Photo of Steffen Bartsch

Steffen Bartsch

Steffen Bartsch received his Diploma in Computer Science in 2007 at Universität Bremen and has since been with the university's TZI. He is engaged in Information Security and Web technology-related projects and would like to bridge usability gaps in Digital Media—with a specific focus on Information Security. Accordingly, his current research topics include authorization usability and security in agile development.

Publications

  • Steffen Bartsch, M. Angela Sasse: Guiding Decisions on Authorization Policies: A Participatory Approach to Decision Support. ACM SAC 2012, Trento, Italy, 2012 – Accepted
  • Steffen Bartsch: Policy Override in Practice: Model, Evaluation, and Decision Support. Security and Communication Networks, Wiley, 2011 – Accepted
  • Steffen Bartsch: Exploring Twisted Paths: Analyzing Authorization Processes in Organizations. NSS 2011, Milan, Italy, 2011; pdf, publisher
  • Steffen Bartsch: Practitioners´ Perspectives on Security in Agile Development. FARES at ARES 2011, Vienna, Austria, 2011; pdf, publisher
  • Steffen Bartsch: An Authorization Enforcement Usability Case Study*. ESSoS 2011, Madrid, Spain, 2011; pdf, publisher
  • Steffen Bartsch: A Calculus for the Qualitative Risk Assessment of Policy Override Authorization. SIN 2010, Taganrog, Russia, 2010; pdf, publisherBest Paper Award
  • Steffen Bartsch: Supporting Authorization Policy Modification in Agile Development of Web Applications. SecSE at ARES 2010, Kraków, Poland, 2010; pdf, publisher
  • Steffen Bartsch, Karsten Sohr, Carsten Bormann: Supporting Agile Development of Authorization Rules for SME Applications*. TrustCol 2008, Orlando, FL, 2008; pdf, publisher
  • Steffen Bartsch, Carsten Bormann: Berechtigungsmodellierung im Geschäftsprozessmanagement von KMU. D-A-CH Security 2008, Berlin, 2008; pdf
  • Kai-Oliver Detken, Stephan Gitz, Steffen Bartsch, Richard Sethmann: Trusted Network Connect – sicherer Zugang ins Unternehmensnetz. D-A-CH Security 2008, Berlin, 2008
  • Dirk Kutscher, Jörg Ott, Steffen Bartsch: Supporting Network Access and Service Location in Dynamic Environments. TERENA Networking Conference 2007, 2007
  • Steffen Bartsch: Network Service Maps: An Information Service for Heterogenous Network Environments. Diploma thesis, Universität Bremen, May 2007; pdf
  • * The original publication is available at www.springerlink.com

Research Projects

  • Plusquam

    In Plusquam, a web application for quality management in the automotive supplier industry is being developed, employing the Agile development paradigm for increased development productivity and usability. Current technologies are used for supporting these goals, e.g. the web development framework Ruby on Rails and web technologies such as AJAX. From a research perspective, we experimented with new authorization approaches, including compartmentation, policy override and end-user development of authorization policies.

  • SIMOIT

    Mobile workers make use of the increasing capabilities of mobile devices in order to access information within company networks from client sites or en-route. While technologies are widely deployed against unauthorized access to company networks, mobile devices may still fall prey to attacks. To prevent intrusion by way of mobile workers' devices, these devices can be integrity-checked before allowing access to company networks. In SIMOIT, a prototype was developed that implements these measures based on Trusted Network Connect (TNC). Unlike similar, but vendor-specific approaches, this prototype allows deployment with the current company network infrastructure largely unchanged. Project homepage

  • Service Maps

    In emerging mobile networking environments, finding and selecting connectivity services is a challenge for end users, in particular in unknown network environments. Service Maps offer provider and network topology-independent information on network access and higher layer services, such as Voice-over-IP. Project homepage

Software Projects

  • declarative_authorization

    A Ruby on Rails plugin for improved developer usability when implementing authorization. Authorization rules are defined in one place in a near natural-language to help documenting and discussing the policies with stakeholders. The authorization rules are employed for enforcing access control on several layers including constraints on database queries. Further administrative tools ease policy modification and maintenance: A graphical representation of the policy improves the comprehensibility and change support suggests policy changes based on concrete change goals. Project homepage

  • EFA Query

    EFA Query is a mobile application for the Android platform that allows users to query German public transport routing. EFA Query also serves as an experimentation field for usability in mobile application authorization. Through information flow analysis and application authorization enforcement controls, the transparency of authorization decisions can be significantly improved for end users. Instead of broadly acknowledging permissions such as Internet Access, the end user can be presented with an estimation of which information may be transfered from the device through the requested permissions. Project homepage
TZI - Technologie-Zentrum Informatik
Universität Bremen