Like all chair members, you reach me at surname@this domain.
Email policy
I receive a lot of email per day. Therefore, unluckily I cannot read all of them. If you do not receive an answer within 2 days, please feel free to recontact me as it is likely that I did not see your email.
Professor for Cybersecurity at IMT Atlantique | Chairholder CyberCNI.fr | VP German Chapter of the ACM | Cybersecurity Expert | Speaker at IMT Atlantique
Marc-Oliver Pahl is Professor at the Technical University IMT Atlantique at the campus Rennes, Brittany, France. He heads the Chair of Cybersecurity in Critical Networked Infrastructures (Cyber CNI) with currently 9 PhD students, 4 PostDocs, and 11 associated professors. He also supervises PhD students at Technical University of Munich.
Marc-Oliver is an adjunct professor of Carleton University in Canada. Marc-Oliver’s research focus is on a holistic approach to cybersecurity. He is an experienced teacher and an eLearning pioneer, holding several teaching awards.
Marc-Oliver holds a Diploma from University of Tübingen and a PhD from Technical University of Munich.
Marc-Oliver is Vice President of the German Chapter of the Association for Computing Machinery (ACM) (https://germany.acm.org/). He heads the Future Education activities of the German-French Academy for the Industry of the Future (https://future-industry.org/).
Marc-Oliver’s research focus is on a holistic approach to cybersecurity. He works on security-by-design, anomaly detection, human-in-the-loop, and automation. His goal is making cybersecurity manageable, resulting in highly resilient and reliable systems. Marc-Oliver publishes regularly in the network and service management and security communities.
My research domain is cybersecurity. I follow a holistic multi-disciplinary approach, including the areas security-by-design, continuous monitoring and data analytics for anomaly detection, (semi-) automated defence for increasing resilience, and human-in-the-loop with multi-modal 3D interfaces.
In: Guernic, Gurvan (Ed.): Proceedings of the 29th Computer & Electronics Security Application Rendezvous co-located with the 7th European Cyber Week (ECW 2022), Rennes, France, November 15-16, 2022., pp. 35–46, CEUR-WS.org, 2023.
@inproceedings{ceur-ws3329barbeau,
title = {Resilience via Blackbox Self-Piloting Plants},
author = {Michel Barbeau and Joaquin Garcia-Alfaro and Christian L\"{u}bben and Marc-Oliver Pahl and Lars W\"{u}strich},
editor = {Gurvan Guernic},
url = {https://ceur-ws.org/Vol-3329/paper-02.pdf},
year = {2023},
date = {2023-01-01},
booktitle = {Proceedings of the 29th Computer \& Electronics Security Application Rendezvous co-located with the 7th European Cyber Week (ECW 2022), Rennes, France, November 15-16, 2022.},
volume = {3329},
pages = {35--46},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
@article{Lavaur2022.tnsm,
title = {The Evolution of Federated Learning-based Intrusion Detection and Mitigation: a Survey},
author = {Leo Lavaur and Marc-Oliver Pahl and Yann Busnel and Fabien Autrel},
url = {https://ieeexplore.ieee.org/document/9780571},
doi = {10.1109/TNSM.2022.3177512},
year = {2022},
date = {2022-05-24},
urldate = {2022-05-24},
journal = {IEEE Transactions on Network and Service Management},
publisher = {IEEE},
series = {Special Issue on Network Security Management},
abstract = {In 2016, Google introduced the concept of Federated Learning (FL), enabling collaborative Machine Learning (ML). FL does not share local data but ML models, offering applications in diverse domains. This paper focuses on the application of FL to Intrusion Detection Systems (IDSs). There, common criteria to compare existing solutions are missing. In particular, this survey shows: (i) how FL-based IDSs are used in different domains; (ii) what differences exist between architectures; (iii) the state of the art of FL-based IDS.
With a structured literature survey, this work identifies the relevant state of the art in FL\textendashbased intrusion detection from its creation in 2016 until 2021. It provides a reference architecture and a taxonomy to serve as guidelines to compare and design FL- based IDSs. Both are validated with the existing works. Finally, it identifies research directions for the application of FL to intrusion detection systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In 2016, Google introduced the concept of Federated Learning (FL), enabling collaborative Machine Learning (ML). FL does not share local data but ML models, offering applications in diverse domains. This paper focuses on the application of FL to Intrusion Detection Systems (IDSs). There, common criteria to compare existing solutions are missing. In particular, this survey shows: (i) how FL-based IDSs are used in different domains; (ii) what differences exist between architectures; (iii) the state of the art of FL-based IDS.
With a structured literature survey, this work identifies the relevant state of the art in FL–based intrusion detection from its creation in 2016 until 2021. It provides a reference architecture and a taxonomy to serve as guidelines to compare and design FL- based IDSs. Both are validated with the existing works. Finally, it identifies research directions for the application of FL to intrusion detection systems.
@inproceedings{221053,
title = {Autonomous convergence mechanisms for collaborative crowd-sourced data-modeling},
author = {Christian L\"{u}bben and Marc-Oliver Pahl},
url = {http://XXXXX/221053.pdf},
year = {2022},
date = {2022-04-01},
booktitle = {NOMS 2022 - Full and short papers ()},
abstract = {Interoperability remains a central challenge of the Internet of Things (IoT). Standardized data representation can solve this problem. Data model convergence prevents redundancy and fosters reuse. The growth of the IoT demands a high number of data models. Collaborative approaches allow the creation of numerous data models. The question to investigate is: Can assisted distributed model creation improve model convergence? This paper presents an approach to unify IoT data models during creation. It analyzes existing models to find similarities to a new model candidate. Similar models shall be reused or extended to prevent information redundancy. Challenges are the accuracy of the similarity analysis and scalability. The evaluation shows linear scalability and high accuracy using a data set containing 1200 automatically converted data models from today's most relevant IoT data modeling initiatives: Project Haystack, IoTSchema, and BrickSchema.},
keywords = {Internet of Things (IoT); Data service management; IT service management; Distributed management},
pubstate = {published},
tppubtype = {inproceedings}
}
Interoperability remains a central challenge of the Internet of Things (IoT). Standardized data representation can solve this problem. Data model convergence prevents redundancy and fosters reuse. The growth of the IoT demands a high number of data models. Collaborative approaches allow the creation of numerous data models. The question to investigate is: Can assisted distributed model creation improve model convergence? This paper presents an approach to unify IoT data models during creation. It analyzes existing models to find similarities to a new model candidate. Similar models shall be reused or extended to prevent information redundancy. Challenges are the accuracy of the similarity analysis and scalability. The evaluation shows linear scalability and high accuracy using a data set containing 1200 automatically converted data models from today's most relevant IoT data modeling initiatives: Project Haystack, IoTSchema, and BrickSchema.
