2023 [ nach oben ]

1.
Podlesny, N.J., Kayem, A.V., Meinel, C.: De-anonymising individuals through unique patterns in movement data. Computing Conference 2023 (2023).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Recent developments have accelerated the need to track individual contact behaviours to counter the pandemic of COVID-19. Various solutions have been implemented to support contact tracing activities with respect to disease propagation. In particular, digital contact tracing approaches range from manual QR scanning to automated Bluetooth handshakes. However, a problem that all the contact tracing methods face is the issue of how to protect individuals' privacy while also dealing with the threat of a global disease. Approaches such as IMSI-catching address the data privacy issue by adopting rotating keys, which are aimed at minimising the potential risk of de-anonymisation. Rotating keys, however do not protect individual movement patterns or behaviour routines that can be inferred from contact tracing data. In this paper, we show that individual movement patterns in contact tracing data can be used to discover behaviour routines by finding routines and patterns that are representable as quasi-identifiers, and that such quasi-identifiers can enable re-identification. We demonstrate the practicality of our proposed de-anonymisation approach via a series of three (3) experiments based on both semi-synthetic and real-world datasets, to search for quasi-identifiers that reveal unique observation patterns. Since widely popular contact tracing apps employ similar movement and contact patterns, we discuss the risk of location based behaviour pattern tracking in spite protection mechanisms such as rotating keys that are currently used to protect handshake identifiers.
@inproceedings{podlesny2023deanonymising, abstract = {Recent developments have accelerated the need to track individual contact behaviours to counter the pandemic of COVID-19. Various solutions have been implemented to support contact tracing activities with respect to disease propagation. In particular, digital contact tracing approaches range from manual QR scanning to automated Bluetooth handshakes. However, a problem that all the contact tracing methods face is the issue of how to protect individuals' privacy while also dealing with the threat of a global disease. Approaches such as IMSI-catching address the data privacy issue by adopting rotating keys, which are aimed at minimising the potential risk of de-anonymisation. Rotating keys, however do not protect individual movement patterns or behaviour routines that can be inferred from contact tracing data. In this paper, we show that individual movement patterns in contact tracing data can be used to discover behaviour routines by finding routines and patterns that are representable as quasi-identifiers, and that such quasi-identifiers can enable re-identification. We demonstrate the practicality of our proposed de-anonymisation approach via a series of three (3) experiments based on both semi-synthetic and real-world datasets, to search for quasi-identifiers that reveal unique observation patterns. Since widely popular contact tracing apps employ similar movement and contact patterns, we discuss the risk of location based behaviour pattern tracking in spite protection mechanisms such as rotating keys that are currently used to protect handshake identifiers.}, author = {Podlesny, Nikolai J. and Kayem, Anne V.D.M. and Meinel, Christoph}, booktitle = {Computing Conference 2023}, howpublished = {Accepted - In Press}, keywords = {myown privacy security trust}, title = {De-anonymising individuals through unique patterns in movement data}, year = 2023 }
Weitere Informationen
AbstractRecent developments have accelerated the need to track individual contact behaviours to counter the pandemic of COVID-19. Various solutions have been implemented to support contact tracing activities with respect to disease propagation. In particular, digital contact tracing approaches range from manual QR scanning to automated Bluetooth handshakes. However, a problem that all the contact tracing methods face is the issue of how to protect individuals' privacy while also dealing with the threat of a global disease. Approaches such as IMSI-catching address the data privacy issue by adopting rotating keys, which are aimed at minimising the potential risk of de-anonymisation. Rotating keys, however do not protect individual movement patterns or behaviour routines that can be inferred from contact tracing data. In this paper, we show that individual movement patterns in contact tracing data can be used to discover behaviour routines by finding routines and patterns that are representable as quasi-identifiers, and that such quasi-identifiers can enable re-identification. We demonstrate the practicality of our proposed de-anonymisation approach via a series of three (3) experiments based on both semi-synthetic and real-world datasets, to search for quasi-identifiers that reveal unique observation patterns. Since widely popular contact tracing apps employ similar movement and contact patterns, we discuss the risk of location based behaviour pattern tracking in spite protection mechanisms such as rotating keys that are currently used to protect handshake identifiers.

2022 [ nach oben ]

1.
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: CoK: A Survey of Privacy Challenges in Relation to Data Meshes. In: Strauss, C., Cuzzocrea, A., Kotsis, G., Tjoa, A.M., and Khalil, I. (eds.) Database and Expert Systems Applications - 33rd International Conference, DEXA 2022, Vienna, Austria, August 22-24, 2022, Proceedings, Part I. pp. 85–102. Springer, Cham, Vienna, Austria (2022).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The growing volumes of data that appear on multiple distributed platforms raise the question of how to compose data meshes that can be published and/or shared safely amongst multiple cooperating parties. Data meshes are composed of subsets (or whole sets) of data repositories that are owned by autonomous parties. This raises new challenges in terms of guaranteeing privacy across various data mesh compositions. In this paper, we present a survey of the issues that emerge in guaranteeing the privacy of distributed mesh data. We discuss the limitations of existing solutions in handling personal data privacy with respect to meshed data. Finally, we postulate that identifying personal data in such datasets must be handled with a performance efficient algorithm that can determine (on-the-fly), potential linkages across various data repositories, that could be exploited to subvert privacy.
@inproceedings{podlesny2022survey, abstract = {The growing volumes of data that appear on multiple distributed platforms raise the question of how to compose data meshes that can be published and/or shared safely amongst multiple cooperating parties. Data meshes are composed of subsets (or whole sets) of data repositories that are owned by autonomous parties. This raises new challenges in terms of guaranteeing privacy across various data mesh compositions. In this paper, we present a survey of the issues that emerge in guaranteeing the privacy of distributed mesh data. We discuss the limitations of existing solutions in handling personal data privacy with respect to meshed data. Finally, we postulate that identifying personal data in such datasets must be handled with a performance efficient algorithm that can determine (on-the-fly), potential linkages across various data repositories, that could be exploited to subvert privacy.}, address = {Vienna, Austria}, author = {Podlesny, Nikolai J. and Kayem, Anne V. D. M. and Meinel, Christoph}, booktitle = {Database and Expert Systems Applications - 33rd International Conference, DEXA 2022, Vienna, Austria, August 22-24, 2022, Proceedings, Part I}, editor = {Strauss, Christine and Cuzzocrea, Alfredo and Kotsis, Gabriele and Tjoa, A Min and Khalil, Ismail}, howpublished = {In proceedings}, keywords = {myown privacy security meshdata trust}, pages = {85-102}, publisher = {Springer, Cham}, series = {Lecture Notes in Computer Science}, title = {CoK: A Survey of Privacy Challenges in Relation to Data Meshes}, type = {Publication}, volume = 13426, year = 2022 }
Weitere Informationen
HerausgeberStrauss, Christine and Cuzzocrea, Alfredo and Kotsis, Gabriele and Tjoa, A Min and Khalil, Ismail
URNhttp://dx.doi.org/10.1007/978-3-031-12423-5_7
AbstractThe growing volumes of data that appear on multiple distributed platforms raise the question of how to compose data meshes that can be published and/or shared safely amongst multiple cooperating parties. Data meshes are composed of subsets (or whole sets) of data repositories that are owned by autonomous parties. This raises new challenges in terms of guaranteeing privacy across various data mesh compositions. In this paper, we present a survey of the issues that emerge in guaranteeing the privacy of distributed mesh data. We discuss the limitations of existing solutions in handling personal data privacy with respect to meshed data. Finally, we postulate that identifying personal data in such datasets must be handled with a performance efficient algorithm that can determine (on-the-fly), potential linkages across various data repositories, that could be exploited to subvert privacy.

2.
Majd, M., Najafi, P., Alhosseini, S.A., Cheng, F., Meinel, C.: A Comprehensive Review of Anomaly Detection in Web Logs. Proceedings of the 9th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT’22). IEEE Press, Vancouver, Washington, USA (2022).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Anomaly detection is a significant problem that has been researched within diverse research areas and application domains, especially in the area of web-based internet services or cybersecurity. Many anomaly detection techniques have been developed for specific application domains, while others are more generic. The Log files of Web-server give insight into the state of web-server and applications running on it and enable the detection of abnormal incidents or behavior. This paper focuses on particularly web-server HTTP logs to the problems of Web-server Log Anomaly Detection (WLAD) due to their own nature and features and aims to provide a brief review of different Data-driven techniques to get to the bottom of recent studies and developments made in the context of WLAD. Moreover, in this paper, the literature related to webserver logs analysis, as well as other closely related to the WLAD topic, are taken into consideration for review. We have classified existing techniques into different categories based on the underlying approach adopted. When applying a particular technique, these assumptions can be used as guidelines to assess the method's effectiveness in this area. We also provide a basic security anomaly detection approach for each category and compare the existing methods as variants of the basic technique. Further, we identify the cons and pros of the current practices for each category. We also discuss the computational complexity of the methods, which is an essential issue in the domain of Big Data.
@inproceedings{majd2022comprehensive, abstract = {Anomaly detection is a significant problem that has been researched within diverse research areas and application domains, especially in the area of web-based internet services or cybersecurity. Many anomaly detection techniques have been developed for specific application domains, while others are more generic. The Log files of Web-server give insight into the state of web-server and applications running on it and enable the detection of abnormal incidents or behavior. This paper focuses on particularly web-server HTTP logs to the problems of Web-server Log Anomaly Detection (WLAD) due to their own nature and features and aims to provide a brief review of different Data-driven techniques to get to the bottom of recent studies and developments made in the context of WLAD. Moreover, in this paper, the literature related to webserver logs analysis, as well as other closely related to the WLAD topic, are taken into consideration for review. We have classified existing techniques into different categories based on the underlying approach adopted. When applying a particular technique, these assumptions can be used as guidelines to assess the method's effectiveness in this area. We also provide a basic security anomaly detection approach for each category and compare the existing methods as variants of the basic technique. Further, we identify the cons and pros of the current practices for each category. We also discuss the computational complexity of the methods, which is an essential issue in the domain of Big Data.}, address = {Vancouver, Washington, USA}, author = {Majd, Mehryar and Najafi, Pejman and Alhosseini, Seyed Ali and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT'22)}, keywords = {seceng-security-tech myown seceng-security-analytics big-data security weblog-analytics}, month = {December}, publisher = {IEEE Press}, title = {A Comprehensive Review of Anomaly Detection in Web Logs}, year = 2022 }
Weitere Informationen
AbstractAnomaly detection is a significant problem that has been researched within diverse research areas and application domains, especially in the area of web-based internet services or cybersecurity. Many anomaly detection techniques have been developed for specific application domains, while others are more generic. The Log files of Web-server give insight into the state of web-server and applications running on it and enable the detection of abnormal incidents or behavior. This paper focuses on particularly web-server HTTP logs to the problems of Web-server Log Anomaly Detection (WLAD) due to their own nature and features and aims to provide a brief review of different Data-driven techniques to get to the bottom of recent studies and developments made in the context of WLAD. Moreover, in this paper, the literature related to webserver logs analysis, as well as other closely related to the WLAD topic, are taken into consideration for review. We have classified existing techniques into different categories based on the underlying approach adopted. When applying a particular technique, these assumptions can be used as guidelines to assess the method's effectiveness in this area. We also provide a basic security anomaly detection approach for each category and compare the existing methods as variants of the basic technique. Further, we identify the cons and pros of the current practices for each category. We also discuss the computational complexity of the methods, which is an essential issue in the domain of Big Data.

3.
Motlagh, F.N., Kayem, A.V., Meinel, C.: A Multi-agent Model to Support Privacy Preserving Co-owned Image Sharing on Social Media. In: Barolli, L., Hussain, F., and Enokido, T. (eds.) Proceedings of the 36th International Conference on Advanced Information Networking and Applications (AINA-2022). pp. 140–151. Spinger, Sydney, Australia (2022).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Privacy on online social networks is a concern, specifically in relation to sharing co-owned images. Co-owned images raise a privacy conundrum, in that enforcing privacy policies impacts negatively on performance and usability. In most existing work, this issue is addressed by requiring users from the same or overlapping friendship networks to contribute privacy opinions vis-a-vis posting the co-owned image. This poses two issues: (1) privacy posting decisions cannot be made, resulting in delay; and (2) ineffective user opinion computation necessitates large amounts of image distortion, resulting in low levels of user satisfaction. In this paper, we present a multi-agent system in which an opinion formulation algorithm computes offline user opinions based on user personality and behaviour information. Our results indicate that posting decisions, for images in which all co-owners are offline, take 3.81 s on average.
@inproceedings{DBLP:conf/aina/MotlaghKM22, abstract = {Privacy on online social networks is a concern, specifically in relation to sharing co-owned images. Co-owned images raise a privacy conundrum, in that enforcing privacy policies impacts negatively on performance and usability. In most existing work, this issue is addressed by requiring users from the same or overlapping friendship networks to contribute privacy opinions vis-a-vis posting the co-owned image. This poses two issues: (1) privacy posting decisions cannot be made, resulting in delay; and (2) ineffective user opinion computation necessitates large amounts of image distortion, resulting in low levels of user satisfaction. In this paper, we present a multi-agent system in which an opinion formulation algorithm computes offline user opinions based on user personality and behaviour information. Our results indicate that posting decisions, for images in which all co-owners are offline, take 3.81 s on average.}, address = {Sydney, Australia}, author = {Motlagh, Farzad N. and Kayem, Anne V.D.M. and Meinel, Christoph}, booktitle = {AINA 2022}, editor = {Barolli, Leonard and Hussain, Farookh and Enokido, Tomoya}, journal = {Proceedings of the 36th International Conference on Advanced Information Networking and Applications (AINA-2022)}, keywords = {myown privacy personalisation}, month = {April}, pages = {140-151}, publisher = {Spinger}, title = {A Multi-agent Model to Support Privacy Preserving Co-owned Image Sharing on Social Media}, type = {Publication}, volume = 449, year = 2022 }
Weitere Informationen
HerausgeberBarolli, Leonard and Hussain, Farookh and Enokido, Tomoya
URNhttp://dx.doi.org/10.1007/978-3-030-99584-3_13
AbstractPrivacy on online social networks is a concern, specifically in relation to sharing co-owned images. Co-owned images raise a privacy conundrum, in that enforcing privacy policies impacts negatively on performance and usability. In most existing work, this issue is addressed by requiring users from the same or overlapping friendship networks to contribute privacy opinions vis-a-vis posting the co-owned image. This poses two issues: (1) privacy posting decisions cannot be made, resulting in delay; and (2) ineffective user opinion computation necessitates large amounts of image distortion, resulting in low levels of user satisfaction. In this paper, we present a multi-agent system in which an opinion formulation algorithm computes offline user opinions based on user personality and behaviour information. Our results indicate that posting decisions, for images in which all co-owners are offline, take 3.81 s on average.

