Smart infrastructures, higher connectivity and more and more complex IT systems in all areas of life place new demands on IT security. This can only be addressed by an interdisciplinary approach. To tackle these challenges, the KASTEL competence center combines the expertise in multiple disciplines of IT security of the Karlsruhe Institute for Technology (KIT), the Fraunhofer Institute for Optronics, System Technology and Image Exploitation (IOSB) and the Research Center for Information Technology (FZI). The rationale behind this collaboration is to develop a holistic approach which does not just focus on individual aspects of the security of applications, on isolated partial solutions and independent analysis of IT security in different fields of computer science. The new threat models required here, the security requirements and the methods are being developed in KASTEL through the collaboration of cryptographers, software engineers, legal and network experts. Through this cooperation, KASTEL bridges the cultures of different disciplines, covering the gap from theoretical research to practical implementation.
KASTEL brings theoretical research and practical implementations closer together. The abstracted viewpoint of fundamental research is generally not congruent with practical requirements. Neither can results be transferred seamlessly within academic research. To close this gap, scientists from KASTEL are working on reconciling the results of different disciplines. The integration in real scenarios serves as a motivation and guarantees practical relevance.
However, it is a fundamental problem in IT security that guarantees of security properties do not complement each other. To prove the security of a complex system it is not enough to analyze system components separately. Another problem arises from the different levels of abstraction of the various disciplines. Even if every sub-discipline asserts the security of a system, this still does not prove that the system as a whole is secure. The individual proofs, as they have been performed up to now, cannot be combined. Investigating four fundamental research questions, KASTEL aims at developing a fundamental understanding for the design of (provably) holistically secure systems. This leads to the development of an interdisciplinary process supporting development from the requirements up to the maintenance of the final product.