@inproceedings{222206,
title = {Continuous Microservice Re-Placement in the IoT},
author = {Christian L\"{u}bben and Simon Sch\"{a}ffner and Marc-Oliver Pahl},
url = {http://XXXXX/222206.pdf},
year = {2022},
date = {2022-04-01},
booktitle = {NOMS 2022 Workshops - Manage-IoT 2022 ()},
abstract = {The Internet of Things (IoT) consists of constraint devices. There is a continuous increase in processing power and a recent trend towards microservice architectures. Both make it possible to place IoT microservices on the distributed edge nodes of an IoT site. The identification of a suitable placement of services creates an open challenge. The IoT sets special demands due to its heterogeneous, and often constraint resources. This paper presents a service placement strategy that is adapted to the IoT. It assesses the differences between the IoT and previous service placement problem domains. The results show that the presented service placement strategy outperforms existing ones from other domains. This particularly holds for the optimization of the overall system performance.},
keywords = {Internet of Things (IoT)},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) consists of constraint devices. There is a continuous increase in processing power and a recent trend towards microservice architectures. Both make it possible to place IoT microservices on the distributed edge nodes of an IoT site. The identification of a suitable placement of services creates an open challenge. The IoT sets special demands due to its heterogeneous, and often constraint resources. This paper presents a service placement strategy that is adapted to the IoT. It assesses the differences between the IoT and previous service placement problem domains. The results show that the presented service placement strategy outperforms existing ones from other domains. This particularly holds for the optimization of the overall system performance.
@inproceedings{222179,
title = {Resource tradeoffs for TLS-secured MQTT-based IoT Management},
author = {Valentin Dimov and Erkin Kirdan and Marc-Oliver Pahl},
url = {http://XXXXX/222179.pdf},
year = {2022},
date = {2022-04-01},
booktitle = {NOMS 2022 Workshops - Manage-IoT 2022 ()},
abstract = {Transport Layer Security (TLS) is an established Internet security standard. TLS offers a variety of configuration options that affect resource consumption. For deployments of constrained devices in the Internet of Things (IoT), it is crucial to optimize TLSs resource consumption. This study examines how the TLS cryptographic algorithms, so-called cipher suites, affect an MQTT applications resource consumption. MQTT is a popular protocol for IoT. We construct a model application using the Mosquitto MQTT broker and client library. We measure the consumption of CPU cycles, memory, and network bandwidth with the IANA-recommended TLS 1.2 and TLS 1.3 cipher suites. We test and compare different variants for the key exchange, server authentication, client authentication, and symmetric encryption algorithms, as well as recommended elliptic curves for elliptic curve cryptography (ECC) algorithms. We identify ECDHE key exchange with the x25519 curve and mutual PSK authentication as the best handshake performance. Ed25519 provides the best performance among the certificate authentication options. The effect of choosing a faster symmetric cipher on CPU costs depends on message size. Changing symmetric ciphers does not affect the performance for 100 B messages, but more differences are observed for 10 kB messages. Overall, the findings show that resource consumption can be optimized by choosing the cipher suite and adjusting the length and rate of MQTT messages. Optimized resource consumption enables reliable management of MQTT-based IoT.},
keywords = {Case Studies, Testbeds and Practical Experiences; Internet of Things (IoT); Applications and case studies; Sensor networks},
pubstate = {published},
tppubtype = {inproceedings}
}
Transport Layer Security (TLS) is an established Internet security standard. TLS offers a variety of configuration options that affect resource consumption. For deployments of constrained devices in the Internet of Things (IoT), it is crucial to optimize TLSs resource consumption. This study examines how the TLS cryptographic algorithms, so-called cipher suites, affect an MQTT applications resource consumption. MQTT is a popular protocol for IoT. We construct a model application using the Mosquitto MQTT broker and client library. We measure the consumption of CPU cycles, memory, and network bandwidth with the IANA-recommended TLS 1.2 and TLS 1.3 cipher suites. We test and compare different variants for the key exchange, server authentication, client authentication, and symmetric encryption algorithms, as well as recommended elliptic curves for elliptic curve cryptography (ECC) algorithms. We identify ECDHE key exchange with the x25519 curve and mutual PSK authentication as the best handshake performance. Ed25519 provides the best performance among the certificate authentication options. The effect of choosing a faster symmetric cipher on CPU costs depends on message size. Changing symmetric ciphers does not affect the performance for 100 B messages, but more differences are observed for 10 kB messages. Overall, the findings show that resource consumption can be optimized by choosing the cipher suite and adjusting the length and rate of MQTT messages. Optimized resource consumption enables reliable management of MQTT-based IoT.
@inproceedings{220803,
title = {Optimal Access Control Deployment in Network Function Virtualization},
author = {Manel Smine and David Espes and Marc-Oliver Pahl},
url = {http://XXXXX/220803.pdf},
year = {2022},
date = {2022-04-01},
booktitle = {NOMS 2022 - Full and short papers ()},
abstract = {Network function virtualization (NFV) yields numerous advantages, specifically the ability to provide a cost-efficient alternative to hardware-based functionalities on software platforms to break the vendor lock-in problem. However, these advantages come at the cost of several security issues. These threats can be leveraged by controlling the information that flows between the different components that compose NFV services. We propose an approach allowing an optimal deployment of access control policies on NFV services. The proposed approach allows to find the best possible trade-offs between the impact in terms of latency resulting from the deployment of the access control policy and the used resources. In contrast to existing approaches, our solution prevents an insider adversary who compromises one or more unknown VNF(s) to go around the access control policy. We experimentally evaluate the return solutions according to the size of the NFV service, the size of the policy to be deployed and the number of physical servers that host the VNF service.},
keywords = {Accounting, Configuration, Network virtualization; FCAPS: Fault, Performance and Security Management; Cybersystems, Security and Reliability in Network Softwarization and Management; Network security; Policybased management},
pubstate = {published},
tppubtype = {inproceedings}
}
Network function virtualization (NFV) yields numerous advantages, specifically the ability to provide a cost-efficient alternative to hardware-based functionalities on software platforms to break the vendor lock-in problem. However, these advantages come at the cost of several security issues. These threats can be leveraged by controlling the information that flows between the different components that compose NFV services. We propose an approach allowing an optimal deployment of access control policies on NFV services. The proposed approach allows to find the best possible trade-offs between the impact in terms of latency resulting from the deployment of the access control policy and the used resources. In contrast to existing approaches, our solution prevents an insider adversary who compromises one or more unknown VNF(s) to go around the access control policy. We experimentally evaluate the return solutions according to the size of the NFV service, the size of the policy to be deployed and the number of physical servers that host the VNF service.