2021 [ nach oben ]

1.
Grüner, A., Mühle, A., Meinel, C.: Analyzing Interoperability and Portability Concepts for Self-Sovereign Identity. Proceedings of the 2021 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (accepted). IEEE, Shenyang, China (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.
@inproceedings{gruner2021analyzing, abstract = {The Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.}, address = {Shenyang, China}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 2021 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (accepted)}, keywords = {myown blockchain identity ssi decentralized trust}, publisher = {IEEE}, title = {Analyzing Interoperability and Portability Concepts for Self-Sovereign Identity}, year = 2021 }
Weitere Informationen
AbstractThe Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.

2.
Ehrmann, L., Stolle, M., Klieme, E., Tietz, C., Meinel, C.: Detecting Interaction Activities While Walking Using Smartphone Sensors. In: Barolli, L., Woungang, I., and Enokido, T. (eds.) Advanced Information Networking and Applications. pp. 382–393. Springer (2021).
[ BibTeX ] [ Details ]
 
@conference{noauthororeditor, author = {Ehrmann, Lukas and Stolle, Marvin and Klieme, Eric and Tietz, Christian and Meinel, Christoph}, booktitle = {Advanced Information Networking and Applications}, editor = {Barolli, Leonard and Woungang, Isaac and Enokido, Tomoya}, keywords = {seceng-security-tech myown smartphone detection activity seceng-secure-identities its interaction human seceng-biometric-authentication}, pages = {382-393}, publisher = {Springer}, title = {Detecting Interaction Activities While Walking Using Smartphone Sensors}, year = 2021 }
Weitere Informationen
HerausgeberBarolli, Leonard and Woungang, Isaac and Enokido, Tomoya
URNhttp://dx.doi.org/10.1007/978-3-030-75075-6_31

3.
Grüner, A., Mühle, A., Meinel, C.: On the Structure and Assessment of Trust Models in Attribute Assurance. Proceedings of the 35th International Conference on Advanced Information Networking and Applications. Springer, Toronto, Canada (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Online services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.
@inproceedings{gruner2021structure, abstract = {Online services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.}, address = {Toronto, Canada}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 35th International Conference on Advanced Information Networking and Applications}, keywords = {assurance myown identity attribute trust}, publisher = {Springer}, title = {On the Structure and Assessment of Trust Models in Attribute Assurance}, year = 2021 }
Weitere Informationen
AbstractOnline services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.

4.
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: A Review of Scaling Genome Sequencing Data Anonymisation. In: Barolli, L., Woungang, I., and Enokido, T. (eds.) Advanced Information Networking and Applications - Proceedings of the 35th International Conference on Advanced Information Networking and Applications (AINA-2021), Toronto, ON, Canada, 12-14 May, 2021, Volume 3. pp. 491–501. Springer (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Sequencing genomes and analysing their variations can make an essential contribution to healthcare research on drug discovery and advancing clinical care, for instance. Genome sequencing data, however, presents a special case of highly sparsely populated, multi-attribute, high-dimensional data, in which each record (tuple) can be associated with more than tens of thousands of attributes on average. Since anonymising genome sequencing data is a necessary pre-processing step for privacy-preserving genomic data analysis for personalised care, discovering all the quasi-identifier combinations required to preserve anonymity is essential; This requires verifying an exponential number of quasi-identifier candidates to identify and remove all unique data values, an NP-hard problem for larger datasets. Furthermore, recent work classifies this problem to be at the very least W[2]-complete and not a fixed-parameter tractable problem. Thus, achieving efficient and scalable anonymisation of genome sequence data is a challenging problem. In this paper, we summarise the uniqueness of ensuring privacy in the context of (whole) genome sequencing. Further, we show and compare the latest trends to discover quasi-identifiers (QID) in large-scale genome data and concepts to counter the exponential runtime growth during QID candidate processing in this field. Finally, we present an architecture incorporating previous enhancements to enable near real-time QID discovery in high-dimensional genome data based on vectorised GPU-acceleration. Achieving anonymisation processing in our experiments in just a few seconds, which corresponds to speedups by factor 100, can be essential in life-or-death situations like triage.
@inproceedings{DBLP:conf/aina/PodlesnyKM21, abstract = {Sequencing genomes and analysing their variations can make an essential contribution to healthcare research on drug discovery and advancing clinical care, for instance. Genome sequencing data, however, presents a special case of highly sparsely populated, multi-attribute, high-dimensional data, in which each record (tuple) can be associated with more than tens of thousands of attributes on average. Since anonymising genome sequencing data is a necessary pre-processing step for privacy-preserving genomic data analysis for personalised care, discovering all the quasi-identifier combinations required to preserve anonymity is essential; This requires verifying an exponential number of quasi-identifier candidates to identify and remove all unique data values, an NP-hard problem for larger datasets. Furthermore, recent work classifies this problem to be at the very least W[2]-complete and not a fixed-parameter tractable problem. Thus, achieving efficient and scalable anonymisation of genome sequence data is a challenging problem. In this paper, we summarise the uniqueness of ensuring privacy in the context of (whole) genome sequencing. Further, we show and compare the latest trends to discover quasi-identifiers (QID) in large-scale genome data and concepts to counter the exponential runtime growth during QID candidate processing in this field. Finally, we present an architecture incorporating previous enhancements to enable near real-time QID discovery in high-dimensional genome data based on vectorised GPU-acceleration. Achieving anonymisation processing in our experiments in just a few seconds, which corresponds to speedups by factor 100, can be essential in life-or-death situations like triage.}, author = {Podlesny, Nikolai J. and Kayem, Anne V. D. M. and Meinel, Christoph}, booktitle = {Advanced Information Networking and Applications - Proceedings of the 35th International Conference on Advanced Information Networking and Applications (AINA-2021), Toronto, ON, Canada, 12-14 May, 2021, Volume 3}, editor = {Barolli, Leonard and Woungang, Isaac and Enokido, Tomoya}, keywords = {myown privacy security trust}, pages = {491–501}, publisher = {Springer}, series = {Lecture Notes in Networks and Systems}, title = {A Review of Scaling Genome Sequencing Data Anonymisation}, volume = 227, year = 2021 }
Weitere Informationen
HerausgeberBarolli, Leonard and Woungang, Isaac and Enokido, Tomoya
URNhttp://dx.doi.org/10.1007/978-3-030-75078-7_49
AbstractSequencing genomes and analysing their variations can make an essential contribution to healthcare research on drug discovery and advancing clinical care, for instance. Genome sequencing data, however, presents a special case of highly sparsely populated, multi-attribute, high-dimensional data, in which each record (tuple) can be associated with more than tens of thousands of attributes on average. Since anonymising genome sequencing data is a necessary pre-processing step for privacy-preserving genomic data analysis for personalised care, discovering all the quasi-identifier combinations required to preserve anonymity is essential; This requires verifying an exponential number of quasi-identifier candidates to identify and remove all unique data values, an NP-hard problem for larger datasets. Furthermore, recent work classifies this problem to be at the very least W[2]-complete and not a fixed-parameter tractable problem. Thus, achieving efficient and scalable anonymisation of genome sequence data is a challenging problem. In this paper, we summarise the uniqueness of ensuring privacy in the context of (whole) genome sequencing. Further, we show and compare the latest trends to discover quasi-identifiers (QID) in large-scale genome data and concepts to counter the exponential runtime growth during QID candidate processing in this field. Finally, we present an architecture incorporating previous enhancements to enable near real-time QID discovery in high-dimensional genome data based on vectorised GPU-acceleration. Achieving anonymisation processing in our experiments in just a few seconds, which corresponds to speedups by factor 100, can be essential in life-or-death situations like triage.

5.
Grüner, A., Mühle, A., Meinel, C.: ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider. IEEE Access. 9, 138553–138570 (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.
@article{gruner2021design, abstract = {Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, journal = {IEEE Access}, keywords = {assurance myown blockchain identity ssi attribute trust}, pages = {138553 - 138570}, title = {ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider}, volume = 9, year = 2021 }
Weitere Informationen
AbstractIdentity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.

6.
Motlagh, F.N., Kayem, A.V., Podlesny, N.J., Meinel, C.: Enabling Co-Owned Image Privacy on Social Media via Agent Negotiation. The 23rd International Conference on Information Integration and Web Intelligence. pp. 152–156. Association for Computing Machinery, Linz, Austria (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Social media has become a popular communication platform on which shared content such as images form a large part of the communicated data. Yet, shared images can reveal sensitive information in the sense that the data after its publication remains accessible. Existing studies provide mechanisms to modify co-owned images for user privacy but require that every user involved be online in order to reach an agreement. In cases where users are offline at the time when the image is posted, no privacy agreement can be reached. Having a method of reaching a privacy agreement even when some of the users in the co-owned image are offline is useful in enforcing individual privacy settings vis-a-vis the co-owned image. In this paper, we present a multi-agent negotiation model that enforces individual privacy settings with respect to co-owned images even when the users are offline. Our multi-agent model includes three components, namely a coordinator agent, predictor agent, and filtering algorithm. The coordinator agent collects users’ opinions vis-a-vis a co-owned image to form an image that expresses the opinions of the involved users. The predictor agent supports the expression of offline user opinions, while the filtering algorithm removes privacy-violating information with respect to recent user opinions. Results from our proof-of-concept implementation indicate that improved efficiency in terms of privacy decisions can be achieved by employing agents to support offline user decisions regarding shared content.
@inproceedings{10.1145/3487664.3487685, abstract = {Social media has become a popular communication platform on which shared content such as images form a large part of the communicated data. Yet, shared images can reveal sensitive information in the sense that the data after its publication remains accessible. Existing studies provide mechanisms to modify co-owned images for user privacy but require that every user involved be online in order to reach an agreement. In cases where users are offline at the time when the image is posted, no privacy agreement can be reached. Having a method of reaching a privacy agreement even when some of the users in the co-owned image are offline is useful in enforcing individual privacy settings vis-a-vis the co-owned image. In this paper, we present a multi-agent negotiation model that enforces individual privacy settings with respect to co-owned images even when the users are offline. Our multi-agent model includes three components, namely a coordinator agent, predictor agent, and filtering algorithm. The coordinator agent collects users’ opinions vis-a-vis a co-owned image to form an image that expresses the opinions of the involved users. The predictor agent supports the expression of offline user opinions, while the filtering algorithm removes privacy-violating information with respect to recent user opinions. Results from our proof-of-concept implementation indicate that improved efficiency in terms of privacy decisions can be achieved by employing agents to support offline user decisions regarding shared content.}, address = {New York, NY, USA}, author = {Motlagh, Farzad Nourmohammadzadeh and Kayem, Anne V.D.M. and Podlesny, Nikolai Jannik and Meinel, Christoph}, booktitle = {The 23rd International Conference on Information Integration and Web Intelligence}, keywords = {myown agent social negotiation privacy collaboration network Online}, pages = {152–156}, publisher = {Association for Computing Machinery}, series = {iiWAS2021}, title = {Enabling Co-Owned Image Privacy on Social Media via Agent Negotiation}, type = {Publication}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/3487664.3487685
AbstractSocial media has become a popular communication platform on which shared content such as images form a large part of the communicated data. Yet, shared images can reveal sensitive information in the sense that the data after its publication remains accessible. Existing studies provide mechanisms to modify co-owned images for user privacy but require that every user involved be online in order to reach an agreement. In cases where users are offline at the time when the image is posted, no privacy agreement can be reached. Having a method of reaching a privacy agreement even when some of the users in the co-owned image are offline is useful in enforcing individual privacy settings vis-a-vis the co-owned image. In this paper, we present a multi-agent negotiation model that enforces individual privacy settings with respect to co-owned images even when the users are offline. Our multi-agent model includes three components, namely a coordinator agent, predictor agent, and filtering algorithm. The coordinator agent collects users’ opinions vis-a-vis a co-owned image to form an image that expresses the opinions of the involved users. The predictor agent supports the expression of offline user opinions, while the filtering algorithm removes privacy-violating information with respect to recent user opinions. Results from our proof-of-concept implementation indicate that improved efficiency in terms of privacy decisions can be achieved by employing agents to support offline user decisions regarding shared content.

7.
Podlesny, N.J., Kayem, A.V.D.M., Meinel, C.: GPU Accelerated Bayesian Inference for Quasi-Identifier Discovery in High-Dimensional Data. In: Barolli, L., Woungang, I., and Enokido, T. (eds.) Advanced Information Networking and Applications - Proceedings of the 35th International Conference on Advanced Information Networking and Applications (AINA-2021), Toronto, ON, Canada, 12-14 May, 2021, Volume 2. pp. 495–508. Springer (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2021accelerated, author = {Podlesny, Nikolai J. and Kayem, Anne V. D. M. and Meinel, Christoph}, booktitle = {Advanced Information Networking and Applications - Proceedings of the 35th International Conference on Advanced Information Networking and Applications (AINA-2021), Toronto, ON, Canada, 12-14 May, 2021, Volume 2}, editor = {Barolli, Leonard and Woungang, Isaac and Enokido, Tomoya}, keywords = {myown}, pages = {495–508}, publisher = {Springer}, series = {Lecture Notes in Networks and Systems}, title = {GPU Accelerated Bayesian Inference for Quasi-Identifier Discovery in High-Dimensional Data}, volume = 226, year = 2021 }
Weitere Informationen
HerausgeberBarolli, Leonard and Woungang, Isaac and Enokido, Tomoya
URNhttp://dx.doi.org/10.1007/978-3-030-75075-6_40

8.
Klieme, E., Trenz, P., Paeschke, D., Tietz, C., Meinel, C.: DoorCollect: Towards a Smart Door Handle for User Identification based on a Data Collection System for unsupervised Long-Term Experiments. 2021 IEEE Symposium on Computers and Communications (ISCC). pp. 1–7 (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{9631517, author = {Klieme, Eric and Trenz, Philipp and Paeschke, Daniel and Tietz, Christian and Meinel, Christoph}, booktitle = {2021 IEEE Symposium on Computers and Communications (ISCC)}, keywords = {door seceng-secure-identities its data collection biometrics seceng-security-tech authentication behavioral unsupervised seceng-biometric-authentication}, pages = {1-7}, title = {DoorCollect: Towards a Smart Door Handle for User Identification based on a Data Collection System for unsupervised Long-Term Experiments}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISCC53001.2021.9631517

9.
Koehler, D., Serth, S., Meinel, C.: Consuming Security: Evaluating Podcasts to Promote Online Learning Integrated with Everyday Life. 2021 World Engineering Education Forum/Global Engineering Deans Council (WEEF/GEDC). pp. 476–481. IEEE, Madrid, Spain (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Traditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.
@inproceedings{koehlerConsumingSecurityEvaluating2021, abstract = {Traditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.}, address = {{Madrid, Spain}}, author = {Koehler, Daniel and Serth, Sebastian and Meinel, Christoph}, booktitle = {2021 {{World Engineering Education Forum}}/{{Global Engineering Deans Council}} ({{WEEF}}/{{GEDC}})}, keywords = {myown webuniversity its}, month = {nov}, pages = {476–481}, publisher = {{IEEE}}, title = {Consuming {{Security}}: {{Evaluating Podcasts}} to {{Promote Online Learning Integrated}} with {{Everyday Life}}}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/WEEF/GEDC53299.2021.9657464
AbstractTraditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.

