“The Curious Mind Researcher Award also demonstrates that Germany is a research location that offers superb framework conditions for cutting-edge research”, said Federal Chancellor Angela Merkel in congratulating the award recipient and Fraunhofer SIT Alumnus Dr. Siegfried Rasthofer, whose research is aimed at providing greater IT security for companies and individuals.
The Curious Mind Award honors researchers up to 40 years old in Germany. The award, which is endowed with EUR 7,500, has been awarded since 2018 jointly by the technology and research company Merck and manager magazin as part of the “Hall of Fame der deutschen Forschung (German research)” awards. This year the Nobel Prize recipient in chemistry, Emmanuelle Charpentier, was inducted into the “Hall”, in which the former director of the Fraunhofer IDMT, Karlheinz Brandenburg, is also represented for his Audiocodec MP3.
Curious Mind award winner Dr. Sigfried Rasthofer has concentrated on the automatic recognition of weak points or threats in programs and apps. “At Fraunhofer SIT we have developed programs that analyze the software for security-critical programming defects. But, naturally, we also examine whether a malicious code – such as a backdoor – was inserted.” The idea for this analytical tool arose early on during work on his dissertation.
The Curious Mind Award is not the first distinction for Rasthofer. The young researcher can also point to the 2018 Hugo Geiger Award, the 2018 Software Engineering Award from the Ernst Denert Foundation, the 2017 Fraunhofer ICT Dissertation Award, and, among others, the 2016 German IT Security Award. In addition, the TeamSIK he designed at Fraunhofer SIT Rasthofer produced several eye-catching discoveries of security gaps. He also regularly presented these discoveries at renowned hacking conferences. “For me as a student it was obviously very impressive to be presenting at a conference with 30,000 participating security experts and hackers.”
Initially working as a security researcher at Fraunhofer SIT, Rasthofer encountered “many really good experts” as colleagues. From 2017 to 2019 he headed the Department for Secure Software Engineering. In this position he was SIT’s global contact person in the event of IT security threats to corporate clients. At the SIT, working together with Fraunhofer experts and students, he developed the CodeInspect software tool, which is still being licensed and sold through Fraunhofer SIT.
Programming the tool was one thing; using it to rigorously test software products was another: “With the ethical TeamSIK hacking group we engaged very intensively with various subjects and, for example, analyzed different anti-virus software.” In doing to, the young security experts at Fraunhofer SIT discovered some “interesting things”, such as security breaches in Amazon’s software or at Google, which were taken very seriously by the companies in question. Rasthofer made repeated trips to the USA to present these results and security breaches to those in charge.
In another case, Rasthofer stopped a banking Trojan that had already infected 30,000 users in Korea. Naturally, such discoveries and successes did not go unnoticed and the Fraunhofer SIT in Darmstadt thus also profited from the work of the young researchers. But Rasthofer constantly emphasizes: “It was always a team accomplishment. We worked on these projects for weeks, and sometimes months.” For outsiders the motivation to take part in such projects is perhaps difficult to comprehend. But “when you have penetrated a system, it gives you an indescribable feeling of happiness.”
But how does one become an IT security expert? Even during his childhood in Bavaria, Rasthofer busied himself with computers and the Internet. After high school he obtained a bachelor’s degree from the University of Applied Sciences in Landshut. His interest in computer security started during his master’s program at the University of Passau. For his dissertation in 2016 he switched to the Technical University of Darmstadt.
As a software engineer for Siemens CERT he worked for about a year in Princeton. While completing his doctorate he also worked for one year in 2014 as an IT security researcher at Microsoft in Redmond, WA. As he himself says today, this posting was not only professionally very enriching. “To work on IT security for Microsoft products such as Office or Windows – even if only on small segments – was really impressive.”
Today the Fraunhofer alumnus advises major clients of the reinsurer Munich Re on IT security issues. The subject of cyber insurance is a booming market. More and more companies want to or must safeguard themselves against risks associated with IT breakdowns. In his most recent work Rasthofer has been analyzing attacks on companies and supporting these companies in dealing with them. Nevertheless, the field of cyber insurance is still relatively new. Rasthofer: “There are still many challenges and here once again I am working to some extent as a researcher.”