@workshop{KabilVR4Sec21,
title = {Training and Data Analysis use cases for Cybersecurity through Mixed Reality Applications},
author = {Alexandre Kabil and Thierry Duval and Marc-Oliver Pahl},
year = {2021},
date = {2021-08-06},
urldate = {2021-08-06},
abstract = {In this paper, we will discuss our point of view of the use of
Mixed Environments for Cybersecurity, especially for training
and data analysis purposes. We will argue that Collaborative
Mixed Environments could merge training and analysis approaches by providing users several points of view on cyber
situations.},
howpublished = {VR4Sec: 1st International Workshop on Security for XR and XR for Security},
keywords = {},
pubstate = {published},
tppubtype = {workshop}
}
In this paper, we will discuss our point of view of the use of
Mixed Environments for Cybersecurity, especially for training
and data analysis purposes. We will argue that Collaborative
Mixed Environments could merge training and analysis approaches by providing users several points of view on cyber
situations.
@workshop{Delcombel2021,
title = {CyberCopter: a 3D helical visualisation for periodic signals of cyber attacks},
author = {Nicolas Delcombel and Alexandre Kabil and Thierry Duval and Marc-Oliver Pahl},
year = {2021},
date = {2021-08-06},
urldate = {2021-08-06},
abstract = {this paper aims to asses the usefulness of 3D interactive interfaces to display periodic signals in a network. Past research has shown that 2D data visualization simplifies alerts classification. Including those drawn by periodicity based Intrusion Detection Systems. However, 2D visualisations have limitations such as screen space availability. This is why we created CyberCopter, a prototype that uses a 3D helical representation
to highlight periodic patterns in a dataset. We tested CyberCopter usability and efficiency in a fraud detection scenario. It scored 77 at the SUS questionnaire which demonstrates an acceptable usability},
howpublished = {VR4Sec: 1st International Workshop on Security for XR and XR for Security},
keywords = {Cybersecurity, Security, Virtual reality, Visual analytics, Visualization, Visualization application domains},
pubstate = {published},
tppubtype = {workshop}
}
this paper aims to asses the usefulness of 3D interactive interfaces to display periodic signals in a network. Past research has shown that 2D data visualization simplifies alerts classification. Including those drawn by periodicity based Intrusion Detection Systems. However, 2D visualisations have limitations such as screen space availability. This is why we created CyberCopter, a prototype that uses a 3D helical representation
to highlight periodic patterns in a dataset. We tested CyberCopter usability and efficiency in a fraud detection scenario. It scored 77 at the SUS questionnaire which demonstrates an acceptable usability
@inproceedings{Lavaur2021.gtsslr,
title = {Federated Security Approaches for IT and OT},
author = {Leo Lavaur and Marc-Oliver Pahl and Yann Busnel and Fabien Autrel},
year = {2021},
date = {2021-05-11},
urldate = {2021-05-11},
pages = {2},
abstract = {The Internet of Things has begun to spread over a variety of domains, including industry and finance. It represents an increasing threat for both IT and OT. The lack of collaboration results in the same attacks targeting different organizations one after the other. Often employed as an answer to this problem, cyber threat-intelligence sharing induces its own set of challenges: trust, privacy, and traceability.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things has begun to spread over a variety of domains, including industry and finance. It represents an increasing threat for both IT and OT. The lack of collaboration results in the same attacks targeting different organizations one after the other. Often employed as an answer to this problem, cyber threat-intelligence sharing induces its own set of challenges: trust, privacy, and traceability.
@inproceedings{213227,
title = {Cyber-Physical Anomaly Detection for ICS},
author = {Lars Wuestrich and Lukas Schr\"{o}der and Marc-Oliver Pahl},
url = {http://xxxxx/213227.pdf},
year = {2021},
date = {2021-05-01},
booktitle = {IFIP/IEEE International Symposium on Integrated Network Management co-located with IM},
abstract = {Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems anomaly detection systems are used. Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how such a system can be designed and which challenges need to be overcome for a successful implementation.},
keywords = {and Dependability, Data and device security, Other aspects relevant to manage IoT systems., resilience, Security and Privacy, Survivability, Validation and Verification of data and functional},
pubstate = {published},
tppubtype = {inproceedings}
}
Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems anomaly detection systems are used. Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how such a system can be designed and which challenges need to be overcome for a successful implementation.
@article{paiho2021towards,
title = {Towards cross-commodity energy-sharing communities ---A review of the market, regulatory, and technical situation},
author = {Satu Paiho and Jussi Kiljander and Roope Sarala and Hanne Siikavirta and Olli Kilkki and Arpit Bajpai and Markus Duchon and Marc-Oliver Pahl and Lars W\"{u}strich and Christian L\"{u}bben and others},
year = {2021},
date = {2021-01-01},
journal = {Renewable and Sustainable Energy Reviews},
volume = {151},
pages = {111568},
publisher = {Pergamon},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
@article{muhlbauer2021feature,
title = {Feature-based Comparison of Open Source OPC-UA Implementations},
author = {Nikolas M\"{u}hlbauer and Erkin Kirdan and Marc-Oliver Pahl and Karl Waedt},
year = {2021},
date = {2021-01-01},
journal = {INFORMATIK 2020},
publisher = {Gesellschaft f\"{u}r Informatik, Bonn},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A Priority-Based Domain Type Enforcement for Exception Management Inproceedings
In: Foundations and Practice of Security: 13th International Symposium, FPS 2020, Montreal, QC, Canada, December 1--3, 2020, Revised Selected Papers, pp. 65, Springer Nature 2021.
@inproceedings{pahl2021priority,
title = {A Priority-Based Domain Type Enforcement for Exception Management},
author = {Manel Smine and David Espes and Nora Cuppens-Boulahia and Fr\'{e}d\'{e}ric Cuppens and Marc-Oliver Pahl},
year = {2021},
date = {2021-01-01},
booktitle = {Foundations and Practice of Security: 13th International Symposium, FPS 2020, Montreal, QC, Canada, December 1--3, 2020, Revised Selected Papers},
volume = {12637},
pages = {65},
organization = {Springer Nature},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
@inproceedings{9565553,
title = {Detecting and Preventing Faked Mixed Reality},
author = {Fabian Kilger and Alexandre Kabil and Volker Tippmann and Gudrun Klinker and Marc-Oliver Pahl},
doi = {10.1109/MIPR51284.2021.00074},
year = {2021},
date = {2021-01-01},
booktitle = {2021 IEEE 4th International Conference on Multimedia Information Processing and Retrieval (MIPR)},
pages = {399-405},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
@inproceedings{Piccoli2020,
title = {Group Key Management in constrained IoT Settings},
author = {A Piccoli and M-O Pahl and L W\"{u}strich},
doi = {10.1109/ISCC50000.2020.9219619},
issn = {15301346},
year = {2020},
date = {2020-01-01},
booktitle = {Proceedings - IEEE Symposium on Computers and Communications},
volume = {2020-July},
abstract = {textcopyright 2020 IEEE. The Internet of Things (IoT) enables software to orchestrate physical spaces. Due to the increased impact, IoT communication in factories, households, or critical infrastructures has to be highly secured. Besides point-to-point communication, group communication is frequently used in the IoT. Securing it typically requires the exchange of cryptographic keys. Several protocols have been proposed for such Group Key Management (GKM). They vary in their targeted settings, in their Key Distribution Model, Architecture Model, Reliability Properties, and Protocol Overhead. This paper surveys existing GKM mechanisms, analyzes their suitability for constrained IoT settings, and identifies open issues that require further research.},
keywords = {autonomous management, constrained nodes, group key management, IoT, reliability, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
textcopyright 2020 IEEE. The Internet of Things (IoT) enables software to orchestrate physical spaces. Due to the increased impact, IoT communication in factories, households, or critical infrastructures has to be highly secured. Besides point-to-point communication, group communication is frequently used in the IoT. Securing it typically requires the exchange of cryptographic keys. Several protocols have been proposed for such Group Key Management (GKM). They vary in their targeted settings, in their Key Distribution Model, Architecture Model, Reliability Properties, and Protocol Overhead. This paper surveys existing GKM mechanisms, analyzes their suitability for constrained IoT settings, and identifies open issues that require further research.