10.
Koehler, D., Klieme, E., Kreuseler, M., Cheng, F., Meinel, C.: Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords. Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021). IEEE (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{koehler2021assessment, author = {Koehler, Daniel and Klieme, Eric and Kreuseler, Matthias and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021)}, keywords = {authentication biometric smartphones seceng-biometric-authentication remote}, month = {January}, publisher = {IEEE}, series = {Proceedings of the EEE International Conference on Cryptography, Security and Privacy}, title = {Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSP51677.2021.9357504

11.
Koehler, D., Klieme, E., Kreuseler, D., Cheng, F., Meinel, C.: Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords. Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021). IEEE (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{noauthororeditor2021assessment, author = {Koehler, Daniel and Klieme, Eric and Kreuseler, Daniel and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021)}, keywords = {seceng-security-tech authentication biometric myown seceng-secure-identities its smartphones seceng-biometric-authentication remote}, month = {January}, publisher = {IEEE}, series = {IProceedings of the EEE International Conference on Cryptography, Security and Privacy}, title = {Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords}, year = 2021 }
Weitere Informationen

2020 [ nach oben ]

1.
Klieme, E., Wilke, J., van Dornick, N., Meinel, C.: FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 1857–1867 (2020).
[ BibTeX ] [ Details ]
 
@inproceedings{9343231, author = {Klieme, Eric and Wilke, Jonathan and van Dornick, Niklas and Meinel, Christoph}, booktitle = {2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)}, keywords = {seceng-security-tech authentication myown smartphone seceng-secure-identities continuous its behavioral webauthn seceng-biometric-authentication FIDO2}, pages = {1857-1867}, title = {FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication}, year = 2020 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/TrustCom50675.2020.00254

2.
Tietz, C., Klieme, E., Brabender, R., Lasarow, T., Rambold, L., Meinel, C.: Under Pressure: Pushing Down on Me - Touch Sensitive Door Handle to Identify Users at Room Entry. In: Samarati, P., di Vimercati, S.D.C., Obaidat, M.S., and Ben-Othman, J. (eds.) Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 - Volume 2: SECRYPT, Lieusaint, Paris, France, July 8-10, 2020. pp. 565–571. ScitePress (2020).
[ BibTeX ] [ Details ]
 
@inproceedings{DBLP:conf/icete/TietzKBLRM20, author = {Tietz, Christian and Klieme, Eric and Brabender, Rachel and Lasarow, Theresa and Rambold, Lukas and Meinel, Christoph}, booktitle = {Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, {ICETE} 2020 - Volume 2: SECRYPT, Lieusaint, Paris, France, July 8-10, 2020}, editor = {Samarati, Pierangela and di Vimercati, Sabrina De Capitani and Obaidat, Mohammad S. and Ben{-}Othman, Jalel}, keywords = {seceng-security-tech authentication myown door seceng-secure-identities handle its behavioral touch interaction seceng-biometric-authentication}, pages = {565–571}, publisher = {ScitePress}, title = {Under Pressure: Pushing Down on Me - Touch Sensitive Door Handle to Identify Users at Room Entry}, year = 2020 }
Weitere Informationen
HerausgeberSamarati, Pierangela and di Vimercati, Sabrina De Capitani and Obaidat, Mohammad S. and Ben-Othman, Jalel
URNhttp://dx.doi.org/10.5220/0009818805650571

3.
Grüner, A., Mühle, A., Meinel, C.: A Taxonomy of Trust Models for Attribute Assurance in Identity Management. Proceedings of the Workshops of the International 34th Conference on Advanced Information Networking and Applications. Springer, Caserta, Italy (2020).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Attribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.
@conference{gruner2020taxonomy, abstract = {Attribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.}, address = {Caserta, Italy}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the Workshops of the International 34th Conference on Advanced Information Networking and Applications}, keywords = {assurance myown identity attribute trust}, publisher = {Springer}, title = {A Taxonomy of Trust Models for Attribute Assurance in Identity Management}, year = 2020 }
Weitere Informationen
AbstractAttribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.

2019 [ nach oben ]

1.
Najafi, P., Mühle, A., Pünter, W., Cheng, F., Meinel, C.: MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs. Proceedings of the 35th Annual Computer Security Applications Conference. pp. 417–429. ACM (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.
@inproceedings{najafi2019malrank, abstract = {In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.}, author = {Najafi, Pejman and M{ü}hle, Alexander and P{ü}nter, Wenzel and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 35th Annual Computer Security Applications Conference}, keywords = {seceng-security-tech myown seceng-security-analytics big-data security graph-mining}, organization = {ACM}, pages = {417–429}, title = {MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs}, year = 2019 }
Weitere Informationen
AbstractIn this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.

2.
Seidel, F., Krentz, K.-F., Meinel, C.: Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
[ Abstract ] [ BibTeX ] [ Details ]
 
Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.
@conference{seidel2019enroute, abstract = {Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.}, address = {Limerick, Ireland}, author = {Seidel, Felix and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers}, year = 2019 }
Weitere Informationen
AbstractDevices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.

3.
Bock, B., Matysik, J.-T., Krentz, K.-F., Meinel, C.: Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
[ Abstract ] [ BibTeX ] [ Details ]
 
While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
@conference{bock2019layer, abstract = {While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.}, address = {Limerick, Ireland}, author = {Bock, Benedikt and Matysik, Jan-Tobias and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme}, year = 2019 }
Weitere Informationen
AbstractWhile the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.

4.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Comparative Analysis of Trust Requirements in Decentralized Identity Management. Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications. Springer, Matsue, Japan (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
@inproceedings{gruner2019comparative, abstract = {Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.}, address = {Matsue, Japan}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications}, keywords = {myown blockchain identity its decentralized requirements security trust}, publisher = {Springer}, title = {A Comparative Analysis of Trust Requirements in Decentralized Identity Management}, year = 2019 }
Weitere Informationen
AbstractIdentity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.

5.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2019slingshot, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {myown incident-response threat-detection cloud-security security}, publisher = {IEEE}, title = {SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems}, type = {Publication}, year = 2019 }
Weitere Informationen

6.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: Security Chaos Engineering for Cloud Services. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2019security, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {resilient-architecutures myown cloud-security its chaos-engineering security}, publisher = {IEEE}, title = {Security Chaos Engineering for Cloud Services}, year = 2019 }
Weitere Informationen

7.
Grüner, A., Mühle, A., Meinel, C.: An Integration Architecture to Enable Service Providers for Self-sovereign Identity. Proceedings of the 18th. International Symposium on Network Computing and Applications. IEEE, Boston, MA (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.
@inproceedings{gruner2019integration, abstract = {The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.}, address = {Boston, MA}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 18th. International Symposium on Network Computing and Applications}, keywords = {myown blockchain identity ssi decentralized trust}, publisher = {IEEE}, title = {An Integration Architecture to Enable Service Providers for Self-sovereign Identity}, year = 2019 }
Weitere Informationen
AbstractThe self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.

8.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization. Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. pp. 109–119. ACM (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019attribute, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy}, keywords = {imported}, organization = {ACM}, pages = {109–119}, title = {Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization}, year = 2019 }
Weitere Informationen

9.
Podlesny, N.J., Kayem, A.V., Meinel, C., Jungmann, S.: How Data Anonymisation Techniques influence Disease Triage in Digital Health: A Study on Base Rate Neglect. Proceedings of the 9th International Conference on Digital Public Health. pp. 55–62. ACM (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019data, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph and Jungmann, Sven}, booktitle = {Proceedings of the 9th International Conference on Digital Public Health}, keywords = {imported}, organization = {ACM}, pages = {55–62}, title = {How Data Anonymisation Techniques influence Disease Triage in Digital Health: A Study on Base Rate Neglect}, year = 2019 }
Weitere Informationen

10.
Podlesny, N.J.: High-dimensional data anonymization for in-memory applications, (2019).
[ BibTeX ] [ Details ]
 
@misc{podlesny2019high, author = {Podlesny, Nikolai Jannik}, keywords = {imported}, note = {US Patent App. 15/923,613}, publisher = {Google Patents}, title = {High-dimensional data anonymization for in-memory applications}, year = 2019 }
Weitere Informationen

11.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Identifying Data Exposure Across Distributed High-Dimensional Health Data Silos through Bayesian Networks Optimised by Multigrid and Manifold. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). pp. 556–563. IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019identifying, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)}, keywords = {imported}, organization = {IEEE}, pages = {556–563}, title = {Identifying Data Exposure Across Distributed High-Dimensional Health Data Silos through Bayesian Networks Optimised by Multigrid and Manifold}, year = 2019 }
Weitere Informationen

12.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Towards Identifying De-anonymisation Risks in Distributed Health Data Silos. International Conference on Database and Expert Systems Applications. pp. 33–43. Springer (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019towards, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {International Conference on Database and Expert Systems Applications}, keywords = {imported}, organization = {Springer}, pages = {33–43}, title = {Towards Identifying De-anonymisation Risks in Distributed Health Data Silos}, year = 2019 }
Weitere Informationen

13.
Grüner, A., Mühle, A., Meinel, C.: Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance. Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence in Cyber Security. IEEE, Xiamen, China (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
@inproceedings{gruner2019using, abstract = {Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.}, address = {Xiamen, China}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence in Cyber Security}, keywords = {myown blockchain identity aggregation attribute trust}, publisher = {IEEE}, title = {Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance}, year = 2019 }
Weitere Informationen
AbstractIdentity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.

14.
Tietz, C., Klieme, E., Behrendt, L., Böning, P., Marschke, L., Meinel, C.: Verification of Keyboard Acoustics Authentication on Laptops and Smartphones Using WebRTC. 2019 3rd Cyber Security in Networking Conference (CSNet). pp. 130–137 (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{9108962, author = {Tietz, Christian and Klieme, Eric and Behrendt, Lukas and Böning, Pawel and Marschke, Leonard and Meinel, Christoph}, booktitle = {2019 3rd Cyber Security in Networking Conference (CSNet)}, keywords = {seceng-security-tech authentication myown smartphone seceng-secure-identities sound its behavioral typing seceng-biometric-authentication laptop}, pages = {130-137}, title = {Verification of Keyboard Acoustics Authentication on Laptops and Smartphones Using WebRTC}, year = 2019 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSNet47905.2019.9108962

2018 [ nach oben ]

1.
Torkura, K.A., Sukmana, M.I., Meinig, M., Graupner, H., Cheng, F., Meinel, C.: A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems. 16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018). IEEE/IFIP (2018).
[ Abstract ] [ BibTeX ] [ Details ]
 
Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.
@inproceedings{a2017threat, abstract = {Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinig, Michael and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018)}, keywords = {myown cloud-storage threat-analysis cloud-security its}, publisher = {IEEE/IFIP}, series = {NOMS}, title = {A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems}, year = 2018 }
Weitere Informationen
AbstractCloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.

2.
Krentz, K.-F., Meinel, C., Graupner, H.: Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018). Junction, Madrid, Spain (2018).
[ Abstract ] [ BibTeX ] [ Details ]
 
Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
@conference{krentz2018denialofsleepresilient, abstract = {Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.}, address = {Madrid, Spain}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018)}, keywords = {myown iot}, publisher = {Junction}, title = {Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive}, year = 2018 }
Weitere Informationen
AbstractBattery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.

3.
Torkura, K. .A, Sukmana, M.I.H., Meinig, M., Kayem, A., Cheng, F., Graupner, H., Meinel, C.: Securing Cloud Storage Brokerage Systems through Threat Models. The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018). IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkuara2018securing, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Meinig, Michael and Kayem, Anne and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018)}, keywords = {myown threat-analysis its security}, publisher = {IEEE}, title = {Securing Cloud Storage Brokerage Systems through Threat Models}, year = 2018 }
Weitere Informationen

4.
Torkura, K. .A, Sukmana, M.I.H., Kayem, A.V., Cheng, F., Meinel, C.: A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures. 32nd IEEE International Symposium on Parallel and Distributed Processing with Applications. IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{noauthororeditor2018cyber, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Kayem, Anne VDM and Cheng, Feng and Meinel, Christoph}, booktitle = {32nd IEEE International Symposium on Parallel and Distributed Processing with Applications}, keywords = {myown security-risk-analysis cloud-security its security}, publisher = {IEEE}, title = {A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures}, year = 2018 }
Weitere Informationen

5.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era. 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018). Springer (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018cavas, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018)}, keywords = {myown cloud-security its microservices-security container-security}, publisher = {Springer}, title = {CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era}, year = 2018 }
Weitere Informationen

6.
Torkura, K. .A, Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018). IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018csbauditor, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018)}, keywords = {myown assessments cloud-security its}, publisher = {IEEE}, title = {CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems}, year = 2018 }
Weitere Informationen

7.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Quantifiable Trust Model for Blockchain-Based Identity Management. Proceedings of the 2018 International Conference on Blockchain. IEEE, Halifax, Canada (2018).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.
@inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel07/2018, abstract = {Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.}, address = {Halifax, Canada}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 2018 International Conference on Blockchain}, keywords = {Blockchain myown identity trust}, publisher = {IEEE}, title = {A Quantifiable Trust Model for Blockchain-Based Identity Management}, year = 2018 }
Weitere Informationen
AbstractRemoving the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.

8.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: Towards a Blockchain-based Identity Provider. Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies. IARIA, Venice, Italy (2018).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.
@inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel09/2018, abstract = {The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.}, address = {Venice, Italy}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies}, keywords = {myown blockchain identity Ethereum}, publisher = {IARIA}, title = {Towards a Blockchain-based Identity Provider}, year = 2018 }
Weitere Informationen
AbstractThe emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.

9.
Torkura, K. .A, Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: Defeating Malicious Intrusions in Multi-Cloud Storage Systems. Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018. Hasso Plattner Institute, Potsdam, Germany (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018defeating, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018}, keywords = {risk-assessment myown cloud-security its}, publisher = {Hasso Plattner Institute, Potsdam, Germany}, series = {Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam}, title = {Defeating Malicious Intrusions in Multi-Cloud Storage Systems}, year = 2018 }
Weitere Informationen

10.
Podlesny, N.J., Kayem, A.V., von Schorlemer, S., Uflacker, M.: Minimising Information Loss on Anonymised High Dimensional Data with Greedy In-Memory Processing. International Conference on Database and Expert Systems Applications. pp. 85–100. Springer (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2018minimising, author = {Podlesny, Nikolai J and Kayem, Anne VDM and von Schorlemer, Stephan and Uflacker, Matthias}, booktitle = {International Conference on Database and Expert Systems Applications}, keywords = {imported}, organization = {Springer}, pages = {85–100}, title = {Minimising Information Loss on Anonymised High Dimensional Data with Greedy In-Memory Processing}, year = 2018 }
Weitere Informationen

11.
Klieme, E., Tietz, C., Meinel, C.: Beware of SMOMBIES: Verification of Users Based on Activities While Walking. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). pp. 651–660 (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{klieme2019smombies, author = {Klieme, Eric and Tietz, Christian and Meinel, Christoph}, booktitle = {2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)}, keywords = {myown seceng-secure-identities its data collection gyroscope seceng-security-tech authentication gait accelerometer behavioral machine sensor vector support seceng-biometric-authentication}, month = {aug}, pages = {651-660}, title = {Beware of SMOMBIES: Verification of Users Based on Activities While Walking}, year = 2018 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/TrustCom/BigDataSE.2018.00096

2017 [ nach oben ]

1.
Krentz, K.-F., Meinel, C., Graupner, H.: Secure Self-Seeding with Power-Up SRAM States. Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017). IEEE, Heraklion, Greece (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
@inproceedings{2017_Krentz_ISCC, abstract = {Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.}, address = {Heraklion, Greece}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017)}, keywords = {its}, publisher = {IEEE}, title = {Secure Self-Seeding with Power-Up SRAM States}, year = 2017 }
Weitere Informationen
AbstractGenerating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.

