@article{SiddiqiDoerrStrydis2020,
  author    = {Siddiqi, Muhammad Ali and D{\"o}rr, Christian and Strydis, Christos},
  title     = {IMDfence},
  series = {IEEE access},
  volume    = {8},
  journal   = {IEEE access},
  publisher = {Institute of Electrical and Electronics Engineers},
  address   = {Piscataway},
  issn      = {2169-3536},
  doi       = {10.1109/ACCESS.2020.3015686},
  pages     = {147948 -- 147964},
  year      = {2020},
  abstract  = {Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical constraints, conventional security protocols are not directly applicable to IMDs. Custom-tailored schemes have been proposed instead which, however, fail to cover the full spectrum of security features that modern IMDs and their ecosystems so critically require. In this paper we propose IMDfence, a security protocol for IMD ecosystems that provides a comprehensive yet practical security portfolio, which includes availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. The protocol also allows emergency access that results in the graceful degradation of offered services without compromising security and patient safety. The performance of the security protocol as well as its feasibility and impact on modern IMDs are extensively analyzed and evaluated. We find that IMDfence achieves the above security requirements at a mere less than 7\% increase in total IMD energy consumption, and less than 14 ms and 9 kB increase in system delay and memory footprint, respectively.},
  language  = {en}
}
@article{OosthoekDoerr2021,
  author    = {Oosthoek, Kris and D{\"o}rr, Christian},
  title     = {Cyber security threats to bitcoin exchanges},
  series = {IEEE transactions on network and service management : a publication of the IEEE},
  volume    = {18},
  journal   = {IEEE transactions on network and service management : a publication of the IEEE},
  number    = {2},
  publisher = {IEEE},
  address   = {New York},
  issn      = {1932-4537},
  doi       = {10.1109/TNSM.2020.3046145},
  pages     = {1616 -- 1628},
  year      = {2021},
  abstract  = {Bitcoin is gaining traction as an alternative store of value. Its market capitalization transcends all other cryptocurrencies in the market. But its high monetary value also makes it an attractive target to cyber criminal actors. Hacking campaigns usually target an ecosystem's weakest points. In Bitcoin, the exchange platforms are one of them. Each exchange breach is a threat not only to direct victims, but to the credibility of Bitcoin's entire ecosystem. Based on an extensive analysis of 36 breaches of Bitcoin exchanges, we show the attack patterns used to exploit Bitcoin exchange platforms using an industry standard for reporting intelligence on cyber security breaches. Based on this we are able to provide an overview of the most common attack vectors, showing that all except three hacks were possible due to relatively lax security. We show that while the security regimen of Bitcoin exchanges is subpar compared to other financial service providers, the use of stolen credentials, which does not require any hacking, is decreasing. We also show that the amount of BTC taken during a breach is decreasing, as well as the exchanges that terminate after being breached. Furthermore we show that overall security posture has improved, but still has major flaws. To discover adversarial methods post-breach, we have analyzed two cases of BTC laundering. Through this analysis we provide insight into how exchange platforms with lax cyber security even further increase the intermediary risk introduced by them into the Bitcoin ecosystem.},
  language  = {en}
}
@book{MeinelDoellnerWeskeetal.2021,
  author    = {Meinel, Christoph and D{\"o}llner, J{\"u}rgen Roland Friedrich and Weske, Mathias and Polze, Andreas and Hirschfeld, Robert and Naumann, Felix and Giese, Holger and Baudisch, Patrick and Friedrich, Tobias and B{\"o}ttinger, Erwin and Lippert, Christoph and D{\"o}rr, Christian and Lehmann, Anja and Renard, Bernhard and Rabl, Tilmann and Uebernickel, Falk and Arnrich, Bert and H{\"o}lzle, Katharina},
  title     = {Proceedings of the HPI Research School on Service-oriented Systems Engineering 2020 Fall Retreat},
  number    = {138},
  publisher = {Universit{\"a}tsverlag Potsdam},
  address   = {Potsdam},
  isbn      = {978-3-86956-513-2},
  issn      = {1613-5652},
  doi       = {10.25932/publishup-50413},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-504132},
  publisher      = {Universit{\"a}t Potsdam},
  pages     = {vi, 144},
  year      = {2021},
  abstract  = {Design and Implementation of service-oriented architectures imposes a huge number of research questions from the fields of software engineering, system analysis and modeling, adaptability, and application integration. Component orientation and web services are two approaches for design and realization of complex web-based system. Both approaches allow for dynamic application adaptation as well as integration of enterprise application. Service-Oriented Systems Engineering represents a symbiosis of best practices in object-orientation, component-based development, distributed computing, and business process management. It provides integration of business and IT concerns. The annual Ph.D. Retreat of the Research School provides each member the opportunity to present his/her current state of their research and to give an outline of a prospective Ph.D. thesis. Due to the interdisciplinary structure of the research school, this technical report covers a wide range of topics. These include but are not limited to: Human Computer Interaction and Computer Vision as Service; Service-oriented Geovisualization Systems; Algorithm Engineering for Service-oriented Systems; Modeling and Verification of Self-adaptive Service-oriented Systems; Tools and Methods for Software Engineering in Service-oriented Systems; Security Engineering of Service-based IT Systems; Service-oriented Information Systems; Evolutionary Transition of Enterprise Applications to Service Orientation; Operating System Abstractions for Service-oriented Computing; and Services Specification, Composition, and Enactment.},
  language  = {en}
}