@inproceedings{wustrich2020extensible,
title = {An extensible IoT Security Taxonomy},
author = {Lars W\"{u}strich and Marc-Oliver Pahl and Stefan Liebald},
doi = {10.1109/ISCC50000.2020.9219584},
year = {2020},
date = {2020-01-01},
booktitle = {Proceedings - IEEE Symposium on Computers and Communications},
abstract = {Security is essential in the Internet of Things (IoT). IoT threat classifications are often non-intuitive to use. Identifying relevant properties of an attack is difficult and requires reading details of the attack. We therefore propose a simple-to-use naming scheme for IoT threat classification. It is based on the affected layers and the affected security goals. We evaluate the usefulness of the chosen approach by applying it to common IoT threats.},
keywords = {attacks, Cyber-Physical Systems, IoT, naming scheme, Security, taxonomy, threat classification},
pubstate = {published},
tppubtype = {inproceedings}
}
Security is essential in the Internet of Things (IoT). IoT threat classifications are often non-intuitive to use. Identifying relevant properties of an attack is difficult and requires reading details of the attack. We therefore propose a simple-to-use naming scheme for IoT threat classification. It is based on the affected layers and the affected security goals. We evaluate the usefulness of the chosen approach by applying it to common IoT threats.
@article{Muhlbauer2020,
title = {Open-Source OPC UA Security and Scalability},
author = {Nikolas M\"{u}hlbauer and Erkin Kirdan and Marc Oliver Pahl and Georg Carle},
doi = {10.1109/ETFA46521.2020.9212091},
issn = {19460759},
year = {2020},
date = {2020-01-01},
journal = {IEEE International Conference on Emerging Technologies and Factory Automation, ETFA},
volume = {2020-Septe},
pages = {262--269},
abstract = {OPC UA is widely adopted for remote-control in industrial environments. It has a central role for industrial control systems as it enables remote management. Compromising OPC UA can lead to compromising entire production facilities. Consequently, OPC UA requires a high level of security. Major commercial OPC UA implementations have compliance certificates ensuring that their security models obey the specification. However, open-source OPC UA implementations that have wide deployment mostly lack these certificates. In this work, we investigate the security models of the four most commonly used open-source implementations: open62541, node-opcua, UA-.NETStandard, and python-opcua. Furthermore, their scalabilities for the number of clients and OPC UA nodes are also analyzed.},
keywords = {OPC UA, open-source, scalability, Security},
pubstate = {published},
tppubtype = {article}
}
OPC UA is widely adopted for remote-control in industrial environments. It has a central role for industrial control systems as it enables remote management. Compromising OPC UA can lead to compromising entire production facilities. Consequently, OPC UA requires a high level of security. Major commercial OPC UA implementations have compliance certificates ensuring that their security models obey the specification. However, open-source OPC UA implementations that have wide deployment mostly lack these certificates. In this work, we investigate the security models of the four most commonly used open-source implementations: open62541, node-opcua, UA-.NETStandard, and python-opcua. Furthermore, their scalabilities for the number of clients and OPC UA nodes are also analyzed.
@article{Lubben2020,
title = {Using Deep Learning to Replace Domain Knowledge},
author = {Christian Lubben and Marc Oliver Pahl and Mohammad Irfan Khan},
doi = {10.1109/ISCC50000.2020.9219567},
issn = {15301346},
year = {2020},
date = {2020-01-01},
journal = {Proceedings - IEEE Symposium on Computers and Communications},
volume = {2020-July},
abstract = {Complex problems like the prediction of future behavior of a system are usually solved by using domain knowledge. This knowledge comes with a certain expense which can be monetary costs or efforts to generate it. We want to decrease this cost while using state of the art machine learning and prediction methods. Our aim is to replace the domain knowledge and create a black-box solution that offers automatic reasoning and accurate predictions. Our guiding example is packet scheduling optimization in Vehicle to Vehicle (V2V) communication. Within the evaluation, we compare the prediction quality of a labour-intense whitebox approach with the presented fully-automated blackbox approach. To ease the measurement process we propose a framework design which allows easy exchange of predictors. The results show the successful design of our framework as well as superior accuracy of the black box approach.},
keywords = {ANN, deep learning, network traffic prediction, V2V, V2X},
pubstate = {published},
tppubtype = {article}
}
Complex problems like the prediction of future behavior of a system are usually solved by using domain knowledge. This knowledge comes with a certain expense which can be monetary costs or efforts to generate it. We want to decrease this cost while using state of the art machine learning and prediction methods. Our aim is to replace the domain knowledge and create a black-box solution that offers automatic reasoning and accurate predictions. Our guiding example is packet scheduling optimization in Vehicle to Vehicle (V2V) communication. Within the evaluation, we compare the prediction quality of a labour-intense whitebox approach with the presented fully-automated blackbox approach. To ease the measurement process we propose a framework design which allows easy exchange of predictors. The results show the successful design of our framework as well as superior accuracy of the black box approach.