2.
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages. 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM, Delft, The Netherlands (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
@conference{seitz2017abstract, abstract = {IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.}, address = {Delft, The Netherlands}, author = {Seitz, Klara and Serth, Sebastian and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017)}, keywords = {IoT}, publisher = {ACM}, title = {Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages}, year = 2017 }
Weitere Informationen
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.

3.
Krentz, K.-F., Meinel, C., Graupner, H.: More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization. Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017). Springer, Nancy, France (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
@conference{krentz2017lightweight, abstract = {802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.}, address = {Nancy, France}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017)}, keywords = {myown IoT}, publisher = {Springer}, title = {More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization}, year = 2017 }
Weitere Informationen
Abstract802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.

4.
Torkura, K.A., Sukmana, M.I., Meinel, C.: Integrating Continuous Security Assessments in Microservices and Cloud Native Applications. Proceedings of the10th International Conference on Utility and Cloud Computing. pp. 171–180. ACM (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.
@inproceedings{atorkura2017integrating, abstract = {Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinel, Christoph}, booktitle = {Proceedings of the10th International Conference on Utility and Cloud Computing}, keywords = {myown assessments its security}, organization = {IEEE/CM}, pages = {171–180}, publisher = {ACM}, series = {UCC '17}, title = {Integrating Continuous Security Assessments in Microservices and Cloud Native Applications}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/3147213.3147229
AbstractCloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.

5.
Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Classification using Machine Learning. Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017). Springer (2017).
[ BibTeX ] [ Details ]
 
@inproceedings{gawron2017automatic, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017)}, keywords = {security}, publisher = {Springer}, title = {Automatic Vulnerability Classification using Machine Learning}, year = 2017 }
Weitere Informationen

6.
Najafi, P., Sapegin, A., Cheng, F., Meinel, C.: Guilt-by-Association: Detecting Malicious Entities via Graph Mining. International Conference on Security and Privacy in Communication Systems. pp. 88–107. Springer (2017).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
In this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.
@inproceedings{najafi2017guilt, abstract = {In this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.}, author = {Najafi, Pejman and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {International Conference on Security and Privacy in Communication Systems}, keywords = {seceng-security-tech myown seceng-security-analytics big-data security graph-mining}, organization = {Springer}, pages = {88–107}, title = {Guilt-by-Association: Detecting Malicious Entities via Graph Mining}, year = 2017 }
Weitere Informationen
AbstractIn this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.

7.
Krentz, K.-F., Meinel, C., Graupner, H.: Countering Three Denial-of-Sleep Attacks on ContikiMAC. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017). Junction, Uppsala, Sweden (2017).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2017_Krentz_EWSN, address = {Uppsala, Sweden}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017)}, keywords = {its}, publisher = {Junction}, title = {Countering Three Denial-of-Sleep Attacks on ContikiMAC}, year = 2017 }
Weitere Informationen

8.
Torkura, K.A., Sukmana, M.I., Cheng, F., Meinel, C.: Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications. Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud). IEEE (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.
@conference{torkura2017leveraging, abstract = {This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.}, author = {Torkura, Kennedy A and Sukmana, Muhammad IH and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud)}, keywords = {myown its}, month = {23 Nov 2017}, publisher = {IEEE}, title = {Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SmartCloud.2017.21
AbstractThis paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.

9.
Kayem, A., Meinel, C.: Clustering Heuristics for Efficient t-closeness Anonymisation. In: Benslimane, D., Damiani, E., Grosky, W.I., Hameurlain, A., Sheth, A.P., and Wagner, R.R. (eds.) Proceedings of the 28th International Conference on Database and Expert Systems Applications. pp. 27–34. Springer (2017).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Anonymisation based on \(t\)-closeness is a privacy-preserving method of publishing micro-data that is safe from skewness, and similarity attacks. The \(t\)-closeness privacy requirement for publishing microdata requires that the distance between the distribution of a sensitive attribute in an equivalence class, and the distribution of sensitive attributes in the whole micro-data set, be no greater than a threshold value of \(t\). An equivalence class is a set records that are similar with respect to certain identifying attributes (quasi-identifiers), and a micro- data set is said to be \(t\)-close when all such equivalence classes satisfy \(t\)-closeness. However, the \(t\)-closeness anonymisation problem is NP-Hard. As a performance efficient alternative, we propose a \(t\)-clustering algorithm with an average time complexity of \(O(m^2 log n)\) where \(n\) and \(m\) are the number of tuples and attributes, respectively. We address privacy disclosures by using heuristics based on noise additions to distort the anonymised datasets, while minimising information loss. Our experiments indicate that our proposed algorithm is time efficient and practically scalable.
@inproceedings{DBLP:conf/dexa/KayemM17, abstract = {Anonymisation based on \(t\)-closeness is a privacy-preserving method of publishing micro-data that is safe from skewness, and similarity attacks. The \(t\)-closeness privacy requirement for publishing microdata requires that the distance between the distribution of a sensitive attribute in an equivalence class, and the distribution of sensitive attributes in the whole micro-data set, be no greater than a threshold value of \(t\). An equivalence class is a set records that are similar with respect to certain identifying attributes (quasi-identifiers), and a micro- data set is said to be \(t\)-close when all such equivalence classes satisfy \(t\)-closeness. However, the \(t\)-closeness anonymisation problem is NP-Hard. As a performance efficient alternative, we propose a \(t\)-clustering algorithm with an average time complexity of \(O(m^2 log n)\) where \(n\) and \(m\) are the number of tuples and attributes, respectively. We address privacy disclosures by using heuristics based on noise additions to distort the anonymised datasets, while minimising information loss. Our experiments indicate that our proposed algorithm is time efficient and practically scalable.}, author = {Kayem, Anne and Meinel, Christoph}, booktitle = {Proceedings of the 28th International Conference on Database and Expert Systems Applications}, crossref = {DBLP:conf/dexa/2017-2}, editor = {Benslimane, Djamal and Damiani, Ernesto and Grosky, William I. and Hameurlain, Abdelkader and Sheth, Amit P. and Wagner, Roland R.}, keywords = {myown year2017 christophmeinel DEXA2017 annekayem}, month = {August}, pages = {27–34}, publisher = {Springer}, title = {Clustering Heuristics for Efficient t-closeness Anonymisation}, year = 2017 }
Weitere Informationen
HerausgeberBenslimane, Djamal and Damiani, Ernesto and Grosky, William I. and Hameurlain, Abdelkader and Sheth, Amit P. and Wagner, Roland R.
URNhttp://dx.doi.org/10.1007/978-3-319-64471-4_3
AbstractAnonymisation based on \(t\)-closeness is a privacy-preserving method of publishing micro-data that is safe from skewness, and similarity attacks. The \(t\)-closeness privacy requirement for publishing microdata requires that the distance between the distribution of a sensitive attribute in an equivalence class, and the distribution of sensitive attributes in the whole micro-data set, be no greater than a threshold value of \(t\). An equivalence class is a set records that are similar with respect to certain identifying attributes (quasi-identifiers), and a micro- data set is said to be \(t\)-close when all such equivalence classes satisfy \(t\)-closeness. However, the \(t\)-closeness anonymisation problem is NP-Hard. As a performance efficient alternative, we propose a \(t\)-clustering algorithm with an average time complexity of \(O(m^2 log n)\) where \(n\) and \(m\) are the number of tuples and attributes, respectively. We address privacy disclosures by using heuristics based on noise additions to distort the anonymised datasets, while minimising information loss. Our experiments indicate that our proposed algorithm is time efficient and practically scalable.

10.
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages. Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM Press, New York, NY, USA (2017).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
@inproceedings{seitzEnablingEnRouteFiltering2017, abstract = {IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.}, address = {New York, NY, USA}, author = {Seitz, Klara and Serth, Sebastian and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017)}, keywords = {myown its IoT}, month = {02}, organization = {ACM Press}, publisher = {ACM Press}, series = {SenSys '17}, title = {Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/3131672.3136960
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.

2016 [ nach oben ]

1.
Krentz, K.-F., Meinel, C., Schnjakin, M.: POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames. Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016). IEEE, Salzburg, Austria (2016).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2016_Krentz_ARES, address = {Salzburg, Austria}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Schnjakin, Maxim}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016)}, keywords = {its}, publisher = {IEEE}, title = {POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ARES.2016.7

2.
Torkura, K., Meinel, C.: Towards Vulnerability Assessment as a Service in OpenStack Clouds. Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN). IEEE, Dubai, UAE (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.
@inproceedings{Kennedy2016a, abstract = {Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.}, address = {Dubai, UAE}, author = {Torkura, Kennedy and Meinel, Christoph}, booktitle = {Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN)}, keywords = {vulnerability_assessment its Cloud_Security Security_as_a_Service cloud-specific_vulnerabilities}, publisher = {IEEE}, title = {Towards Vulnerability Assessment as a Service in OpenStack Clouds}, year = 2016 }
Weitere Informationen
AbstractEfforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.

3.
Jaeger, D., Pelchen, C., Graupner, H., Cheng, F., Meinel, C.: Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use. Proceedings of the 11th International Conference on Passwords (PASSWORDS2016). Springer, Bochum, Germany (2016).
[ BibTeX ] [ Details ]
 
@inproceedings{2016_Jaeger_PASSWORDS, address = {Bochum, Germany}, author = {Jaeger, David and Pelchen, Chris and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Passwords (PASSWORDS2016)}, keywords = {its}, month = 12, publisher = {Springer}, title = {Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use}, year = 2016 }
Weitere Informationen

4.
Amirkhanyan, A., Meinel, C.: Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness. Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly. Springer, Swansea, Wales, UK (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.
@inproceedings{2016_Amirkhanyan_I3E, abstract = {In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.}, address = {Swansea, Wales, UK}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly}, keywords = {public_safety_awareness geotagged_data big_data its georeferenced_data location-based_social_networks analysis situational_awareness statistics}, month = 9, publisher = {Springer}, title = {Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-319-45234-0
AbstractIn the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.

5.
Amirkhanyan, A., Meinel, C.: Visualization and Analysis of Public Social Geodata to Provide Situational Awareness. Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016). IEEE, Chiang Mai, Thailand (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.
@inproceedings{2016_Amirkhanyan_ICACI, abstract = {Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.}, address = {Chiang Mai, Thailand}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016)}, keywords = {visualization big_data its location-based_social_network geodata situational_awareness}, month = 2, publisher = {IEEE}, title = {Visualization and Analysis of Public Social Geodata to Provide Situational Awareness}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICACI.2016.7449805
AbstractNowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.

2015 [ nach oben ]

1.
Torkura, K.A., Cheng, F., Meinel, C.: A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks
@inproceedings{2015_Torkura_ICITST, abstract = {Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITST.2015.7412055
AbstractVulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks

2.
Cheng, F., Sapegin, A., Gawron, M., Meinel, C.: Analyzing Boundary Device Logs on the In-Memory Platform. Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.
@inproceedings{Feng2015a, abstract = {The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.}, author = {Cheng, Feng and Sapegin, Andrey and Gawron, Marian and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15)}, keywords = {its}, publisher = {IEEE}, title = {Analyzing Boundary Device Logs on the In-Memory Platform}, year = 2015 }
Weitere Informationen
AbstractThe boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.

3.
Torkura, K.A., Cheng, F., Meinel, C.: Application of Quantitative Security Metrics In Cloud Computing. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.
@inproceedings{2015_Torkura_ICITST, abstract = {Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {Application of Quantitative Security Metrics In Cloud Computing}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITST.2015.7412101
AbstractSecurity issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.

4.
Gawron, M., Cheng, F., Meinel, C.: Automatic Detection of Vulnerabilities for Advanced Security Analytics. Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15). pp. 471–474. IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.
@inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15)}, keywords = {its}, pages = {471-474}, publisher = {IEEE}, title = {Automatic Detection of Vulnerabilities for Advanced Security Analytics}, year = 2015 }
Weitere Informationen
AbstractThe detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.

5.
Krentz, K.-F., Meinel, C.: Handling Reboots and Mobility in 802.15.4 Security. Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015). ACM, Los Angeles, CA, USA (2015).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2015_Krentz_ACSAC, address = {Los Angeles, CA, USA}, author = {Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015)}, keywords = {its}, publisher = {ACM}, title = {Handling Reboots and Mobility in 802.15.4 Security}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2818000.2818002

6.
Ussath, M., Cheng, F., Meinel, C.: Concept for a Security Investigation Framework. Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15) (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{Martin2015a, author = {Ussath, Martin and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15)}, keywords = {its}, title = {Concept for a Security Investigation Framework}, year = 2015 }
Weitere Informationen

7.
Torkura, K.A., Cheng, F., Meinel, C.: Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment. Journal of Internet Technology and Secured Transactions. 4, (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time
@article{Kennedy2015a, abstract = {The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time}, author = {Torkura, Kennedy A. and Cheng, Feng and Meinel, Christoph}, journal = {Journal of Internet Technology and Secured Transactions}, keywords = {its}, organization = {infonomics Society}, title = {Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment}, volume = 4, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.20533/jitst.2046.3723.2015.0049
AbstractThe current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time

8.
Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 229–236. ACM Press (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.
@inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {Vulnerability_Analysis Security_Analytics its Attack_Graph Network_Security Vulnerability_Detection}, pages = {229-236}, publisher = {ACM Press}, title = {Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/http://dx.doi.org/10.1145/2799979.2799986
AbstractThe detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.

9.
Amirkhanyan, A., Sapegin, A., Cheng, F., Meinel, C.: Simulation User Behavior on A Security Testbed Using User Behavior States Graph. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 217–223. ACM Press (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.
@inproceedings{2015_Amirkhanyan_SIN, abstract = {For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.}, author = {Amirkhanyan, Aragats and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {its simulation_tool data user_behavior testbed security_analytics network_security}, pages = {217-223}, publisher = {ACM Press}, title = {Simulation User Behavior on A Security Testbed Using User Behavior States Graph}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/http://dx.doi.org/10.1145/2799979.2799985
AbstractFor testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.

