Chief Digital Officer / Chief Information Officer
Prof. Dr.-Ing. Sebastian Gerling, LL.M.
In seiner Funktion als Chief Digital Officer (CDO) koordiniert er in enger Abstimmung mit dem Präsidium und weiteren Stakeholdern den Prozess zur Entwicklung und Fortschreibung der Digitalisierungsstrategie für die Universität Hamburg.
Als Chief Information Officer (CIO) koordiniert er in enger Abstimmung mit dem Präsidium, dem Regionalen Rechenzentrum (RRZ) und weiteren Stakeholdern aus der IT den Prozess zur Weiterentwicklung und Umsetzung der IT-Strategie und verantwortet den operativen IT-Betrieb im RRZ.
Lebenslauf
- seit 2024 Chief Information Officer (CIO) der Universität Hamburg
- seit 2021 Chief Digital Officer (CDO) der Universität Hamburg
- 2021–2023 Masterstudium IT-Recht (LL.M.) an der Universität des Saarlandes
- seit 2011 Berater für IT-Sicherheit, Referent für IT-Sicherheitsschulungen und Vorträge
- Autor von Fachartikeln im Bereich IT-Sicherheit
- 2019–2020 Leiter Wissenschaftsstrategie am CISPA – Helmholtz-Zentrum für Informationssicherheit
- 2018–2019 Leiter Wissenschaftsstrategie und Technologietransfer erst am CISPA – Center for IT-Security, Privacy and Accountability und dann am CISPA – Helmholtz-Zentrum für Informationssicherheit
- 2012–2017 Administrativer Leiter des CISPA – Center for IT-Security, Privacy and Accountability
- 2012–2014 Wissenschaftlicher Mitarbeiter an der Universität des Saarlandes
- 2014 Promotion an der Universität des Saarlandes – Promotionsstipendium der International Max Planck Research School for Computer Science
- 2004–2009 Bachelorstudium und Masterstudium der Informatik an der Universität des Saarlandes
Publikationen
Publikationen
Ergebnisse durchsuchen/filtern
Sortiert nach:
2023
Das Konzept des House of Computing and Data Science als Blaupause zur Digitalisierung der Forschung
Publiziert: Konferenzbeitrag - Aufsatz in Konferenzband in: INFORMATIK 2023 - Designing Futures – Zukunfte gestalten, Proceedings: 123-128, 6 S., Vol. 337 (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI); Band P-337)
2022
IT-Sicherheit für Dummies
- R. W. Gerling
- S. R. Gerling
Publiziert: Buch: 1. Auflage Aufl., Weinheim: Wiley - VCH Verlag GmbH & CO. KGaA (...für Dummies)
2020
Stand der Technik bei Videokonferenzen - und die Interpretation der Aufsichtsbehörden. - "Naming and shaming" beim Datenschutz
- R. W. Gerling
- S. Gerling
- S. Hessel
- R. Petrlic
Publiziert: Zeitschriftenaufsätze: Datenschutz und Datensicherheit, Vol. 44, 11, 740-747
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
2016
Angreiferjagd im "Internet der Dinge".
- S. Gerling
- C. Rossow
Publiziert: Zeitschriftenaufsätze: Datenschutz und Datensicherheit, Vol. 40, 8, 507-510
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
Das "Recht auf Vergessenwerden" - eine technische Utopie?