@inproceedings{piccoli2020ensuring,
title = {Ensuring Consistency for Asynchronous Group-Key Management in the Industrial IoT},
author = {Alessandro Piccoli and Marc-Oliver Pahl and Steffen Fries and Tolga Sel},
year = {2020},
date = {2020-01-01},
booktitle = {International Conference on Network and Service Management (CNSM 2020)(CNSM 2020), Izmir, Turkey},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
@article{Pahl2019a,
title = {Information-Centric IoT Middleware Overlay: VSL},
author = {Marc-Oliver Pahl and Stefan Liebald},
url = {https://s2labs.org/download/publications/2019-03_NetSys_Designing_a_Data-Centric_Internet_of_Things.pdf%0Ahttps://www.netsys2019.org/proceedings/},
isbn = {9781728105680},
year = {2019},
date = {2019-01-01},
journal = {International Conference on Networked Systems 2019 (NetSys)},
abstract = {The heart of the Internet of Things (IoT) is data. IoT services processes data from sensors that interface their physical surroundings, and from other software such as Internet weather databases. They produce data to control physical environments via actuators, and offer data to other services. More recently, service-centric designs for managing the IoT have been proposed. Data-centric or name-based communica- tion architectures complement these developments very well. Especially for edge-based or site-local installations, data-centric Internet architectures can be implemented already today, as they do not require any changes at the core. We present the Virtual State Layer (VSL), a site-local data- centric architecture for the IoT. Special features of our solution are full separation of logic and data in IoT services, offering the data-centric VSL interface directly to developers, which significantly reduces the overall system complexity, explicit data modeling, a semantically-rich data item lookup, stream connec- tions between services, and security-by-design. We evaluate our solution regarding usability, performance, scalability, resilience, energy efficiency, and security.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The heart of the Internet of Things (IoT) is data. IoT services processes data from sensors that interface their physical surroundings, and from other software such as Internet weather databases. They produce data to control physical environments via actuators, and offer data to other services. More recently, service-centric designs for managing the IoT have been proposed. Data-centric or name-based communica- tion architectures complement these developments very well. Especially for edge-based or site-local installations, data-centric Internet architectures can be implemented already today, as they do not require any changes at the core. We present the Virtual State Layer (VSL), a site-local data- centric architecture for the IoT. Special features of our solution are full separation of logic and data in IoT services, offering the data-centric VSL interface directly to developers, which significantly reduces the overall system complexity, explicit data modeling, a semantically-rich data item lookup, stream connec- tions between services, and security-by-design. We evaluate our solution regarding usability, performance, scalability, resilience, energy efficiency, and security.
@article{Pahl2019b,
title = {Machine-learning based IoT data caching},
author = {Marc Oliver Pahl and Stefan Liebald and Lars Wustrich},
isbn = {9783903176157},
year = {2019},
date = {2019-01-01},
journal = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019},
pages = {9--12},
abstract = {he Internet of Things (IoT) continuously produces big amounts of data. Data-centric middleware can therefore help reducing the complexity when orchestrating distributed Things. With its heterogeneity and resource limitations, IoT applications can lack performance, scalability, or resilience. Caching can help overcoming the limitations. We are currently working on establishing data caching within IoT middleware. The paper presents fundamentals of caching, major challenges, relevant state of the art, and a description of our current approaches. We show directions of using machine learning for caching in the IoT.},
keywords = {Caching, Data-centric, Internet of Things, Machine learning},
pubstate = {published},
tppubtype = {article}
}
he Internet of Things (IoT) continuously produces big amounts of data. Data-centric middleware can therefore help reducing the complexity when orchestrating distributed Things. With its heterogeneity and resource limitations, IoT applications can lack performance, scalability, or resilience. Caching can help overcoming the limitations. We are currently working on establishing data caching within IoT middleware. The paper presents fundamentals of caching, major challenges, relevant state of the art, and a description of our current approaches. We show directions of using machine learning for caching in the IoT.
@article{Pahl2019,
title = {Giving IoT services an identity and changeable attributes},
author = {Marc Oliver Pahl and Lorenzo Donini},
isbn = {9783903176157},
year = {2019},
date = {2019-01-01},
journal = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019},
number = {section II},
pages = {455--461},
abstract = {The Internet of Things (IoT) pervades our surroundings. It softwarizes our physical environments. Software controls devices that interface their physical environments. The IoT is often privacy, safety, and security critical. Consequently, it requires adequate mechanisms for securing its services. For reasons such as heterogeneity, complexity, and lack of deployment there is little research on IoT service security.Our work creates a base for IoT service security. We give IoT services secure identities and attributes. Using site-local X.509v3 certificates with short lifetimes, we show how service attributes can securely be changed at runtime. This enables enforcing security policies even on distributed, loosely coupled IoT nodes. Our central mechanisms are pinning certificates to service executables, and autonomously managing the short certificate lifetimes. We assess the resulting renewal traffic and power consumption. textcopyright 2019 IFIP.},
keywords = {Autonomous service management, Certificates, IoT, Metadata, Microservices, Security, Unattended nodes, X.509},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) pervades our surroundings. It softwarizes our physical environments. Software controls devices that interface their physical environments. The IoT is often privacy, safety, and security critical. Consequently, it requires adequate mechanisms for securing its services. For reasons such as heterogeneity, complexity, and lack of deployment there is little research on IoT service security.Our work creates a base for IoT service security. We give IoT services secure identities and attributes. Using site-local X.509v3 certificates with short lifetimes, we show how service attributes can securely be changed at runtime. This enables enforcing security policies even on distributed, loosely coupled IoT nodes. Our central mechanisms are pinning certificates to service executables, and autonomously managing the short certificate lifetimes. We assess the resulting renewal traffic and power consumption. textcopyright 2019 IFIP.
@article{Pahl2019c,
title = {VSL: A Data-Centric Internet of Things Overlay},
author = {Marc-Oliver Pahl and Stefan Liebald and Christian L\"{u}bben},
url = {https://s2labs.org/download/publications/2019-03_NetSys_Demo_VSL.pdf%0Ahttps://www.netsys2019.org/proceedings/},
year = {2019},
date = {2019-01-01},
journal = {International Conference on Networked Systems 2019 (NetSys)},
pages = {1--3},
abstract = {Data-centric service-oriented designs are promising for overcoming the current IoT silos. The Virtual State Layer (VSL) is a data-centric middleware that securely unifies the access to distributed heterogeneous IoT components. The VSL solves key challenge of today's IoT: reducing the complexity, enabling interoperability, and providing security-by-design. The described practical setting enables the interactive exploration of a data- centric middleware including a live performance evaluation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data-centric service-oriented designs are promising for overcoming the current IoT silos. The Virtual State Layer (VSL) is a data-centric middleware that securely unifies the access to distributed heterogeneous IoT components. The VSL solves key challenge of today's IoT: reducing the complexity, enabling interoperability, and providing security-by-design. The described practical setting enables the interactive exploration of a data- centric middleware including a live performance evaluation.