10.
Azodi, A., Gawron, M., Sapegin, A., Cheng, F., Meinel., C.: Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN’15). Springer (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.
@inproceedings{Amir2015a, abstract = {Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.}, author = {Azodi, Amir and Gawron, Marian and Sapegin, Andrey and Cheng, Feng and Meinel., Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {Traffic_Classification Machine_Learning its Event_Normalization Network_Monitoring}, publisher = {Springer}, title = {Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes.}, year = 2015 }
Weitere Informationen
AbstractModern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.

11.
Sapegin, A., Gawron, M., Jaeger, D., Cheng, F., Meinel, C.: High-speed Security Analytics Powered by In-memory Machine Learning Engine. Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015). pp. 74–81. IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.
@inproceedings{Andrey2015a, abstract = {Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.}, author = {Sapegin, Andrey and Gawron, Marian and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015)}, keywords = {its}, pages = {74 - 81}, publisher = {IEEE}, title = {High-speed Security Analytics Powered by In-memory Machine Learning Engine}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISPDC.2015.16
AbstractModern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.

12.
Sapegin, A., Amirkhanyan, A., Gawron, M., Cheng, F., Meinel, C.: Poisson-based Anomaly Detection for Identifying Malicious User Behaviour. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN’15). Springer (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.
@inproceedings{Andrey2015b, abstract = {Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.}, author = {Sapegin, Andrey and Amirkhanyan, Aragats and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {authentication intrusion_detection its user_behaviour anomaly_detection}, publisher = {Springer}, title = {Poisson-based Anomaly Detection for Identifying Malicious User Behaviour}, year = 2015 }
Weitere Informationen
AbstractNowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.

13.
Torkura, K.A., Meinel, C.: Towards Cloud-Aware Vulnerability Assessments. Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.
@inproceedings{2015_Torkura_SITIS, abstract = {Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.}, author = {Torkura, Kennedy A and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015)}, keywords = {its}, publisher = {IEEE}, title = {Towards Cloud-Aware Vulnerability Assessments}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SITIS.2015.63
AbstractVulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.

14.
Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP’15). pp. 237–248. Springer Internation Publishing (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
@inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, pages = {237-248}, publisher = {Springer Internation Publishing}, series = {Lecture Notes in Computer Science}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, volume = 9311, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-319-24018-3_15
AbstractAn important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.

15.
Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP’15) (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
@inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, year = 2015 }
Weitere Informationen
AbstractAn important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.

16.
Amirkhanyan, A., Cheng, F., Meinel, C.: Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis. Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015). IEEE, Dubai, UAE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.
@inproceedings{2015_Amirkhanyan_IIT, abstract = {Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.}, address = {Dubai, UAE}, author = {Amirkhanyan, Aragats and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015)}, keywords = {geo_clustering real-time online_maps geohash its density-based_clustering}, month = 11, publisher = {IEEE}, title = {Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/INNOVATIONS.2015.7381559
AbstractNowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.

17.
Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143–148. IEEE Press, Lodz, Poland (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
@inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {cloud trust}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSCESM.2015.7331883
AbstractIn the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).

18.
Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143–148. IEEE Press, Lodz, Poland (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
@inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {its}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSCESM.2015.7331883
AbstractIn the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).

19.
Elsaid, M.E., Meinel, C.: Friendship based Storage Allocation for Online Social Networks Cloud Computing. Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015). IEEE Press, Marrakesh, Morrocco (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{2015_Esam_CloudTech, address = {Marrakesh, Morrocco}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015)}, keywords = {its}, month = 6, publisher = {IEEE Press}, title = {Friendship based Storage Allocation for Online Social Networks Cloud Computing}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CloudTech.2015.7336970

20.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Passive Network Monitoring using REAMS. Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015). pp. 205–215. Sprinter, Pattaya, Thailand (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{2015_ICISA_AZODI, address = {Pattaya, Thailand}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015)}, keywords = {its}, month = 2, pages = {205-215}, publisher = {Sprinter}, series = {LNEE}, title = {Passive Network Monitoring using REAMS}, volume = 339, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-662-46578-3_24

2014 [ nach oben ]

1.
Klieme, E., Engelbrecht, K.-P., Möller, S.: Poster: Towards Continuous Authentication Based on Mobile Messaging App Usage. Symposium on Usable Privacy and Security. (2014).
[ BibTeX ] [ Details ]
 
@article{klieme2014poster, author = {Klieme, Eric and Engelbrecht, Klaus-Peter and Möller, Sebastian}, journal = {Symposium on Usable Privacy and Security}, keywords = {myown smartphone yaxim usage its messaging application instant seceng-security-tech authentication continuous behavioral seceng-biometric-authentication}, title = {Poster: Towards Continuous Authentication Based on Mobile Messaging App Usage}, year = 2014 }
Weitere Informationen

2.
Jaeger, D., Graupner, H., Sapegin, A., Cheng, F., Meinel, C.: Gathering and Analyzing Identity Leaks for Security Awareness. Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014). Springer, Trondheim, Norway (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.
@inproceedings{2014_Jaeger_PASSWORDS, abstract = {The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.}, address = {Trondheim, Norway}, author = {Jaeger, David and Graupner, Hendrik and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014)}, institution = {Hasso-Plattner-Institute}, keywords = {identity_leak password its data_breach security_awareness}, month = 12, publisher = {Springer}, series = {Lecture Notes for Computer Science (LNCS)}, title = {Gathering and Analyzing Identity Leaks for Security Awareness}, year = 2014 }
Weitere Informationen
AbstractThe amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.

3.
Fleischhacker, N., Manulis, M., Azodi, A.: A Framework for Multi-Factor Authentication and Key Exchange. In Proceedings of the the 1st International Conference on Research in Security Standardisation (SSR 2014). Springer, London, UK (2014).
[ BibTeX ] [ Details ]
 
@inproceedings{2014_AZODI_SSR, address = {London, UK}, author = {Fleischhacker, Nils and Manulis, Mark and Azodi, Amir}, booktitle = {In Proceedings of the the 1st International Conference on Research in Security Standardisation (SSR 2014)}, keywords = {its}, month = 12, publisher = {Springer}, series = {Lecture Notes in Computer Science (LNCS)}, title = {A Framework for Multi-Factor Authentication and Key Exchange}, year = 2014 }
Weitere Informationen

4.
Saleh, E., Sianipar, J., Takouna, I., Meinel, C.: SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments. 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014. pp. 596–602. IEEE Computer Society, Bali, Indonesia (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.
@inproceedings{2014_Saleh_UIC-ATC-ScalCom, abstract = {Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.}, address = {Bali, Indonesia}, author = {Saleh, Eyad and Sianipar, Johannes and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014}, keywords = {its}, month = 12, pages = {596-602}, publisher = {IEEE Computer Society}, title = {SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/UIC-ATC-ScalCom.2014.31
AbstractSoftware-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.

5.
Sianipar, J., Saleh, E., Meinel, C.: Construction of Agent-Based Trust in Cloud Infrastructure. Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014. pp. 941–946. IEEE Computer Society, London, United Kingdom (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.
@inproceedings{2014_Sianipar_UCC, abstract = {By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.}, address = {London, United Kingdom}, author = {Sianipar, Johannes and Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014}, keywords = {its}, month = 12, pages = {941–946}, publisher = {IEEE Computer Society}, title = {Construction of Agent-Based Trust in Cloud Infrastructure}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/UCC.2014.153
AbstractBy design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.

6.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines. In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014). IEEE Press, Beijing, China (2014).
[ BibTeX ] [ Details ]
 
@inproceedings{2014_AZODI_ICITCS, address = {Beijing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014)}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines}, year = 2014 }
Weitere Informationen

7.
Elsaid, M.E., Meinel, C.: Live Migration Impact on Virtual Datacenter Performance. Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014). pp. 216–221. IEEE Press, Barcelona, Spain (2014).
[ BibTeX ] [ Details ]
 
@inproceedings{2014_Esam_FiCloud, address = {Barcelona, Spain}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014)}, keywords = {its}, month = 8, pages = {216 - 221}, publisher = {IEEE Press}, title = {Live Migration Impact on Virtual Datacenter Performance}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/FiCloud.2014.42

2013 [ nach oben ]

1.
Schnjakin, M., Metzke, T., Meinel, C.: Applying Erasure Codes for Fault Tolerance in Cloud-RAID. Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013). IEEE, Sydney, Australia (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_CSE, address = {Sydney, Australia}, author = {Schnjakin, Maxim and Metzke, Tobias and Meinel, Christoph}, booktitle = {Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013)}, keywords = {its}, month = 12, publisher = {IEEE}, title = {Applying Erasure Codes for Fault Tolerance in Cloud-RAID}, year = 2013 }
Weitere Informationen

2.
Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Security Event Correlation Supported by Multi-Core Architecture. Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013). pp. 1–5. IEEE CS, Macau, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Cheng_ICITCS, address = {Macau, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013)}, keywords = {its}, month = 12, pages = {1-5}, publisher = {IEEE CS}, title = {Security Event Correlation Supported by Multi-Core Architecture}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITCS.2013.6717881

3.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems. Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013). IEEE CS, Chengdu, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Azodi_DASC, address = {Chengdu, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems}, year = 2013 }
Weitere Informationen

4.
Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical Object Log Format for Normalisation of Security Events. Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). IEEE CS, Tunis, Tunisia (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Sapegin_IAS, address = {Tunis, Tunisia}, author = {Sapegin, Andrey and Jaeger, David and Azodi, Amir and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Hierarchical Object Log Format for Normalisation of Security Events}, year = 2013 }
Weitere Informationen

5.
Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Multi-Core Supported High Performance Security Analytics. Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013). IEEE CS, Chengdu, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Cheng_ScalCom, address = {Chengdu, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Multi-Core Supported High Performance Security Analytics}, year = 2013 }
Weitere Informationen

6.
Sapegin, A., Cheng, F., Meinel, C.: Catch the Spike: on the Locality of Individual BGP Update Bursts. Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013). pp. 78–83. IEEE CS, Dalian, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Sapegin_MSN, address = {Dalian, China}, author = {Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013)}, keywords = {its}, month = 12, pages = {78-83}, publisher = {IEEE CS}, title = {Catch the Spike: on the Locality of Individual BGP Update Bursts}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/MSN.2013.17

7.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems. Proceedings of the 1st International Conference on Advanced Cloud and Big Data. IEEE CS, Nanjing, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Azodi_CBD, address = {Nanjing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Conference on Advanced Cloud and Big Data}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems}, year = 2013 }
Weitere Informationen

8.
Rafiee, H., Meinel, C.: Privacy and Security in IPv6 Networks: Challenges and Possible Solutions. ACM. ACM press, Aksaray, Turkey (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.
@inproceedings{2013_Rafiee_SIN_1, abstract = {Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, journal = {ACM}, keywords = {IID_generation lifetime_of_IID its privacy Privacy_model_in_network_layer}, month = 11, publisher = {ACM press}, title = {Privacy and Security in IPv6 Networks: Challenges and Possible Solutions}, year = 2013 }
Weitere Informationen
AbstractPrivacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.

9.
Rafiee, H., Mueller, C., Niemeier, L., Streek, J., Sterz, C., Meinel, C.: A Flexible Framework For Detecting IPv6 Vulnerabilities. Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013). ACM Press, Aksaray, Turkey (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.
@inproceedings{2013_Rafiee_SIN_2, abstract = {Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Mueller, Christoph and Niemeier, Lukas and Streek, Jannik and Sterz, Christoph and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, keywords = {Penetration_test Security IPv6 its DNSSEC Fuzzier_approach Attacks NSEC3 Privacy Zone_walking}, month = 11, publisher = {ACM Press}, title = {A Flexible Framework For Detecting IPv6 Vulnerabilities}, year = 2013 }
Weitere Informationen
AbstractSecurity has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.

10.
Krentz, K.-F., Rafiee, H., Meinel, C.: 6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer. Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013). ACM, Zurich, Switzerland (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Krentz_ASPI, address = {Zurich, Switzerland}, author = {Krentz, Konrad-Felix and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013)}, keywords = {its}, month = 9, publisher = {ACM}, title = {6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2523501.2523502

11.
Saleh, E., Takouna, I., Meinel, C.: SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments. Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013). pp. 213–218. IEEE Press, Mysore, India (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Saleh_ICACCI, address = {Mysore, India}, author = {Saleh, Eyad and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013)}, keywords = {its}, month = 8, pages = {213 - 218}, publisher = {IEEE Press}, title = {SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICACCI.2013.6637173

12.
Schnjakin, M., Meinel, C.: Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013). pp. 1–9. IEEE, Nassau, Bahamas (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_ICCCN, address = {Nassau, Bahamas}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013)}, keywords = {its}, month = 8, pages = {1-9}, publisher = {IEEE}, title = {Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCCN.2013.6614137

13.
Rafiee, H., Meinel, C.: A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration. Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013). pp. 165–172. IEEE Press, MA, USA (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.
@inproceedings{2013_Rafiee_NCA, abstract = {The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.}, address = {MA, USA}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013)}, keywords = {IPv6_autoconfiguration DNS_update Resolver_authentication its NDP CGA-TSIG DNS TSIG CGA}, month = 8, pages = {165 - 172}, publisher = {IEEE Press}, title = {A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NCA.2013.37
AbstractThe Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.

