Steffen Bartsch
Steffen Bartsch received his Diploma in Computer Science in 2007 at Universität Bremen and has since been with the university's TZI. He is engaged in Information Security and Web technology-related projects and would like to bridge usability gaps in Digital Media—with a specific focus on Information Security. Accordingly, his current research topics include authorization usability and security in Agile development.
Publications
- Steffen Bartsch: A Calculus For the Qualitative Risk Assessment of Policy Override Authorization; Accepted for SIN 2010; Taganrog, Russia; 2010; PDF
- Steffen Bartsch: Supporting Authorization Policy Modification in Agile Development of Web Applications; SecSE 2010; Kraków, Poland; 2010; PDF
- Steffen Bartsch, Karsten Sohr, Carsten Bormann: Supporting Agile Development of Authorization Rules for SME Applications; TrustCol 2008; Orlando, FL; 2008; PDF
- Steffen Bartsch, Carsten Bormann: Berechtigungsmodellierung im Geschäftsprozessmanagement von KMU; D-A-CH Security 2008; Berlin; 2008; PDF
- Kai-Oliver Detken, Stephan Gitz, Steffen Bartsch, Richard Sethmann: Trusted Network Connect – sicherer Zugang ins Unternehmensnetz; D-A-CH Security 2008; Berlin; 2008
- Dirk Kutscher, Jörg Ott, Steffen Bartsch: Supporting Network Access and Service Location in Dynamic Environments; TERENA Networking Conference 2007; 2007
- Steffen Bartsch: Network Service Maps: An Information Service for Heterogenous Network Environments; Diploma thesis, Universität Bremen; May 2007; PDF
Research Projects
Plusquam
In Plusquam, a web application for quality management in the automotive supplier industry is being developed, employing the Agile development paradigm for increased development productivity and usability. Current technologies are used for supporting these goals, e.g. the web development framework Ruby on Rails and web technologies such as AJAX. From a research perspective, we experimented with new authorization approaches, including compartmentation, policy override and end-user development of authorization rules.SIMOIT
Mobile workers of today make use of the further increasing capabilities of mobile devices in order to access information within company networks from client sites or en-route. While technologies are widely deployed against unauthorized access to company networks through communication media, mobile devices may still fall prey to attacks. To prevent intrusion by way of mobile workers' devices, these devices could be integrity-checked before allowing access to company networks. In SIMOIT, a prototype was developed that implemented these measures based on Trusted Network Connect (TNC). Unlike similar, but vendor-specific approaches, this prototype allows deployment with the current company network infrastructure largely untouched. Project homepageService Maps
In emerging mobile networking environments, finding and selecting connectivity services increases in importance, in particular in unknown network environments. Service Maps are intended to satisfy this demand and offer provider and network topology-independent information on network access and higher layer services, such as VoIP. Project homepage
Software Projects
declarative_authorization
A Ruby on Rails plugin for implementing declarative authorization. Authorization rules are defined in one place in a near natural-language to help in documenting and discussing the policies with stakeholders. The authorization rules are employed for enforcing access control on several layers including constraints on database queries. Project homepageEFA Query
A mobile application for the Android platform that allows users to query German public transport routing. EFA Query also serves as a experimentation field for information flow control and application authorization enforcement controls.