@article{Pahl2018c,
title = {Securing IoT microservices with certificates},
author = {Marc Oliver Pahl and Lorenzo Donini},
doi = {10.1109/NOMS.2018.8406189},
isbn = {9781538634165},
year = {2018},
date = {2018-01-01},
journal = {IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018},
pages = {1--5},
abstract = {The Internet of Things (IoT) consists of distributed computing nodes. With increasing processor power such nodes can be used as hosts for microservices. IoT services routinely processes security critical data that affects the privacy, safety, and security of users. However, suitable security mechanisms remain missing. Fundamental open challenges are the authentication of services, securing the metadata of services, and validating the correct functioning of security mechanisms on distributed entities under different authorities. In this paper we present a certificate- based methodology for authenticating services, securely adding information to their executables, and validating the correct functioning of distributed entities of our design. We add X.509 certificates with extended attributes to the service executables. By introducing different trust anchors, services and their metadata are protected through their entire life cycle from developers to the computing nodes running them. Our solution enables distributed nodes to verify the security properties locally. It enables reliably changing certificate properties across the distributed IoT nodes. It features autonomous certificate management. We evaluate the traffic caused by our autonomous certificate management process quantitatively. The presented solution is churn tolerant and applicable to diverse distributed systems.},
keywords = {Autonomous certificate management, Certificates, IoT, Microservices, Security, Unattended nodes, X.509},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) consists of distributed computing nodes. With increasing processor power such nodes can be used as hosts for microservices. IoT services routinely processes security critical data that affects the privacy, safety, and security of users. However, suitable security mechanisms remain missing. Fundamental open challenges are the authentication of services, securing the metadata of services, and validating the correct functioning of security mechanisms on distributed entities under different authorities. In this paper we present a certificate- based methodology for authenticating services, securely adding information to their executables, and validating the correct functioning of distributed entities of our design. We add X.509 certificates with extended attributes to the service executables. By introducing different trust anchors, services and their metadata are protected through their entire life cycle from developers to the computing nodes running them. Our solution enables distributed nodes to verify the security properties locally. It enables reliably changing certificate properties across the distributed IoT nodes. It features autonomous certificate management. We evaluate the traffic caused by our autonomous certificate management process quantitatively. The presented solution is churn tolerant and applicable to diverse distributed systems.
@article{Pahl2018b,
title = {Graph-based IoT microservice security},
author = {Marc Oliver Pahl and Fran\c{c}ois Xavier Aubet and Stefan Liebald},
doi = {10.1109/NOMS.2018.8406118},
isbn = {9781538634165},
year = {2018},
date = {2018-01-01},
journal = {IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018},
pages = {1--3},
abstract = {The Internet of Things (IoT) can be considered as Service Oriented Architecture (SOA) of Microservices ($mu$S). The $mu$Ss inherently process data that affects the privacy, safety, and security of its users. IoT service security is a key challenge. Most state of the art providing IoT system security is policy based. We showcase a graph-based access control that runs as module on IoT nodes, or in the network. Our solution intercepts and firewalls inter-service communication. It automatically creates a model of legitimate communication relationships. The model is interactively updated via a simple-to-understand interface. Our solution adds inevitable IoT security to existing IoT systems .},
keywords = {Autonomous service management, firewall, IoT, Mi-croservices, Passive monitoring, Security, Unattended nodes},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) can be considered as Service Oriented Architecture (SOA) of Microservices ($mu$S). The $mu$Ss inherently process data that affects the privacy, safety, and security of its users. IoT service security is a key challenge. Most state of the art providing IoT system security is policy based. We showcase a graph-based access control that runs as module on IoT nodes, or in the network. Our solution intercepts and firewalls inter-service communication. It automatically creates a model of legitimate communication relationships. The model is interactively updated via a simple-to-understand interface. Our solution adds inevitable IoT security to existing IoT systems .
@article{Pahl2016a,
title = {Distributed smart space orchestration},
author = {Marc Oliver Pahl and Georg Carle and Gudrun Klinker},
doi = {10.1109/NOMS.2016.7502936},
isbn = {9781509002238},
year = {2016},
date = {2016-01-01},
journal = {Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium},
pages = {979--984},
abstract = {A programming abstraction for pervasive computing is introduced. It is based on context models and a novel concept that is called Virtual Context. An extensive requirements analysis for a real-world deployment of pervasive computing is presented. It is the base for an assessment of relevant state of the art that reveals the missing of a suitable programming abstraction. The work introduces a collaborative ontology for smart spaces, the concepts Virtual Context and micro-middleware, and, based on the former, a self- managing service management framework for smart spaces. The implementation of the concepts is quantitatively and qualitatively evaluated.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A programming abstraction for pervasive computing is introduced. It is based on context models and a novel concept that is called Virtual Context. An extensive requirements analysis for a real-world deployment of pervasive computing is presented. It is the base for an assessment of relevant state of the art that reveals the missing of a suitable programming abstraction. The work introduces a collaborative ontology for smart spaces, the concepts Virtual Context and micro-middleware, and, based on the former, a self- managing service management framework for smart spaces. The implementation of the concepts is quantitatively and qualitatively evaluated.
@article{Pahl2015a,
title = {Data-centric service-oriented management of things},
author = {Marc Oliver Pahl},
doi = {10.1109/INM.2015.7140326},
isbn = {9783901882760},
year = {2015},
date = {2015-01-01},
journal = {Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM 2015},
pages = {484--490},
abstract = {With the Internet of Things, more and more devices become remotely manageable. The amount and heterogeneity of managed devices make the task of implementing management functionality challenging. Future Pervasive Computing scenarios require implementing a plethora of services to provide management functionality. With growing demand on services, reducing the emerging complexity becomes increasingly important. A simple-to-use programming model for implementing complex management scenarios is essential to enable developers to create the growing amount of required management software at high quality. The paper presents how data-centric mechanisms, as known from network management, can be utilized to create a service-oriented architecture (SOA) for management services. The resulting shift of complexity from access functionality towards data structures introduces new flexibility and facilitates the programming of management applications significantly. This is evaluated with a user study on the reference implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
With the Internet of Things, more and more devices become remotely manageable. The amount and heterogeneity of managed devices make the task of implementing management functionality challenging. Future Pervasive Computing scenarios require implementing a plethora of services to provide management functionality. With growing demand on services, reducing the emerging complexity becomes increasingly important. A simple-to-use programming model for implementing complex management scenarios is essential to enable developers to create the growing amount of required management software at high quality. The paper presents how data-centric mechanisms, as known from network management, can be utilized to create a service-oriented architecture (SOA) for management services. The resulting shift of complexity from access functionality towards data structures introduces new flexibility and facilitates the programming of management applications significantly. This is evaluated with a user study on the reference implementation.
@article{Pahl2014,
title = {Crowdsourced context-modeling as key to future smart spaces},
author = {Marc Oliver Pahl and Georg Carle},
doi = {10.1109/NOMS.2014.6838362},
isbn = {9781479909131},
year = {2014},
date = {2014-01-01},
journal = {IEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World},
abstract = {Managing smart spaces with software requires the acquisition and processing of context information about a space. To be usable for exchanging information, a context representation has to be structured with a context model. Existing context-modeling techniques usually require experts and lack support for collaborative distributed creation, which prevents a crowdsourced development in a distributed collaborative way by non-experts. To facilitate context modeling, this paper presents a hybrid meta model that combines features from key-value, markup, object oriented, and ontology based context-modeling approaches. An architecture is introduced that allows the dynamic collaborative extension and crowdsourced convergence of context models.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Managing smart spaces with software requires the acquisition and processing of context information about a space. To be usable for exchanging information, a context representation has to be structured with a context model. Existing context-modeling techniques usually require experts and lack support for collaborative distributed creation, which prevents a crowdsourced development in a distributed collaborative way by non-experts. To facilitate context modeling, this paper presents a hybrid meta model that combines features from key-value, markup, object oriented, and ontology based context-modeling approaches. An architecture is introduced that allows the dynamic collaborative extension and crowdsourced convergence of context models.