14.
Saleh, E., Meinel, C.: HPISecure: Towards Data Confidentiality in Cloud Applications. Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013). pp. 605–609. IEEE CS, Delft, Netherlands (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Saleh_CCGrid, address = {Delft, Netherlands}, author = {Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013)}, keywords = {its}, month = 5, pages = {605-609}, publisher = {IEEE CS}, title = {HPISecure: Towards Data Confidentiality in Cloud Applications}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CCGrid.2013.109

15.
Schnjakin, M., Meinel, C.: The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds. Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013) (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_Sicherheit, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013)}, keywords = {its}, month = 5, title = {The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds}, year = 2013 }
Weitere Informationen

16.
Schnjakin, M., Meinel, C.: Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013). pp. 91–102. Springer, Seoul, Korea (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_GPC, address = {Seoul, Korea}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013)}, keywords = {its}, month = 5, pages = {91-102}, publisher = {Springer}, series = {LNCS}, title = {Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, volume = 7861, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-38027-3_10

17.
Schnjakin, M., Korsch, D., Schoenberg, M., Meinel, C.: Implementation of a Secure and Reliable Storage Above the Untrusted Clouds. Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013). pp. 347–353. IEEE, Colombo (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_ICCSE, address = {Colombo}, author = {Schnjakin, Maxim and Korsch, Dimitri and Schoenberg, Martin and Meinel, Christoph}, booktitle = {Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013)}, keywords = {its}, month = 4, pages = {347 - 353}, publisher = {IEEE}, title = {Implementation of a Secure and Reliable Storage Above the Untrusted Clouds}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCSE.2013.6553936

18.
Takouna, I., Dawoud, W., Sachs, K., Meinel, C.: A Robust Optimization for Proactive Energy Management in Virtualized Data Centers. Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013). pp. 323–326. ACM Press, Prague, Czech Republic (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Takouna_ICPE, address = {Prague, Czech Republic}, author = {Takouna, Ibrahim and Dawoud, Wesam and Sachs, Kai and Meinel, Christoph}, booktitle = {Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013)}, keywords = {its}, month = 4, pages = {323-326}, publisher = {ACM Press}, title = {A Robust Optimization for Proactive Energy Management in Virtualized Data Centers}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2479871.2479917

19.
Rafiee, H., von Löwis, M., Meinel, C.: DNS Update Extension to IPv6 Secure Addressing. Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013). pp. 896–902. IEEE CS, Barcelona, Spain (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Rafiee_FINA, address = {Barcelona, Spain}, author = {Rafiee, Hosnieh and von Löwis, Martin and Meinel, Christoph}, booktitle = {Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013)}, keywords = {SEND_extension SEND DNS_update its DNS_authentication}, month = 3, pages = {896-902}, publisher = {IEEE CS}, title = {DNS Update Extension to IPv6 Secure Addressing}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/WAINA.2013.117

2012 [ nach oben ]

1.
Willems, C., Meinel, C.: Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab. Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012). IEEE Press, Marrakesh, Morocco (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Willems_EDUCON, address = {Marrakesh, Morocco}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012)}, keywords = {its}, publisher = {IEEE Press}, title = {Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab}, year = 2012 }
Weitere Informationen

2.
Dawoud, W., Takouna, I., Meinel, C.: Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling. Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012). , Taiwan, China (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_CloudCom, address = {Taiwan, China}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012)}, keywords = {its}, month = 12, title = {Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling}, year = 2012 }
Weitere Informationen

3.
Takouna, I., Dawoud, W., Meinel, C.: Analysis and Simulation of HPC Applications in Virtualized Data Centers. Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012). IEEE Press, Besançon, France (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012_Takouna_GreenCom, address = {Besançon, France}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Analysis and Simulation of HPC Applications in Virtualized Data Centers}, year = 2012 }
Weitere Informationen

4.
AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability. Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012). Springer, Montreal, QC, Canada (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_FPS, address = {Montreal, QC, Canada}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012)}, keywords = {its}, month = 10, publisher = {Springer}, series = {Lecture Notes in Computer Science (LNCS)}, title = {IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability.}, year = 2012 }
Weitere Informationen

5.
Arulogun, T., Meinel, C., Emuoyibofarhe, J.: IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH , Ogbomoso (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012b_Arulogun_ICOMeS, address = {LAUTECH , Ogbomoso}, author = {Arulogun, Tayo and Meinel, Christoph and Emuoyibofarhe, Justice}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System}, year = 2012 }
Weitere Informationen

6.
Arulogun, T., AlSa’deh, A., Meinel, C.: IPv6 Private Networks: Security Consideration and recommendation. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH, Ogbomoso (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012a_Arulogun_ICOMeS, address = {LAUTECH, Ogbomoso}, author = {Arulogun, Tayo and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Private Networks: Security Consideration and recommendation}, volume = 4, year = 2012 }
Weitere Informationen

7.
Alnemr, R., Meinel, C.: Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions. The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012). IEEE (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Alnemr_TrustCol, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012)}, chapter = {TRUSTCOL}, howpublished = {In the 7th IEEE International Workshop on Trusted Collaboration}, keywords = {its}, month = 10, publisher = {IEEE}, series = {7th IEEE International Workshop on Trusted Collaboration}, title = {Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions}, year = 2012 }
Weitere Informationen

8.
AlSa’deh, A., Rafiee, H., Meinel, C.: Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches. Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12). IEEE CS Press, Chengdu, Sichuan, China (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_CIT, address = {Chengdu, Sichuan, China}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12)}, keywords = {its}, month = 10, publisher = {IEEE CS Press}, title = {Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches}, year = 2012 }
Weitere Informationen

9.
Dawoud, W., Takouna, I., Meinel, C.: Reliable Approach to Sell the Spare Capacity in the Cloud. Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012). pp. 229–236. , Nice, France (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_IARIA, address = {Nice, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012)}, keywords = {its}, month = 7, pages = {229-236}, title = {Reliable Approach to Sell the Spare Capacity in the Cloud}, year = 2012 }
Weitere Informationen

10.
Dawoud, W., Takouna, I., Meinel, C.: Increasing Spot Instances Reliability using Dynamic Scalability. IEEE Fifth International Conference on Cloud Computing (CLOUD 2012). pp. 959–961. IEEE CS Press, Honolulu, Hawaii, USA (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_CLOUD, address = {Honolulu, Hawaii, USA}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {IEEE Fifth International Conference on Cloud Computing (CLOUD 2012)}, keywords = {its}, month = 6, pages = {959-961}, publisher = {IEEE CS Press}, title = {Increasing Spot Instances Reliability using Dynamic Scalability}, year = 2012 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CLOUD.2012.58

11.
Neuhaus, C., Alnemr, R., Kessler, L., Schlegel, F., Polze, A.: InstantLab 2.0- A Platform for Operating System Experiments on Public Cloud Infrastructure. Presented at the May (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012_Neuhaus_CloudFuture, author = {Neuhaus, Christian and Alnemr, Rehab and Kessler, Lysann and Schlegel, Frank and Polze, Andreas}, howpublished = {In the CloudFuture Workshop, Berkeley, US.}, keywords = {its}, month = 5, title = {InstantLab 2.0- A Platform for Operating System Experiments on Public Cloud Infrastructure}, year = 2012 }
Weitere Informationen

12.
Rafiee, H., AlSa’deh, A., Meinel, C.: Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE Press, Bali, Indonesia (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Rafiee_ICOIN, address = {Bali, Indonesia}, author = {Rafiee, Hosnieh and AlSa'deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE Press}, title = {Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems}, year = 2012 }
Weitere Informationen

13.
AlSa’deh, A., Rafiee, H., Meinel, C.: Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE CS Press, Bali, Indonesia (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_ICOIN, address = {Bali, Indonesia}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE CS Press}, title = {Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses}, year = 2012 }
Weitere Informationen

2011 [ nach oben ]

1.
Dawoud, W., Takouna, I., Meinel, C.: Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning. Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011). Springer, Tamil Nadu, India (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_Obcom, address = {Tamil Nadu, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011)}, keywords = {its}, month = 12, number = {0269}, publisher = {Springer}, series = {CCIS}, title = {Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning}, year = 2011 }
Weitere Informationen

2.
AlSa’deh, A., Cheng, F., Meinel, C.: CS-CGA: Compact and More Secure CGA. Proceedings of the 17th IEEE International Conference on Networks (ICON 2011). IEEE Press, Singapore (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_AlSadeh_ICON, address = {Singapore}, author = {AlSa'deh, Ahmad and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th IEEE International Conference on Networks (ICON 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {CS-CGA: Compact and More Secure CGA}, year = 2011 }
Weitere Informationen

3.
Takouna, I., Dawoud, W., Meinel, C.: Accurate Multicore Processor Power Models for Power-Aware Resource Management. Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011). pp. 419–426. IEEE Press, Sydney, Australia (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_CGC, address = {Sydney, Australia}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011)}, keywords = {its}, month = 12, pages = {419-426}, publisher = {IEEE Press}, title = {Accurate Multicore Processor Power Models for Power-Aware Resource Management}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/DASC.2011.85

4.
Willems, C., Klingbeil, T., Radvilavicius, L., Cenys, A., Meinel, C.: A Distributed Virtual Laboratory Architecture for Cybersecurity Training. Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011). IEEE Press, Abu Dhabi, UAE (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Willems_ICITST, address = {Abu Dhabi, UAE}, author = {Willems, Christian and Klingbeil, Thomas and Radvilavicius, Lukas and Cenys, Antanas and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {A Distributed Virtual Laboratory Architecture for Cybersecurity Training}, year = 2011 }
Weitere Informationen

5.
Takouna, I., Dawoud, W., Meinel, C.: Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning. Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011). pp. 4:1–4:6. , Lisboa, Portugal (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_GCM, address = {Lisboa, Portugal}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011)}, keywords = {its}, month = 12, pages = {4:1–4:6}, title = {Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2088996.2089000

6.
Alnemr, R., Schnjakin, M., Meinel, C.: Towards Context-aware Service-oriented Semantic Reputation Framework. Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011). IEEE Press (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011-Alnemr-TrustCom, author = {Alnemr, Rehab and Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Towards Context-aware Service-oriented Semantic Reputation Framework}, year = 2011 }
Weitere Informationen

7.
Rafiee, H., AlSa’deh, A., Meinel, C.: WinSEND: Windows SEcure Neighbor Discovery. Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011). pp. 243–246. ACM Press, Sydney, Australia (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Rafiee_SIN, address = {Sydney, Australia}, author = {Rafiee, Hosnieh and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011)}, howpublished = {Short Paper}, keywords = {its}, month = 11, pages = {243-246}, publisher = {ACM Press}, title = {WinSEND: Windows SEcure Neighbor Discovery}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2070425.2070469

8.
Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Rapid and Optimum Virtualized Resources Allocation. Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011). pp. 1–4. IEEE Press, Paris, France (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_SVM, address = {Paris, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011)}, keywords = {its}, month = 10, pages = {1-4}, publisher = {IEEE Press}, title = {Elastic VM for Rapid and Optimum Virtualized Resources Allocation}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SVM.2011.6096465

9.
Streibel, O., Alnemr, R.: Trend-based and Reputation-Versed Personalized News Network. Proceedings of the 3rd International Workshop on Search and Mining User-generated Contents (SMUC 2011), in conjunction with 20th ACM Conference on Information and Knowledge Management (CIKM 2011). ACM Press, Glasgow, UK (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Alnemr_SMUC, address = {Glasgow, UK}, author = {Streibel, Olga and Alnemr, Rehab}, booktitle = {Proceedings of the 3rd International Workshop on Search and Mining User-generated Contents (SMUC 2011), in conjunction with 20th ACM Conference on Information and Knowledge Management (CIKM 2011)}, keywords = {its}, month = 10, publisher = {ACM Press}, title = {Trend-based and Reputation-Versed Personalized News Network}, year = 2011 }
Weitere Informationen

10.
Alnemr, R., Meinel, C.: Why Rating is not Enough: A Study on Online Reputation Systems. Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011). IEEE Press, Orlando, Florida, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Alnemr_CCSocialComp, address = {Orlando, Florida, USA}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011)}, howpublished = {Workshop Paper}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Why Rating is not Enough: A Study on Online Reputation Systems}, year = 2011 }
Weitere Informationen

11.
Thomas, I., Warschofsky, R., Meinel, C.: Whom to trust? – Generating WS-Security Policies based on Assurance Information. Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011). pp. 65–72. IEEE Computer Society, Lugano, Switzerland (2011).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.
@inproceedings{2011_Thomas_ECOWS, abstract = {As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.}, address = {Lugano, Switzerland}, author = {Thomas, Ivonne and Warschofsky, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011)}, keywords = {its}, month = 9, pages = {65-72}, publisher = {IEEE Computer Society}, title = {Whom to trust? – Generating WS-Security Policies based on Assurance Information}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ECOWS.2011.29
AbstractAs input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.

12.
Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Cloud Resources Provisioning Optimization. Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011). pp. 431–445. Springer, Kochi, India (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_ACC, address = {Kochi, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011)}, keywords = {its}, month = 7, pages = {431-445}, publisher = {Springer}, series = {CCIS}, title = {Elastic VM for Cloud Resources Provisioning Optimization}, volume = 190, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-22709-7_43

13.
Takouna, I., Dawoud, W., Meinel, C.: Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems. Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011). CSREA Press, Las Vegas, Nevada, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_PDPTA, address = {Las Vegas, Nevada, USA}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems}, year = 2011 }
Weitere Informationen

14.
Willems, C., Meinel, C.: Practical Network Security Teaching in an Online Virtual Laboratory. Proceedings of the 2011 International Conference on Security & Management (SAM 2011). CSREA Press, Las Vegas, Nevada, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Willems_SAM, address = {Las Vegas, Nevada, USA}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Security & Management (SAM 2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Practical Network Security Teaching in an Online Virtual Laboratory}, year = 2011 }
Weitere Informationen

15.
Warschofsky, R., Menzel, M., Meinel, C.: Automated Security Service Orchestration for the Identity Management in Web Service based Systems. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 596–603. IEEE Computer Science, Washington DC, USA (2011).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.
@inproceedings{2011_Warschofsky_ICWS, abstract = {Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.}, address = {Washington DC, USA}, author = {Warschofsky, Robert and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {596-603}, publisher = {IEEE Computer Science}, title = {Automated Security Service Orchestration for the Identity Management in Web Service based Systems}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICWS.2011.41
AbstractToday, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.

16.
Alnemr, R., Meinel, C.: From Reputation Models and Systems to Reputation Ontologies. Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011). pp. 98–116. Springer, Copenhagen, Denmark (2011).
[ BibTeX ] [ Details ]
 
@inproceedings{2011_Alnemr_IFIPTM, address = {Copenhagen, Denmark}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011)}, keywords = {its}, month = 7, pages = {98-116}, publisher = {Springer}, series = {IFIP}, title = {From Reputation Models and Systems to Reputation Ontologies}, volume = 358, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-22200-9_10

17.
Thomas, I., Meinel, C.: An Attribute Assurance Framework to Define and Match Trust in Identity Attributes. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 580–587. IEEE Computer Society, Washington DC, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Thomas_ICWS, address = {Washington DC, USA}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {580-587}, publisher = {IEEE Computer Society}, title = {An Attribute Assurance Framework to Define and Match Trust in Identity Attributes}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICWS.2011.80

18.
Roschke, S., Cheng, F., Meinel, C.: A New Correlation Algorithm based on Attack Graph. Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011). pp. 58–67. Springer, Torremolinos, Spain (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Roschke_CISIS, address = {Torremolinos, Spain}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011)}, keywords = {its}, month = 6, pages = {58-67}, publisher = {Springer}, series = {LNCS}, title = {A New Correlation Algorithm based on Attack Graph}, volume = 6694, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-21323-6_8

19.
Roschke, S., Cheng, F., Meinel, C.: BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes. Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011). pp. 399–406. IEEE Press, Dublin, Ireland (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Roschke_IM, address = {Dublin, Ireland}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011)}, keywords = {its}, month = 5, pages = {399-406}, publisher = {IEEE Press}, title = {BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/INM.2011.5990539

20.
Cheng, F., Roschke, S., Meinel, C.: An Integrated Network Scanning Tool for Attack Graph Construction. Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011). pp. 138–147. Springer, Oulu, Finland (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Cheng_GPC, address = {Oulu, Finland}, author = {Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011)}, keywords = {its}, month = 5, number = 6646, pages = {138-147}, publisher = {Springer}, series = {LNCS}, title = {An Integrated Network Scanning Tool for Attack Graph Construction}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-20754-9_15

21.
Schnjakin, M., Meinel, C.: Platform for a Secure Storage-Infrastructure in the Cloud. Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011). , Bonn, Germany (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Schnjakin_Sicherheit, address = {Bonn, Germany}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011)}, keywords = {its}, month = 5, title = {Platform for a Secure Storage-Infrastructure in the Cloud}, year = 2011 }
Weitere Informationen