- S. Gerling
- R. W. Gerling
Publiziert: Kapitel in: Datenschutz als Verbraucherschutz: JWV Jenaer Wissenschaftliche Verlagsgesellschaft
R-Droid: Leveraging Android App Analysis with Static Slice Optimization
- M. Backes
- S. Bugiel
- E. Derr
- S. Gerling
- C. Hammer
Publiziert: Konferenzbeitrag - Aufsatz in Konferenzband in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security: 129-140, 12 S., New York: Association for Computing Machinery (ACM) (ASIA CCS '16)
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
2014
Plugging in trust and privacy: three systems to improve widely used ecosystems
Publiziert: Dissertation
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
X-pire 2.0: a user-controlled expiration date and copy protection mechanism
- M. Backes
- S. Gerling
- S. Lorenz
- S. Lukas
Publiziert: Konferenzbeitrag - Aufsatz in Konferenzband in: Proceedings of the 29th Annual ACM Symposium on Applied Computing: 1633-1640, 8 S., New York: Association for Computing Machinery (ACM) (SAC '14)
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
Scippa: system-centric IPC provenance on Android
- M. Backes
- S. Bugiel
- S. Gerling
Publiziert: Konferenzbeitrag - Aufsatz in Konferenzband in: Proceedings of the 30th Annual Computer Security Applications Conference: 36-45, 10 S., Association for Computing Machinery (ACM) (ACSAC '14)
Externe Publikationsmetriken
Dabei werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
Android Security Framework: Enabling Generic and Extensible Access Control on Android
- M. Backes
- S. Bugiel
- S. Gerling
- P. v. Styp-Rekowsky
Publiziert: Technischer Bericht: 27 S. (Cryptography and Security)
@inbook{34313cc2e1ef486f874841a669256aff,
title = "Das Konzept des House of Computing and Data Science als Blaupause zur Digitalisierung der Forschung",
abstract = "Forschung auf internationalem Niveau kommt nicht mehr ohne die strukturelle Nutzung der Potenziale der Digitalisierung, dabei insbesondere in den Bereichen Data Science und K{\"u}nstlicher Intelligenz, aus. Gleichzeitig ist der Br{\"u}ckenschlag in die wissenschaftliche Anwendung aufgrund sehr heterogener F{\"a}cherkulturen, Vorerfahrungen und der hohen Methodenvielfalt nicht trivial. Ein vielversprechender Ansatz, mit diesen Herausforderungen umzugehen, ist das Konzept des House of Computing and Data Science. Als zentrale Einrichtung wird das Ziel eines reziproken,gemeinsamen Erkenntnisgewinns und Ausbau von Methodenkompetenz verfolgt. Dabei werden Impulse in die gesamte Universit{\"a}t gegeben, gleichzeitig aber auch Erfahrungen und Kompetenzen aus den dezentralen Bereichen geb{\"u}ndelt.",
keywords = "Data Science, K{\"u}nstliche Intelligenz, Digitalisierung, Organisationsstruktur, Research Software Engineering",
author = "Chris Biemann and Tilo B{\"o}hmann and Sebastian Gerling and Jan Louis and Martin Semmann",
year = "2023",
month = sep,
language = "Deutsch",
isbn = "978-3-88579-731-9",
volume = "337",
series = "Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)",
pages = "123--128",
editor = "Maike Klein and Daniel Krupka and Cornelia Winter and Volker Wohlgemuth",
booktitle = "INFORMATIK 2023 - Designing Futures",
}
@book{440b25e55a7a4cd9b7cb63fb3dd95645,
title = "IT-Sicherheit f{\"u}r Dummies",
keywords = "Datenschutzgesetze, Kryptologie Lehrbuch, Wirtschaftsrecht, Netzwerke / Sicherheit, Rechtswissenschaft, Datenschutzgrundverordnung, Informatik, IT-Security, Datenschutz im Unternehmen, Cybersecurity, Kryptografie Lehrbuch, Netzwerksicherheit, Datensicherung, Verschl{\"u}sselung, Computersicherheit u. Kryptographie, Netzwerkprotokoll, Datensicherheit, Cybersicherheit, Informationssicherheit",
author = "Gerling, {Rainer W} and Gerling, {Sebastian R}",
year = "2022",
language = "Deutsch",
isbn = "3527833579",
series = "...f{\"u}r Dummies",
publisher = "Wiley - VCH Verlag GmbH & CO. KGaA",
address = "Deutschland",
edition = "1. Auflage",
}
@article{68bcfe33cc6840f68c443539e0c2eeba,
title = "Stand der Technik bei Videokonferenzen - und die Interpretation der Aufsichtsbeh{\"o}rden.: {"}Naming and shaming{"} beim Datenschutz",
abstract = "Der Beitrag analysiert die Praxis einiger Datenschutzaufsichtsbeh{\"o}rden bei der Bewertung von Videokonferenzl{\"o}sungen vor dem Hintergrund des Stands der Technik. Die Informationspraxis der Datenschutzaufsichtsbeh{\"o}rden wird anschlie{\ss}end hinsichtlich der rechtlichen Auswirkungen auf Anbieter und Verantwortliche bewertet.",
author = "Gerling, {Rainer W.} and Sebastian Gerling and Stefan Hessel and Ronald Petrlic",