In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2013, pp. 139–144, 2013, ISBN: 9781467350778.
@article{Pahl2013,
title = {The missing layer-Virtualizing smart spaces},
author = {Marc Oliver Pahl and Georg Carle},
doi = {10.1109/PerComW.2013.6529471},
isbn = {9781467350778},
year = {2013},
date = {2013-01-01},
journal = {2013 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2013},
pages = {139--144},
abstract = {With the Virtual State Layer (VSL), an abstraction for software-based orchestration of smart spaces is presented. The aim of the VSL is to ease the programming of orchestration software while not limiting its functionality. textcopyright 2013 IEEE.},
keywords = {app store, autonomous computing, distributed computing, smart space},
pubstate = {published},
tppubtype = {article}
}
With the Virtual State Layer (VSL), an abstraction for software-based orchestration of smart spaces is presented. The aim of the VSL is to ease the programming of orchestration software while not limiting its functionality. textcopyright 2013 IEEE.
@article{Pahl2013a,
title = {Taking smart space users into the development loop: an architecture for community based software development for smart spaces},
author = {Marc-Oliver Pahl and Georg Carle},
isbn = {9783901882562},
year = {2013},
date = {2013-01-01},
journal = {Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication},
pages = {793--800},
abstract = {Smart spaces need driver services to connect accessed hardware and orchestration services to realize scenarios. There is a problem of scale in software development for smart spaces because it is done by few. It is also problematic that those few decide about what is supported and developed. We propose to provide users with tools for community based development of driver and orchestration services. We analyze the requirements for a middleware framework to allow distributed development. We present necessary extensions that promote community based development: (1) a repository for interface definitions, (2) App Store and App Manager, and (3) multi-dimensional ratings. Finally we present how smart space software development can be facilitated using our Distributed Smart Space Orchestration System (DS2OS).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Smart spaces need driver services to connect accessed hardware and orchestration services to realize scenarios. There is a problem of scale in software development for smart spaces because it is done by few. It is also problematic that those few decide about what is supported and developed. We propose to provide users with tools for community based development of driver and orchestration services. We analyze the requirements for a middleware framework to allow distributed development. We present necessary extensions that promote community based development: (1) a repository for interface definitions, (2) App Store and App Manager, and (3) multi-dimensional ratings. Finally we present how smart space software development can be facilitated using our Distributed Smart Space Orchestration System (DS2OS).
@article{Pahl2009,
title = {Knowledge-based middleware for future home networks},
author = {Marc Oliver Pahl and Andreas M\"{u}ller and Georg Carle and Christoph Niedermeier and Mario Schuster},
doi = {10.1109/WD.2009.5449684},
isbn = {9781424456604},
year = {2009},
date = {2009-01-01},
journal = {2009 2nd IFIP Wireless Days, WD 2009},
abstract = {Humans are lazy. They want to get as much support and assistance in their daily life as possible. To provide sophisticated digital butler functionality a system has to monitor the humans and their environment to understand their desires. It has to control all devices to translate the deduced wills into actions. To provide an integrated intelligent environment to the residents it is necessary to overcome the borders of different manufacturers, devices and access technologies. A management and control middleware is needed that shields users as well as high level management services from the technical details of the network of devices by providing a standardized, resilient and secure communication channel. We present a knowledge-based middleware as base for that purpose in this paper. The novel approach is the transparent connection of highly heterogeneous home devices by requiring only very limited functionality per device. Our design allows the desired high autonomicity in a secure and efficient way},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Humans are lazy. They want to get as much support and assistance in their daily life as possible. To provide sophisticated digital butler functionality a system has to monitor the humans and their environment to understand their desires. It has to control all devices to translate the deduced wills into actions. To provide an integrated intelligent environment to the residents it is necessary to overcome the borders of different manufacturers, devices and access technologies. A management and control middleware is needed that shields users as well as high level management services from the technical details of the network of devices by providing a standardized, resilient and secure communication channel. We present a knowledge-based middleware as base for that purpose in this paper. The novel approach is the transparent connection of highly heterogeneous home devices by requiring only very limited functionality per device. Our design allows the desired high autonomicity in a secure and efficient way
I am continuously supervising students since 2008. I supervised more than 150 Master- and Bachelor theses, 5 PhD theses at Tu Munich, and 6 PhD theses at IMT Atlantique.
I am teaching continuously at universities since 2003. I received multiple awards for my teaching including the 2013 Ernst Otto Fischer teaching award for excellent teaching and the 2020 supervisory award for excellent PhD supervision, both from Technical University of Munich.
Lighthouse activities are:
The conception, creation, and operation of the biggest computer networks and distributed systems hands-on class series in Germany, the iLab, more at https://ilab.ilabxp.com/
The following table gives an overview on my teaching activities:
My major teaching activities besides supervising students.