22.
AlSa’deh, A., Cheng, F., Roschke, S., Meinel, C.: IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security. Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011). pp. 1–6. IEEE Press, Paris, France (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_AISadeh_NTMS, address = {Paris, France}, author = {AlSa'deh, Ahmad and Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011)}, keywords = {its}, month = 2, pages = {1-6}, publisher = {IEEE Press}, title = {IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NTMS.2011.5721076

2010 [ nach oben ]

1.
Warschofsky, R., Menzel, M., Meinel, C.: Transformation and Aggregation of Web Service Security Requirements. Proceedings of the 8th IEEE European Conference on Web Services (ECOWS 2010). pp. 43–50. IEEE Computer Society, Ayia Napa, Cyprus (2010).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm and provide mechanisms to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-Security Policy) that enable the negotiation of these requirements between clients and services. However, the concept of policy negotiation has not been applicable in the scope of service compositions so far. Since each orchestrated Web Service in a service composition might demand the provision of specific user information and requires a particular security mechanism, the security policy of a service composition depends on the aggregated requirements of the orchestrated services. Current Web Service frameworks are not capable of resolving such policy dependencies. In this paper we present our solution to enable an automated creation of security policies from orchestrated services. Therefore, we present a policy model that is capable of capturing Web Service security requirements. Based on this model, we introduce an algorithm that performs the aggregation of security requirements stated by the orchestrated services and mappings to transform WS-Security Policy instances and the security model instances into each other.
@inproceedings{2010_Warschofsky_ECOWS, abstract = {Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm and provide mechanisms to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-Security Policy) that enable the negotiation of these requirements between clients and services. However, the concept of policy negotiation has not been applicable in the scope of service compositions so far. Since each orchestrated Web Service in a service composition might demand the provision of specific user information and requires a particular security mechanism, the security policy of a service composition depends on the aggregated requirements of the orchestrated services. Current Web Service frameworks are not capable of resolving such policy dependencies. In this paper we present our solution to enable an automated creation of security policies from orchestrated services. Therefore, we present a policy model that is capable of capturing Web Service security requirements. Based on this model, we introduce an algorithm that performs the aggregation of security requirements stated by the orchestrated services and mappings to transform WS-Security Policy instances and the security model instances into each other.}, address = {Ayia Napa, Cyprus}, author = {Warschofsky, Robert and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 8th IEEE European Conference on Web Services (ECOWS 2010)}, keywords = {its}, month = 12, pages = {43-50}, publisher = {IEEE Computer Society}, title = {Transformation and Aggregation of Web Service Security Requirements}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ecows.2010.13
AbstractService-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm and provide mechanisms to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-Security Policy) that enable the negotiation of these requirements between clients and services. However, the concept of policy negotiation has not been applicable in the scope of service compositions so far. Since each orchestrated Web Service in a service composition might demand the provision of specific user information and requires a particular security mechanism, the security policy of a service composition depends on the aggregated requirements of the orchestrated services. Current Web Service frameworks are not capable of resolving such policy dependencies. In this paper we present our solution to enable an automated creation of security policies from orchestrated services. Therefore, we present a policy model that is capable of capturing Web Service security requirements. Based on this model, we introduce an algorithm that performs the aggregation of security requirements stated by the orchestrated services and mappings to transform WS-Security Policy instances and the security model instances into each other.

2.
Schnjakin, M., Alnemr, R., Meinel, C.: A Security and High-Availability Layer for Cloud Storage. Proceedings of the 1st International Workshop (In conjunction with WISE 2010) on Cloud Information System Engineering (CISE 2010). pp. 449–462. Springer, Hong Kong, China (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Schnjakin_CISE, address = {Hong Kong, China}, author = {Schnjakin, Maxim and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Workshop (In conjunction with WISE 2010) on Cloud Information System Engineering (CISE 2010)}, keywords = {its}, month = 12, number = {6724/2011}, pages = {449-462}, publisher = {Springer}, series = {LNCS}, title = {A Security and High-Availability Layer for Cloud Storage}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-24396-7_36

3.
Paschke, A., Alnemr, R., Meinel, C.: Rule Responder Distributed Reputation Management System for the Semantic Web. Proceedings of the 4th International Rule Challenges (RuleML 2010). , Washington, DC, USA (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Paschke_RuleML, address = {Washington, DC, USA}, author = {Paschke, Adrian and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Rule Challenges (RuleML 2010)}, keywords = {its}, month = 10, series = {CEUR Workshop Proceedings}, title = {Rule Responder Distributed Reputation Management System for the Semantic Web}, volume = 649, year = 2010 }
Weitere Informationen

4.
Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based Cloud Architecture. Proceedings of the 2nd international workshop (in conjunction with CIKM 2010) on Cloud data management (CloudDB 2011). ACM Press, Toronto, Canada (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Schnjakin_CloudDB, address = {Toronto, Canada}, author = {Schnjakin, Maxim and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 2nd international workshop (in conjunction with CIKM 2010) on Cloud data management (CloudDB 2011)}, keywords = {its}, month = 10, publisher = {ACM Press}, title = {Contract-based Cloud Architecture}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1871929.1871936

5.
Alnemr, R., Paschke, A., Meinel, C.: Enabling Reputation Interoperability through Semantic Technologies. Proceedings of the 7th International Conference on Semantic Systems (I-Semantics 2010). p. No.13. ACM Press, Graz, Austria (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Alnemr_I-Semantics, address = {Graz, Austria}, author = {Alnemr, Rehab and Paschke, Adrian and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Semantic Systems (I-Semantics 2010)}, keywords = {its}, month = 9, pages = {No.13}, publisher = {ACM Press}, title = {Enabling Reputation Interoperability through Semantic Technologies}, year = 2010 }
Weitere Informationen

6.
Roschke, S., Cheng, F., Meinel, C.: A Flexible and Efficient Alert Correlation Platform for Distributed IDS. Proceedings of the 4th International Conference on Network and System Security (NSS 2010). pp. 24–31. IEEE Press, Melbourne, Australia (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Roschke_NSS, address = {Melbourne, Australia}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Network and System Security (NSS 2010)}, keywords = {its}, month = 9, pages = {24-31}, publisher = {IEEE Press}, title = {A Flexible and Efficient Alert Correlation Platform for Distributed IDS}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NSS.2010.26

7.
Roschke, S., Cheng, F., Meinel, C.: Using Vulnerability Information and Attack Graphs for Intrusion Detection. Proceedings of the 6th International Conference on Information Assurance and Security (IAS 2010). pp. 104–109. IEEE Press, Atlanta, USA (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Roschke_IAS, address = {Atlanta, USA}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Information Assurance and Security (IAS 2010)}, keywords = {its}, month = 8, pages = {104-109}, publisher = {IEEE Press}, title = {Using Vulnerability Information and Attack Graphs for Intrusion Detection}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISIAS.2010.5604041

8.
Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud. Proceedings of the 6th IEEE World Congress on Services (SERVICES 2010). pp. 115–122. IEEE Computer Society, Miami, Florida, USA (2010).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.
@inproceedings{2010_Menzel_SERVICES, abstract = {Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Warschofsky, Robert and Thomas, Ivonne and Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 6th IEEE World Congress on Services (SERVICES 2010)}, keywords = {Web_Services its Cloud_Security SOA_Security Web_Service_Security}, month = 7, pages = {115-122}, publisher = {IEEE Computer Society}, title = {The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/services.2010.90
AbstractCloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.

9.
Menzel, M., Warschofsky, R., Meinel, C.: A Pattern-driven Generation of Security Policies for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010). pp. 243–250. IEEE Computer Society, Miami, Florida, USA (2010).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.
@inproceedings{2010_Menzel_ICWS, abstract = {Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Warschofsky, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010)}, keywords = {its}, month = 7, pages = {243-250}, publisher = {IEEE Computer Society}, title = {A Pattern-driven Generation of Security Policies for Service-oriented Architectures}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/icws.2010.25
AbstractService-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.

10.
Menzel, M., Meinel, C.: SecureSOA - Modelling Security Requirements for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010). pp. 146–153. IEEE Computer Society, Miami, Florida, USA (2010).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to realize this paradigm and support a variety of different security mechanisms and approaches. Security requirements are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the modelling of security requirements in system design models. This paper introduces our security design language SecureSOA that enables the definition of these security requirements. We present the abstract syntax and notion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the integration of SecureSOA in Fundamental Modelling Concept (FMC) Block Diagrams.
@inproceedings{2010_Menzel_SCC, abstract = {Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to realize this paradigm and support a variety of different security mechanisms and approaches. Security requirements are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the modelling of security requirements in system design models. This paper introduces our security design language SecureSOA that enables the definition of these security requirements. We present the abstract syntax and notion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the integration of SecureSOA in Fundamental Modelling Concept (FMC) Block Diagrams.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010)}, keywords = {its}, month = 7, pages = {146-153}, publisher = {IEEE Computer Society}, title = {SecureSOA - Modelling Security Requirements for Service-oriented Architectures}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/scc.2010.63
AbstractService-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to realize this paradigm and support a variety of different security mechanisms and approaches. Security requirements are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the modelling of security requirements in system design models. This paper introduces our security design language SecureSOA that enables the definition of these security requirements. We present the abstract syntax and notion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the integration of SecureSOA in Fundamental Modelling Concept (FMC) Block Diagrams.

11.
Roschke, S., Willems, C., Meinel, C.: A Security Laboratory for CTF Scenarios and Teaching IDS. Proceedings of the 2nd IEEE International Conference on in: Education Technology and Computer (ICETC 2010). pp. 433–437. IEEE Press, Shanghai, China (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Roschke_ICETC, address = {Shanghai, China}, author = {Roschke, Sebastian and Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2nd IEEE International Conference on in: Education Technology and Computer (ICETC 2010)}, keywords = {its}, month = 6, pages = {433-437}, publisher = {IEEE Press}, title = {A Security Laboratory for CTF Scenarios and Teaching IDS}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICETC.2010.5529213

12.
Roschke, S., Ibraimi, L., Cheng, F., Meinel, C.: Secure Communication Using Identity Based Encryption. Proceedings of the 11th IFIP Conference on Communications and Multimedia Security (CMS 2010). pp. 256–267. Springer, Linz, Austria (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Roschke_CMS, address = {Linz, Austria}, author = {Roschke, Sebastian and Ibraimi, Luan and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th IFIP Conference on Communications and Multimedia Security (CMS 2010)}, keywords = {its}, month = 5, pages = {256-267}, publisher = {Springer}, series = {LNCS 6109}, title = {Secure Communication Using Identity Based Encryption}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-13241-4_23

13.
Cheng, F., Tran, T.-D., Roschke, S., Meinel, C.: A Specialized Tool for Simulating Lock-Keeper Data Transfer. Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010). pp. 182–189. IEEE Press, Perth, Australia (2010).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2010_Cheng_AINA, address = {Perth, Australia}, author = {Cheng, Feng and Tran, Thanh-Dien and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010)}, keywords = {its}, month = 4, pages = {182-189}, publisher = {IEEE Press}, title = {A Specialized Tool for Simulating Lock-Keeper Data Transfer}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/AINA.2010.84

14.
Thomas, I., Meinel, C.: An Identity Provider to manage Reliable Digital Identities for SOA and the Web. Proceedings of the 9th Symposium on Identity and Trust on the Internet (IDTrust 2010). pp. 26–36. ACM Press, Gaithersburg, MD, USA (2010).
[ BibTeX ] [ Details ]
 
@inproceedings{2010_Thomas_IDTrust, address = {Gaithersburg, MD, USA}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 9th Symposium on Identity and Trust on the Internet (IDTrust 2010)}, keywords = {its}, month = 4, pages = {26-36}, publisher = {ACM Press}, title = {An Identity Provider to manage Reliable Digital Identities for SOA and the Web}, year = 2010 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1750389.1750393

15.
Dawoud, W., Takounah, I., Meinel, C.: Infrastructure as a Service Security: Challenges and Solutions. Proceedings of the 7th International Conference on Informatics and Systems (INFOS 2010). pp. 1–8. IEEE Press, Cairo, Egypt (2010).
[ BibTeX ] [ Details ]
 
@inproceedings{2010_Dawoud_INFOS, address = {Cairo, Egypt}, author = {Dawoud, Wesam and Takounah, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Informatics and Systems (INFOS 2010)}, keywords = {its}, month = 3, pages = {1-8}, publisher = {IEEE Press}, title = {Infrastructure as a Service Security: Challenges and Solutions}, year = 2010 }
Weitere Informationen

2009 [ nach oben ]

1.
Teymourian, K., Streibel, O., Paschke, A., Alnemr, R., Meinel, C.: Towards Semantic Event-driven Systems. Proceedings of the 3th International Conference on New Technologies, Mobility and Security (NTMS 2009). pp. 1–6. IEEE Press, Cairo, Egypt (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Teymourian_NTMS, address = {Cairo, Egypt}, author = {Teymourian, Kia and Streibel, Olga and Paschke, Adrian and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 3th International Conference on New Technologies, Mobility and Security (NTMS 2009)}, keywords = {its}, month = 12, pages = {1-6}, publisher = {IEEE Press}, title = {Towards Semantic Event-driven Systems}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NTMS.2009.5384713

2.
Roschke, S., Cheng, F., Meinel, C.: Intrusion Detection in the Cloud. Proceedings of the 2009 SCC workshop (in conjunction with 8th PICom) on Services Computing (SCC 2009). pp. 729–734. IEEE Press, Chengdu, China (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Roschke_SCC, address = {Chengdu, China}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 2009 SCC workshop (in conjunction with 8th PICom) on Services Computing (SCC 2009)}, keywords = {its}, month = 12, pages = {729-734}, publisher = {IEEE Press}, title = {Intrusion Detection in the Cloud}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/DASC.2009.94

3.
Wolf, M., Thomas, I., Menzel, M., Meinel, C.: A Message Meta Model for Federated Authentication in Service-oriented Architectures. Proceedings of IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2009). pp. 1–8. IEEE Press, Taiwan, China (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Wolf_SOCA, address = {Taiwan, China}, author = {Wolf, Martin and Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2009)}, keywords = {its}, month = 12, pages = {1 - 8}, publisher = {IEEE Press}, title = {A Message Meta Model for Federated Authentication in Service-oriented Architectures}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SOCA.2009.5410466

4.
Cheng, F., Roschke, S., Schuppenies, R., Meinel, C.: Remodeling Vulnerability Information. Proceedings of the 10th International Conference on Information Security and Cryptology (Inscrypt 2009). pp. 324–336. Springer, Beijing, China (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Cheng_Inscrypt, address = {Beijing, China}, author = {Cheng, Feng and Roschke, Sebastian and Schuppenies, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference on Information Security and Cryptology (Inscrypt 2009)}, keywords = {its}, month = 12, pages = {324-336}, publisher = {Springer}, series = {LNCS 6151}, title = {Remodeling Vulnerability Information}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-16342-5_24

