At CYRENZH we conduct interdisciplinary research projects involving researchers from the University of Zurich, ZHAW and ETH Zurich in particular. We work together with companies and the public sector in the canton of Zurich. Both technical aspects of cybersecurity (e.g. cryptography, computer science, information systems) and non-technical aspects (e.g. psychology, sociology, politics) are to be considered. We work together with companies and the public sector in the canton of Zurich.
We investigate issues that affect people, processes, and technologies. For example: How can successful cyberattacks on organizations be explained and how can future ones be prevented? How can people be sensitized to the issue of security? How can AI be used to improve security technologies?
We can also invite a limited number of fellows to Zurich (e.g., for a presentation). In the past, we have been able to invite Prof. Karen Renaud or Prof. Sokratis Katsikas, for example.
We encourage both researchers and organizations, including companies, to reach out for potential collaborations. Whether you’re from academic institutions or the private and public sector, we welcome partnerships to engage in interdisciplinary or single-discipline cybersecurity projects. If you’re interested in contributing expertise in technical areas such as cryptography and computer science, or non-technical fields like psychology and sociology, we encourage you to get in touch to explore collaboration opportunities.
People
Cryptography
Our areas of expertise include coding and information theory. These disciplines play crucial roles in ensuring the security and reliability of communication systems, data transmission, and storage.
Joachim Rosenthal
Prof. Dr.
Coding Theory, Cryptography
Ethics and Law
We explore the moral and philosophical considerations surrounding the use of security measures, technologies, and practices in the context of cybersecurity. We address questions related to the ethical implications of security decisions, the balance between security and individual rights or freedoms, and the ethical responsibilities of security professionals and organizations.
Markus Christen
PD Dr.
Empirical ethics, neuroethics, ICT ethics and data analysis methodologies
Lukas Staffler
PhD LL. M.
Cyber Law
Human & Organizational Factors in Security
We want to understand how human behavior, attitudes, and organizational structures influence the effectiveness of cybersecurity measures. By considering the human element alongside technical controls, organizations can enhance their resilience to cyber threats and foster a security-aware culture across all levels of the organization.
benjamin Ambühl
PhD, Postdoc
Behavior Change in Security & Privacy & Evaluation of Awareness campaigns
Leyla Ciragan
PhD
Interdisciplinary Introductory Courses, Open Source Intelligence, Storytelling for Tech Topics, Learning Theories
Nico Ebert
Prof. Dr.
Human Factors in Security and Privacy
Melanie Knieps
PhD
Human Factors in Security and Privacy
Verena Zimmermann
Prof. Dr.
Human Factors in Security and Privacy
Technical Aspects of Security
We do research on technical aspects of cybersecurity to protect systems, networks, and data from unauthorized access, attacks, and breaches. Our goal is to design and implement innovative technological solutions and practices to mitigate threats, protect digital assets, and ensure the resilience of information systems against evolving cyber risks.
Gürkan Gür
PhD
Cybersecurity in Next-Generation Networks, Space Systems Cybersecurity, Cloud Security, Blockchain
Peter Heinrich
PhD
Infrastructure Security and Recovery
Stephan Neuhaus
PhD
Privacy, Threat Modeling, Security Testing, Applied Cryptography
Marc Rennhard
Prof. Dr.
Software Security, Security Engineering, Security Testing, Security Automation
Burkhard Stiller
Prof. Dr.
Security in Networks and Distributed Systems
Ariane Trammell
PhD
Projects
Zurich Cybersecurity Behavior Scale
Together with various organizations from the canton of Zurich, we are developing a measurement tool that can be used to determine the cyber security behavior of employees through surveys and technical measurements. In this way, targeted measures can be developed for employees in the organizations (e.g., training, system improvements).
Involved Parties: ZHAW, UZH, ETHZ
Funding: DIZH
FASTscan: Fully Automated Security Testing with scanmeter
In this R&D project, scanmeter – a service for the automated security analysis of IT systems – is extended with several innovative components to improve automation and coverage of the testing portfolio of scanmeter. This includes, e.g., improving reliability and coverage of web application and REST API vulnerability scanning, automated aggregation of vulnerability reports created by different testing tools, and automated detection of access control vulnerabilities in web applications.
Involved Parties: ZHAW, scanmeter GmbH
Funding: Innosuisse
NATWORK
The main vision of NATWORK (Net-Zero self-adaptive activation of distributed self-resilient augmented services) is to develop a novel bio-inspired cybersecurity and resilience framework for networking distributed systems that transcend a single administrative domain and cross a heterogeneous fabric of resources. This vision is motivated by the new ICT systems landscape and 6G vision.
Involved Parties: UZH, ZHAW and 12 other partners from 10 European countries
Funding: Horizon Europe
HostDetective.ng++
In the HostDetective.ng++ project, a system to support an analyst in a Security Operations Center (SOC) is created. The developed system provides meta-information on domains and IP addresses to assist SOC-analysts by the investigation of potentially malicious domains or IP addresses.
Involved Parties: ZHAW, Exeon
Funding: Innosuisse
Enhancing Phishing Interventions
Phishing attacks trick people by using social engineering techniques that exploit emotions or weaknesses, such as inattentiveness. Together with collaboration partners from the Swiss Cyber Defence Campus, we create targeted interventions that support users against phishing. Recognizing the diversity in individuals’ motivations, knowledge, and strengths, we investigate the potential of personalized phishing training tailored to accommodate inter-individual differences. Additionally, to enhance the development and evaluation of these interventions, we are constructing a framework that provides guidance on how the outcomes of phishing training can be evaluated.
Involved Parties: ETHZ, KIT, Armasuisse
Funding: Armasuisse
Promoting trust in cybersecurity through ethics and law
Modern society is increasingly dependent on information technology, which explains the importance of cybersecurity. The call for the development of expertise has led to the «National strategy for Switzerland’s protection against cyber risks» (NCS). Its core principles include a) a risk-based approach to cybersecurity, according to which risks cannot be completely avoided but can be reduced to an acceptable minimum, b) a decentralised implementation of appropriate measures, c) a subsidiary role of the state, d) the promotion of public-private partnerships, and e) active communication with civil society, the private sector and policymakers. The central aim of the project is to support these key elements of the NCS through research that provides data, insights and recommendations, with a special focus on non-technical aspects of cybersecurity.
Involved Parties: UZH, UNIL, NCSC, Swiss GovCERT
Funding: NRP 77