Research interests

Secure software development, malware-resilient software, trusted path implementations, secure operating environments, proactive forensics, traceability and accountability, and measurable security.


LOCOMARE – Low-Cost Malware Resilience; IAF Small Research Project, 2018. The LOCOMARE project focuses on malware resilience using COTS software. The goal is to document the structure and content of access tokens, to develop an open source software for exclusive use of input and output devices by individual applications, and to devise an access control policy for protection of processes against malicious software.

SAINTCLOUDIA – Software Architectures and Intelligent Development Processes for Cloud and Internet Applications; Siemens Postal, Parcel & Airport Logistics, 2016-2019. The SAINTCLOUDIA project develops software architectures and development processes for cloud applications with an emphasis on their use in postal, parcel, and airport automation. The goal of the project is to increase security of software and development processes during the transformation of on-premise applications to the cloud.

TRIMSOS – Training Improvements for Software Security; Auerbach Foundation, 2016-2019. The TRIMSOS project investigates improvements for software security education. The goal is to be able to automatically introduce vulnerabilities into arbitrary software with the purpose of generating training samples for developers.

VOITURE – Voting Integrity and Transparency University Research Exercise; HTWG, 2016-2017. The VOITURE project investigated the lack of transparency in televoting. Taking the Eurovision Song Contest as an example, we created a model and computed the number of sufficient additional votes to be cast to modify the published results. While the model appeared to be sound and the costs for adding votes were acceptable, the experiment was ultimately not successful. The probable cause was a measure against congestion on international telephone lines that prevented the planned use of VoIP calls. We learned a lot about televoting and telephone networks in the process. A dozen undergraduate students participated in the activity.

Ph.D. studentsit-security-lab-3

Felix Schuckert

Sandra Ringmann

Selected publications


Felix Schuckert, Max Hildner, Basel Katt, and Hanno Langweg. Source code patterns of buffer overflow vulnerabilities in Firefox. In SICHERHEIT 2018, Konstanz, Germany, April 25-27, 2018, pages 107-118, 2018.


Sandra Ringmann and Hanno Langweg. Determining security requirements for cloud-supported routing of physical goods. Proceedings of the 3rd IEEE Workshop on Security and Privacy in the Cloud (SPC 2017). Pages 514-521, 2017.

Sandra Ringmann and Hanno Langweg. Agile Test Automation for Web Applications – A Security Perspective. In: Lotfi ben Othmane, Martin Gilje Jaatun, and Edgar Weippl (eds.) Empirical Research for Software Security: Foundations and Experience. Pages 209-247, 2017.

Sandra Ringmann and Hanno Langweg. Elicitation of security requirements for migration of OCR software to the cloud. Proceedings of Collaborative European Research Conference (CERC2017). Pages 206-208, 2017.

Felix Schuckert. Insecurity Refactoring As a Novel Method to Improve Manual Code Inspection Skills. Proceedings of Collaborative European Research Conference (CERC2017). Pages 218-223, 2017.

Philipp Hehnle, Pascal Keilbach, Hyun-Jin Lee, Sabrina Lejn, Daniel Steidinger, Marina Weinbrenner, and Hanno Langweg. One Click Privacy for Online Social Networks. Proceedings of SAFECOMP Workshops 2017, pages 435-442.

Felix Schuckert, Basel Katt, and Hanno Langweg. Source Code Patterns of SQL Injection Vulnerabilities. Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES ’17), article no. 72, 7 pages.


Yi-Ching Liao and Hanno Langweg, Hanno. Evidential Reasoning for Forensic Readiness. The Journal of Digital Forensics, Security and Law 2016; Volume 11(1), pages 37-52, 2016.

Felix Schuckert. Generating security vulnerabilities in source code. In SICHERHEIT 2016, Bonn, Germany, April 5-7, 2016, pages 177-184, 2016.


Yi-Ching Liao and Hanno Langweg. Developing metrics for surveillance impact assessment. In 39th Annual Computer Software and Applications Conference, COMPSAC Workshops 2015, Taichung, Taiwan, July 1-5, 2015, pages 297–302, 2015.

Julia Himmel, Nikolas Siebler, Felix Laegeler, Marco Grupe, and Hanno Langweg. Privacy points as a method to support privacy impact assessments. In 1st IEEE/ACM International Workshop
on TEchnical and LEgal aspects of data pRIvacy and SEcurity, TELERISE 2015, Florence, Italy, May 18, 2015, pages 50–53, 2015.

Yi-Ching Liao and Hanno Langweg. Events and causal factors charting of kernel traces for root cause analysis. In 2015 IEEE Symposium on Computers and Communication, ISCC 2015, Larnaca, Cyprus, July 6-9, 2015, pages 245–250, 2015.


Yi-Ching Liao and Hanno Langweg. Process tracking for forensic readiness. In Proceedings of Secure IT Systems – 19th Nordic Conference, NordSec 2014, Tromsø, Norway, pages 285–286, 2014.

Yi-Ching Liao and Hanno Langweg. Resource-based event reconstruction of digital crime scenes. In IEEE Joint Intelligence and Security Informatics Conference, JISIC 2014, The Hague, The Netherlands, 24-26 September, 2014, pages 129–136, 2014.

Publications for the general public

Südkurier 2017-11-24: Interview

thumbnail of 2017_11_24 Neuschwander-Interview Seite A_Südkurier Gesamtthumbnail of 2017_11_24 Neuschwander-Interview Seite B_Südkurier Gesamt









Südkurier 2016-12-08: Die neuen Schurken

thumbnail of 2016_12_08 Die neuen Schurken 1_Suedkurier Gesamtthumbnail of 2016_12_08 Die neuen Schurken 2_Suedkurier Gesamt









Südkurier 2016-11-14: Das Ende der Privatheit ist in Sicht

thumbnail of 2016_11_14 Das Ende der Privatheit ist in Sicht_Suedkurier Kreis Konstanz









Südkurier 2016-08-15: Wir müssen automomer werden

thumbnail of 2016_08_15 Wir muessen autonomer werden 1_Suedkurier gesamtthumbnail of 2016_08_15 Wir muessen autonomer werden_2 Suedkurier gesamt