note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",
year = "2020",
doi = "10.1007/S11623-020-1359-0",
language = "Deutsch",
volume = "44",
pages = "740--747",
journal = "Datenschutz und Datensicherheit",
issn = "0724-4371",
number = "11",
}
@article{a32cbb69b73249e4acda2cfdcbb728cd,
title = "Angreiferjagd im {"}Internet der Dinge{"}.",
abstract = "Immer mehr Ger{\"a}te aus unserer Umgebung werden zum „Internet der Dinge“ vernetzt. Mit dem Smartphone erobern wir unser Zuhause und k{\"o}nnen damit Waschmaschine, K{\"u}hlschrank, Heizung oder Licht steuern. Das ist komfortabel–jedoch beobachten wir immer h{\"a}ufiger Angriffe gegen diese Ger{\"a}te. Der Beitrag zeigt, wie mit speziellen Honeypots auf Angreiferjagd gegangen werden kann, um Angriffsmuster und Ziele aktueller Angriffe zu analysieren.",
author = "Sebastian Gerling and Christian Rossow",
note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",
year = "2016",
doi = "10.1007/S11623-016-0647-1",
language = "Deutsch",
volume = "40",
pages = "507--510",
journal = "Datenschutz und Datensicherheit",
issn = "0724-4371",
number = "8",
}
@inbook{e5f982462cf74c07a829ecae4f2756cb,
title = "Das {"}Recht auf Vergessenwerden{"} - eine technische Utopie?",
author = "Sebastian Gerling and Gerling, {Rainer W}",
year = "2016",
language = "Deutsch",
isbn = "9783938057360",
booktitle = "Datenschutz als Verbraucherschutz",
publisher = "JWV Jenaer Wissenschaftliche Verlagsgesellschaft",
}
@inbook{e993060787c2492db38babb202bca660,
title = "R-Droid: Leveraging Android App Analysis with Static Slice Optimization",
abstract = "Today's feature-rich smartphone apps intensively rely on access to highly sensitive (personal) data. This puts the user's privacy at risk of being violated by overly curious apps or libraries (like advertisements). Central app markets conceptually represent a first line of defense against such invasions of the user's privacy, but unfortunately we are still lacking full support for automatic analysis of apps' internal data flows and supporting analysts in statically assessing apps' behavior. In this paper we present a novel slice-optimization approach to leverage static analysis of Android applications. Building on top of precise application lifecycle models, we employ a slicing-based analysis to generate data-dependent statements for arbitrary points of interest in an application. As a result of our optimization, the produced slices are, on average, 49% smaller than standard slices, thus facilitating code understanding and result validation by security analysts. Moreover, by re-targeting strings, our approach enables automatic assessments for a larger number of use-cases than prior work. We consolidate our improvements on statically analyzing Android apps into a tool called R-Droid and conducted a large-scale data-leak analysis on a set of 22,700 Android apps from Google Play. R-Droid managed to identify a significantly larger set of potential privacy-violating information flows than previous work, including 2,157 sensitive flows of password-flagged UI widgets in 256 distinct apps.",
author = "Michael Backes and Sven Bugiel and Erik Derr and Sebastian Gerling and Christian Hammer",
year = "2016",
doi = "10.1145/2897845.2897927",
language = "English",
isbn = "9781450342339",
series = "ASIA CCS '16",
publisher = "Association for Computing Machinery (ACM)",
pages = "129--140",
booktitle = "Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security",
address = "USA - United States",
}
@phdthesis{e7f047fea4f540faa22dd578fa41a3a4,
title = "Plugging in trust and privacy: three systems to improve widely used ecosystems",
abstract = "The era of touch-enabled mobile devices has fundamentally changed our communication habits. Their high usability and unlimited data plans provide the means to communicate any place, any time and lead people to publish more and more (sensitive) information. Moreover, the success of mobile devices also led to the introduction of new functionality that crucially relies on sensitive data (e.g., location-based services). With our today{\textquoteright}s mobile devices, the Internet has become the prime source for information (e.g., news) and people need to rely on the correctness of information provided on the Internet. However, most of the involved systems are neither prepared to provide robust privacy guarantees for the users, nor do they provide users with the means to verify and trust in delivered content. This dissertation introduces three novel trust and privacy mechanisms that overcome the current situation by improving widely used ecosystems. With WebTrust we introduce a robust authenticity and integrity framework that provides users with the means to verify both the correctness and authorship of data transmitted via HTTP. X-pire! and X-pire 2.0 offer a digital expiration date for images in social networks to enforce post-publication privacy. AppGuard enables the enforcement of fine-grained privacy policies on third-party applications in Android to protect the users privacy.",
