of gaining knowledge about the pharmaceuticals one is taking.
|GI Special Interest Group Digital Health|
The interdisciplinary special interest group Digital Health will examine current issues relating to the use of IT in healthcare and medicine from a variety of perspectives. The special interest group is to serve as a communication platform for stakeholders in the field of digital health. The goal is to offer researchers, practitioners and policymakers a central point of contact for the exchange and consolidation of research work and practical issues.
|Project Next Generation Certification (NGCert)|
The project “Next Generation Certification” (NGCert) focuses on research and development of dynamic certifications for cloud services, which enable auditors to continuously and (semi) automatically audit and monitor crucial parameters of cloud services. In this context, we develop metrics, methods, and design guidelines for continuous monitoring and (semi) automatic certification of cloud services.
|PEER - Open Access Publication Platform for Student Dissertations|
The open dissertations library – PEER – will provide an innovative open access platform for publishing excellent student dissertations, like Bachelor, Master, and Diploma theses. Following the open knowledge idea, which is to allow anyone to freely access, use, modify, and share knowledge, PEER will make the publication of excellent student theses much easier for students and universities as well as provide an open and highly visible platform revealing the real worth of Bachelor, Master, and Diploma theses. PEER will utilize the innovative potential of distributed ledger technology to archive the system’s three primary design goals: ease-of-use, openness, and content excellence.
|Security & Compliance Automation|
The project 'Security & Compliance Automation' deals with the automation of compliance assessment processes in the context of cloud services. The research group cii is working together with SAP SE to deal with the challenging and ever-increasing amount of requirements that cloud services have to fulfil.
|Toward better Development of Applications on DLT|
Distributed Ledger Technology (DLT) is promising to innovate collaborative inter-organizational work using applications on DLT. However, such applications come with new challenges regarding software architecture and, in particular, smart contract development. Various incidents such as The DAO hack or the Parity hack have shown the devastating impact of flawed smart contracts or applications on DLT. In order to support developers to overcome extant challenges in the development of applications on DLT, we aim to derive software design patterns from existing best practices in the development of applications on DLT.
Our research project „Trusted Blockchain“ aims to develop an innovative certification for distributed ledger technologies to reduce market uncertainty and support the development of trusted and secure technologies.
|Unblackboxing IT Certifications|
The project goal of “Unblackboxing IT Certifications” is to explore IT certifications' impact on customer and e-vendor perceptions. Within the research context of electronic markets, we investigate the research question of how web assurance seals are perceived by both customers and e-vendors. The project results contribute to gaining a deep and fundamental understanding of IT certifications' effectiveness.