Current Positions
Full Professor (2019-) Directeur de Recherches Grande Ecole (Technical University) Institut Mines Télécom (IMT) Atlantique (prior Ecole nationale supérieure des télécommunications de Bretagne) / Department SRCD / Chaire Cyber CNI, Rennes, France
Chairholder of the Chaire Cybersecurity for Critical Networked Infrastructures (Cyber CNI) (1/2020-)
– 8 professors
– 1 engineer
– 3 post-docs
– 11 PhDs
– 5industrypartners(Airbus,Amossys,BNPParibas,EDF, Nokia Bell Labs)
Previously Co-Director of the multi-institute research team(UMR6285) LAB-STICC/IRIS (Sécurité et Résilience des Systèmes d’Information) (1/2020-2/2021) – 14 professors – 1 research position – 1 technician – 11 post-docs – 22 PhDs
Member of the Steering Committee of the German-French Academy for the industry of the future (GFA) (2019-)
Coordinator“FutureEducation” of the German-French Academy for the Industry of the Future (GFA) (2017-)
Adjunct Professor, Carleton University, Canada (2019-)
Vice-President, German Chapter of the ACM (2020-)
Previous Academic Position
2014-2020 Head of the IoT Smartspace Research Team at the Chair for Network Architectures and Services at Technical University of Munich, Germany – 5 PhD students and more than 200 Master, Bachelor and Diploma students under my supervision. – ProLehre Media and Didactics / External lecturer
2016-2017 Advisor of the Board of the Munich Center for Internet Research (MCIR), preparation of the transition to the current Bavarian Institute of Digital Transformation (BIDT)
2008-2014 Researcher and Lecturer at the Technical University of Munich
2005 External consultant for the interactive learning DVD “Netzwerktechnik” and Trainer at German “Berufsschulen”
Awards
Supervisory Award for excellent PhD supervision (Technical University of Munich, Germany, 2020)
Ernst Otto Fischer Lehrpreis (outstanding teaching award) (Technical University of Munich, Germany, 2013)
Excellent teaching award (Technical University of Munich, 2018)
Excellent teaching award (Technical University of Munich, 2016)
Excellent teaching award (Technical University of Munich, 2015)
Excellent teaching award (Technical University of Munich, 2014)
Fellowship of the Klaus Tschira Foundation for the Heidel- berg Laureate Forum (2016)
Education
2018 Zertifikat Hochschullehre der Bayerischen Universitäten – Vertiefungsstufe (highest teaching certificate of Bavaria)
2014 PhD (Summa cum Laude), Technical University of Munich, “Distributed Smart Space Orchestration,” Focus on Internet of Things, Advisors: Prof. Dr.-Ing. Georg Carle, Munich; Prof. Gudrun Klinker, PhD, Munich
2008 Diploma (1.0 (best possible grade)), Eberhard Karls Universität Tübingen, “spy360.net — Webcampanoramen bis 360 Grad in HDR,” Focus on Image Processing, Advisors: Prof. Dr. Andreas Schilling, Tübingen; Prof. Dr. Dr. h.c. Wolfgang Straßer, Tübingen
Languages
German (mother tongue): fluent
English (working language): fluent
French (working language): fluent
Latin (“Großes Latinum”)
Memberships
Association for Computing Machinery (ACM)
German Chapter of the ACM (GChACM) – Vice-President (2020-2023; 2 terms)
Institute of Electrical and Electronics Engineers (IEEE) – IEEE-IES Technical Committee on Factory Automation
German Society for Informatics (GI)
Deutscher Hochschullehrerverband (DHV)
Invited Talks
“, “ AI for industry summer school, 2021
Young Security Conference (YSC) 2021
“CollaborativeRemoteSituationalCybersecurityAwareness,” SNCF Cyber Fusion Center, 2021
“A holistic Approach to Cybersecurity, “ New Brunswick Cybersummit, 2021
“When data is the new oil, it is our role to prevent the blowout!, “ AI for industry summer school, 2020
“When COVID-19 brings out the fundamentals of Artificial Intelligence, ” Atos Popup College, 2020
“When Data is the New Oil, Security is the Blowout Preventer, ” IDSA VIRTUAL EXPO “Scaling in Europe with Data Sovereignty – a French Perspective”, 2020
“IoT Smart Environment Research Vision, ” IMT Atlantique Séminaire au Vert, Département SRCD, Carnac, France, 2019 ̈
“Ziemlich beste Freunde? Uber die Vereinbarkeit von Digitaler Transformation und Privatsphäre” (Pretty much best friends? On the compatibility of digital transformation and privacy), German Informatics Society, Munich, Germany, 2019
“Privacy or why should I care? Security and Privacy aspects of Autonomous Driving,” Autonomous Vehicle Safety and Security meetup, Munich, Germany, 2019
“Cross-layer optimization for time- and security-critical IoT applications,” Huawei, San Jose, USA, 2019
“Composing the (Industrial) Internet of Things(IIoT),”Siemens CKI Forum, Munich, Germany, 2019
“Taming the Internet of Things: DS2OS – a secure data- centric service-oriented approach,” Arctic University (Randi Karlson), Tromsø, Norway, 2019
“Securing the Internet of Things – Because it is Your Data!,” Data61/ CSIRO (Ingo Weber), Sydney, Australia, 2018
“The Future of Teaching? How Combining Online and Of- fline Learning can become the Key,” University of Sydney (Ralph Holz), Sydney, Australia, 2018
“Securing the Internet of Things,” keynote at the AdHoc Now conference (Nicolas Montavont), St. Malo, France, 2018
“The iLab Concept – Making Teaching better, at Scale,” Ja- cobs University Bremen (Jürgen Schönwälder), Bremen, Ger- many, 2018
“Smart Space Orchestration – How to make the Internet of Things smart?”, Eurecom (Jérome Härri), Sophia Antipolis, France, 2016
“Datenzentrierte Modulare Gebäudeautomatisierung im Internet der Dinge,” (Datacentric Modular Building Automation in the Internet of Things), keynote at the IT4ENERGY-Workshop 2015 – Dezentrale Energiesysteme in der Gebäude- und Wohnungswirtschaft (Armin Wolf), Berlin, Germany, 2015
“ServiceorientierteArchitektureninBaaS,”(Service-Oriented Architectures in BaaS), keynote at the IT4ENERGY-Workshop 2014 – Gebäudewirtschaft und Energienetze (Thomas Luckenbach), Berlin, Germany, 2014
“The iLab experience – a blended learning hands-on course concept,” keynote at the EU Tempus Event for the Modernisation of Higher Education (Helmut Seidl), Munich, Germany, 2013
Raised Funding
I am constantly mounting projects with a volume for my groups of over 2 000 000 EUR (in overall projects of several 10 MEUR) until 2021. I am experienced in the national and international public and private funding acquisition sectors. From the beginning, I am often in leading roles in projects. The funding covers research and teaching activities.
Project Coordination
2018-2021 BMBF/ Business Finland (DE, FI) Decentralized Cross-commodity Energy Management (DECENT): Overall coordinator DE consortium, PI TUM
2013-2016 BMBF / ITEA (DE, ES, TR) Building as a Service (BaaS): Technical Coordinator, PI TUM
2008-2011 BMBF / CELTIC (DE, FR, SE) Autonomic Home Networking (Authone): Technical Project Lead TUM
Lead author of numerous national and international proposals that unluckily did not get funded.
Community Service
Publication co-chair, ACM/ IEEE/ IFIP Network Operations and Service Managment (NOMS) 2022
Experience Session Co-Chair of the IFIP/IEEE International Symposium on Integrated Network Management (IM) 2021
Workshop Co-Chair ACM/ IEEE/ IFIP Network Operations and Service Managment (NOMS) 2020
Student Travel Grant Chair ACM/ IEEE/ IFIP International Conference on Network and Service Management (CNSM) 2019
Associate Editor ACM International Journal of Network Ma- nagement (IJNM) (2018-)
Guest Editor Special Issue Wiley’s Internet Technology Let- ters (with Michel Barbeau (Carlton University, Canada; Joaquin, IMT Sud Paris, France) 2019
General Co-Chair of the IFIP / IEEE Decentralized Orchestration and Management of Distributed Heterogeneous Things (DOMINOS) Workshop 2018, 2019
TPC Co-Chair Global Information Infrastructure and Net- working Symposium (GIIS) 2019, IEEE International Conference on Ad Hoc Networks and Wireless (Adhoc-Now) 2018
Panel Co-Chair of the IFIP/IEEE International Symposium on Integrated Network Management (IM) 2019
Demo Co-Chair IFIP / IEEE Cloudification of the Internet of Things (CIoT) 2018
Organizer IFIP / IEEE HOT topics in Network and Service Management (HOTNSM) 2019
Organizer IFIP / IEEE Distributed Orchestration and Management of Distributed Heterogeneous Things (DOMINOS) 2018
My review activity
I am in the OC of multiple conferences, mainly in the network service and management community.