keywords = "Mobile devices, Social networks, trust, privacy, http",
author = "Sebastian Gerling",
year = "2014",
month = oct,
doi = "10.22028/D291-26590",
language = "English",
}
@inbook{6a1d49fe282e45d7b09785f448fbc47d,
title = "X-pire 2.0: a user-controlled expiration date and copy protection mechanism",
abstract = "During the last decade, social networks' free dissemination of personal information has reached a wide acceptance. Most of today's Internet users, especially teenagers, publish various kinds of sensitive information, without realizing that this information is preserved and might be detrimental to their future life and career. We present X-pire 2.0, which overcomes this unsatisfactory situation and puts users back in control of their published data. X-pire 2.0 is the first system that provides a digital expiration date and integrates robust protection against attackers creating digital copies of content before the expiration date has been reached. Our system leverages state-of-the-art trusted computing technologies and seamlessly integrates into the existing infrastructure on the Internet. X-pire 2.0 allows to add and enforce a digital expiration date on images that can be uploaded to existing social networks, since our enforcement is even robust against image recompression during upload. We implemented X-pire 2.0 for Android and show its practicality by publishing protected images in Google+ and Flickr.",
author = "Michael Backes and Sebastian Gerling and Stefan Lorenz and Stephan Lukas",
year = "2014",
month = mar,
doi = "10.1145/2554850.2554856",
language = "English",
isbn = "9781450324694",
series = "SAC '14",
publisher = "Association for Computing Machinery (ACM)",
pages = "1633--1640",
booktitle = "Proceedings of the 29th Annual ACM Symposium on Applied Computing",
address = "USA - United States",
}
@inbook{7972163c52e7435fa19abcd12578cba8,
title = "Scippa: system-centric IPC provenance on Android",
abstract = "Google's Android OS provides a lightweight IPC mechanism called Binder, which enables the development of feature-rich apps that seamlessly integrate services and data of other apps. Whenever apps can act both as service consumers and service providers, it is inevitable that the IPC mechanism provides message receivers with message provenance information to establish trust. However, the Android OS currently fails in providing sufficient provenance information, which has led to a number of attacks.We present an extension to the Android IPC mechanism, called Scippa, that establishes IPC call-chains across application processes. Scippa provides provenance information required to effectively prevent recent attacks such as confused deputy attacks. Our solution constitutes a system-centric approach that extends the Binder kernel module and Android's message handlers. Scippa integrates seamlessly into the system architecture and our evaluation shows a performance overhead of only 2.23% on Android OS v4.2.2.",
author = "Michael Backes and Sven Bugiel and Sebastian Gerling",
year = "2014",
month = jan,
day = "1",
doi = "10.1145/2664243.2664264",
language = "English",
isbn = "9781450330053",
series = "ACSAC '14",
publisher = "Association for Computing Machinery (ACM)",
pages = "36--45",
booktitle = "Proceedings of the 30th Annual Computer Security Applications Conference",
address = "USA - United States",
}
@techreport{ec0bd9a30c5c41b089f056c2da6fa273,
title = "Android Security Framework: Enabling Generic and Extensible Access Control on Android",
abstract = "We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android's mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.",
author = "Michael Backes and Sven Bugiel and Sebastian Gerling and Styp-Rekowsky, {Philipp von}",
year = "2014",
language = "English",
series = "Cryptography and Security",
publisher = "arXiv.org",
number = "A/01/2014",
type = "WorkingPaper",
institution = "arXiv.org",
}
Externe Publikationsmetriken sind inaktiv
Durch die Aktivierung werden Daten an Dritte übertragen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.