5.
Willems, C., Dawoud, W., Klingbeil, T., Meinel, C.: Security in Tele-Lab – Protecting an Online Virtual Lab for Security Training. Proceedings of the 2009 ELS workshop (in conjunction with 4th ICITST) on E-Learning Security (ELS 2009). pp. 1–7. IEEE Press, London, UK (2009).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2009_Willems_ELS, address = {London, UK}, author = {Willems, Christian and Dawoud, Wesam and Klingbeil, Thomas and Meinel, Christoph}, booktitle = {Proceedings of the 2009 ELS workshop (in conjunction with 4th ICITST) on E-Learning Security (ELS 2009)}, keywords = {its}, month = 11, pages = {1-7}, publisher = {IEEE Press}, title = {Security in Tele-Lab – Protecting an Online Virtual Lab for Security Training}, year = 2009 }
Weitere Informationen

6.
Schnjakin, M., Menzel, M., Meinel, C.: A Pattern-driven Security Advisor for Service-oriented Architectures. Proceedings of the 6th SWS workshop (in conjunction with 16th ACM CCS) on Secure web services (SWS 2009). pp. 13–20. ACM Press, Chicago, USA (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Schnjakin_SWS, address = {Chicago, USA}, author = {Schnjakin, Maxim and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 6th SWS workshop (in conjunction with 16th ACM CCS) on Secure web services (SWS 2009)}, keywords = {its}, month = 11, pages = {13-20}, publisher = {ACM Press}, title = {A Pattern-driven Security Advisor for Service-oriented Architectures}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1655121.1655126

7.
Roschke, S., Cheng, F., Tran, T.-D., Meinel, C.: A Theoretical Model of Lock-Keeper Data Exchange and its Practical Verification. Proceedings of the 6th IFIP International Conference on Network and Parallel Computing (NPC 2009). pp. 190–196. IEEE Press, Gold Coast, Australia (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Roschke_NPC, address = {Gold Coast, Australia}, author = {Roschke, Sebastian and Cheng, Feng and Tran, Thanh-Dien and Meinel, Christoph}, booktitle = {Proceedings of the 6th IFIP International Conference on Network and Parallel Computing (NPC 2009)}, keywords = {its}, month = 10, pages = {190-196}, publisher = {IEEE Press}, title = {A Theoretical Model of Lock-Keeper Data Exchange and its Practical Verification}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NPC.2009.35

8.
Haq, I.U., Alnemr, R., Paschke, A., Schikuta, E., Boley, H., Meinel, C.: Distributed Trust Management for Validating SLA Choreographies. Proceedings of Workshop SLAs in Grids (in conjunction with Grid’09) on SERVICE LEVEL AGREEMENTS (SLAs 2009). Springer, Banff, Canada (2009).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2009_Haq_SLAs, address = {Banff, Canada}, author = {Haq, Irfan Ul and Alnemr, Rehab and Paschke, Adrian and Schikuta, Erich and Boley, Harold and Meinel, Christoph}, booktitle = {Proceedings of Workshop SLAs in Grids (in conjunction with Grid'09) on SERVICE LEVEL AGREEMENTS (SLAs 2009)}, keywords = {its}, month = 10, publisher = {Springer}, series = {CoreGRID}, title = {Distributed Trust Management for Validating SLA Choreographies}, year = 2009 }
Weitere Informationen

9.
Thomas, I., Meinel, C.: Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 243–250. IEEE Press, Bangalore, India (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Thomas_SCC, address = {Bangalore, India}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its}, month = 9, pages = {243-250}, publisher = {IEEE Press}, title = {Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SCC.2009.66

10.
Alnemr, R., Bross, J., Meinel, C.: Constructing a Context-aware Service-Oriented Reputation Model using Attention Allocation Points. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 451–457. IEEE Press, Bangalore, India (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Alnemr_SCC, address = {Bangalore, India}, author = {Alnemr, Rehab and Bross, Justus and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its}, month = 9, pages = {451-457}, publisher = {IEEE Press}, title = {Constructing a Context-aware Service-Oriented Reputation Model using Attention Allocation Points}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SCC.2009.55

11.
Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards Unifying Vulnerability Information for Attack Graph Construction. Proceedings of the 12th International Conference on Information Security (ISC 2009). pp. 218–233. Springer, Pisa, Italy (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Roschke_ISC, address = {Pisa, Italy}, author = {Roschke, Sebastian and Cheng, Feng and Schuppenies, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 12th International Conference on Information Security (ISC 2009)}, keywords = {its}, month = 9, pages = {218-233}, publisher = {Springer}, series = {LNCS 5735}, title = {Towards Unifying Vulnerability Information for Attack Graph Construction}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-04474-8_18

12.
Menzel, M., Meinel, C.: A Security Meta-Model for Service-oriented Architectures. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 251–259. IEEE Computer Society, Bangalore, India (2009).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in Service-oriented Architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.
@inproceedings{2009_Menzel_SCC, abstract = {Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in Service-oriented Architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.}, address = {Bangalore, India}, author = {Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its SOA_Security Model-driven_Security Web_Service_Security Security_Meta_Model WS-SecurityPolicy}, month = 9, pages = {251-259}, publisher = {IEEE Computer Society}, title = {A Security Meta-Model for Service-oriented Architectures}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/scc.2009.57
AbstractService-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in Service-oriented Architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.

13.
Roschke, S., Cheng, F., Meinel, C.: An Extensible and Virtualization-Compatible IDS Management Architecture. Proceedings of the 5th International Conference on Information Assurance and Security (IAS 2009). pp. 130–134. IEEE Press, Xi’an, China (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Roschke_IAS, address = {Xi'an, China}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Information Assurance and Security (IAS 2009)}, keywords = {its}, month = 8, pages = {130-134}, publisher = {IEEE Press}, title = {An Extensible and Virtualization-Compatible IDS Management Architecture}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/IAS.2009.151

14.
Hebig, R.N., Meinel, C., Menzel, M., Thomas, I., Warschofsky, R.: A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control. Proceedings of the 2009 IEEE International Conference on Web Services (ICWS 2009), Application and Industry Track. pp. 551–558. IEEE Computer Society, Los Alamitos, CA, USA (2009).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.
@inproceedings{2009_Hebig_ICWS, abstract = {The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.}, address = {Los Alamitos, CA, USA}, author = {Hebig, Regina N. and Meinel, Christoph and Menzel, Michael and Thomas, Ivonne and Warschofsky, Robert}, booktitle = {Proceedings of the 2009 IEEE International Conference on Web Services (ICWS 2009), Application and Industry Track}, keywords = {Web_Services Access_Control its SAML XACML}, month = 7, pages = {551–558}, publisher = {IEEE Computer Society}, title = {A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/icws.2009.89
AbstractThe loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.

15.
Wolter, C., Weiß, C., Meinel, C.: An XACML Extension for Business Process-Centric Access Control Policies. Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2009). pp. 166–169. IEEE Press, London, UK (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Wolter_Policy, address = {London, UK}, author = {Wolter, Christian and Weiß, Christian and Meinel, Christoph}, booktitle = {Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2009)}, keywords = {its}, month = 7, pages = {166-169}, publisher = {IEEE Press}, title = {An XACML Extension for Business Process-Centric Access Control Policies}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/POLICY.2009.21

16.
Menzel, M., Thomas, I., Meinel, C.: Security Requirements Specification in Service-oriented Business Process Management. Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009). pp. 41–48. IEEE Computer Science, Fukuoka, Japan (2009).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Service-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially. However, security requirements are usually defined on a technical level, rather than on an organisational level that would provide a comprehensive view on the participants, the assets and their relationships regarding security. In this paper, we propose an approach to describe security requirements at the business process layer and their translation to concrete security configuration for service-based systems. We introduce security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level. Our aim is to facilitate the generation of security configurations based on the modelled requirements. For this purpose, we foster a model-driven approach: Information at the modelling layer is gathered and translated to a domain-independent security model. Concrete protocols and security mechanisms are resolved based on a security pattern system that is introduced in the course of this paper.
@inproceedings{2009_Menzel_ARES, abstract = {Service-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially. However, security requirements are usually defined on a technical level, rather than on an organisational level that would provide a comprehensive view on the participants, the assets and their relationships regarding security. In this paper, we propose an approach to describe security requirements at the business process layer and their translation to concrete security configuration for service-based systems. We introduce security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level. Our aim is to facilitate the generation of security configurations based on the modelled requirements. For this purpose, we foster a model-driven approach: Information at the modelling layer is gathered and translated to a domain-independent security model. Concrete protocols and security mechanisms are resolved based on a security pattern system that is introduced in the course of this paper.}, address = {Fukuoka, Japan}, author = {Menzel, Michael and Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009)}, keywords = {its}, month = 6, pages = {41-48}, publisher = {IEEE Computer Science}, title = {Security Requirements Specification in Service-oriented Business Process Management}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ares.2009.90
AbstractService-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially. However, security requirements are usually defined on a technical level, rather than on an organisational level that would provide a comprehensive view on the participants, the assets and their relationships regarding security. In this paper, we propose an approach to describe security requirements at the business process layer and their translation to concrete security configuration for service-based systems. We introduce security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level. Our aim is to facilitate the generation of security configurations based on the modelled requirements. For this purpose, we foster a model-driven approach: Information at the modelling layer is gathered and translated to a domain-independent security model. Concrete protocols and security mechanisms are resolved based on a security pattern system that is introduced in the course of this paper.

17.
Kylau, U., Thomas, I., Menzel, M., Meinel, C.: Trust Requirements in Identity Federation Topologies. Proceedings of the 23rd International Conference on Advanced Information Networking and Applications (AINA 2009). pp. 137–145. IEEE Computer Society, Bradford, UK (2009).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Federated Identity Management describes a model to enable users to use their digital identities in collaborating companies regardless of organizational borders. The essential pre-requisite to share the user authentication across different security domains is the establishment of trust between the collaborating partners. Usually, this is done by setting up complex contracts, that describe common policies, obligations and procedures to be followed by each collaboration member. The result is a federation, or Circle of Trust, in which each member is willing to trust on assertions made by someone else. Naturally, federations are no isolated structures and members of one federation might also be part of another one - a constellation possible with current federation technologies. However, whether and how the trust relationships of federations can be used to allow access even across multiple federations is a question which has not been answered yet. In this paper, we investigate trust requirements for identity federation topologies. Starting from the classical structure of a Circle of Trust, we go beyond this and identify more complex patterns such as overlapping federations. For each pattern, we identify risks for identity and service providers as well as the necessary trust requirements that must be met to allow such constellations.
@inproceedings{2009_Kylau_AINA, abstract = {Federated Identity Management describes a model to enable users to use their digital identities in collaborating companies regardless of organizational borders. The essential pre-requisite to share the user authentication across different security domains is the establishment of trust between the collaborating partners. Usually, this is done by setting up complex contracts, that describe common policies, obligations and procedures to be followed by each collaboration member. The result is a federation, or Circle of Trust, in which each member is willing to trust on assertions made by someone else. Naturally, federations are no isolated structures and members of one federation might also be part of another one - a constellation possible with current federation technologies. However, whether and how the trust relationships of federations can be used to allow access even across multiple federations is a question which has not been answered yet. In this paper, we investigate trust requirements for identity federation topologies. Starting from the classical structure of a Circle of Trust, we go beyond this and identify more complex patterns such as overlapping federations. For each pattern, we identify risks for identity and service providers as well as the necessary trust requirements that must be met to allow such constellations.}, address = {Bradford, UK}, author = {Kylau, Uwe and Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 23rd International Conference on Advanced Information Networking and Applications (AINA 2009)}, keywords = {its Federated_Identity_Management}, month = 5, pages = {137-145}, publisher = {IEEE Computer Society}, title = {Trust Requirements in Identity Federation Topologies}, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/aina.2009.80
AbstractFederated Identity Management describes a model to enable users to use their digital identities in collaborating companies regardless of organizational borders. The essential pre-requisite to share the user authentication across different security domains is the establishment of trust between the collaborating partners. Usually, this is done by setting up complex contracts, that describe common policies, obligations and procedures to be followed by each collaboration member. The result is a federation, or Circle of Trust, in which each member is willing to trust on assertions made by someone else. Naturally, federations are no isolated structures and members of one federation might also be part of another one - a constellation possible with current federation technologies. However, whether and how the trust relationships of federations can be used to allow access even across multiple federations is a question which has not been answered yet. In this paper, we investigate trust requirements for identity federation topologies. Starting from the classical structure of a Circle of Trust, we go beyond this and identify more complex patterns such as overlapping federations. For each pattern, we identify risks for identity and service providers as well as the necessary trust requirements that must be met to allow such constellations.

18.
Cheng, F., Roschke, S., Meinel, C.: Implementing IDS Management on Lock-Keeper. Proceedings of the 5th International Conference on Information Security Practice and Experience (ISPEC 2009). pp. 360–371. Springer Press, Xi’an, China (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Cheng_ISPEC, address = {Xi'an, China}, author = {Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Information Security Practice and Experience (ISPEC 2009)}, keywords = {its}, month = 4, pages = {360-371}, publisher = {Springer Press}, series = {LNCS}, title = {Implementing IDS Management on Lock-Keeper}, volume = 5451, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-00843-6_31

19.
Wolter, C., Miseldine, P., Meinel, C.: Verification of Business Process Entailment Constraints Using SPIN. Proceedings of the 1st International Symposium on Engineering Secure Software and Systems (ESSoS 2009). pp. 1–15. Springer Press, Leuven, Belgium (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Wolter_ESSoS, address = {Leuven, Belgium}, author = {Wolter, Christian and Miseldine, Philip and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Symposium on Engineering Secure Software and Systems (ESSoS 2009)}, keywords = {its}, month = 2, pages = {1-15}, publisher = {Springer Press}, series = {LNCS}, title = {Verification of Business Process Entailment Constraints Using SPIN}, volume = 5429, year = 2009 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-00199-4_1

20.
Cheng, F., Meinel, C.: Design of Lock-Keeper Federated Authentication Gateway. Proceedings of the 11th International Conference on Advanced Communication Technology (ICACT 2009). pp. 1041–1046. IEEE Press, Phoenix Park, Korea (2009).
[ BibTeX ] [ Details ]
 
@inproceedings{2009_Cheng_ICACT, address = {Phoenix Park, Korea}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Advanced Communication Technology (ICACT 2009)}, keywords = {its}, month = 2, pages = {1041-1046}, publisher = {IEEE Press}, title = {Design of Lock-Keeper Federated Authentication Gateway}, year = 2009 }
Weitere Informationen

2008 [ nach oben ]

1.
Willems, C.: Tele-Lab IT-Security: an architecture for an online virtual IT security lab. Proceedings of 2nd International Workshop on E-Learning and Virtual and Remote Laboratories 2008 (VIRTUAL-LAB). Universitätsverlag Potsdam, Potsdam, Germany (2008).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2008_Willems_VIRTUAL-LAB, address = {Potsdam, Germany}, author = {Willems, Christian}, booktitle = {Proceedings of 2nd International Workshop on E-Learning and Virtual and Remote Laboratories 2008 (VIRTUAL-LAB)}, keywords = {its}, publisher = {Universitätsverlag Potsdam}, title = {Tele-Lab IT-Security: an architecture for an online virtual IT security lab}, year = 2008 }
Weitere Informationen

2.
Thomas, I., Menzel, M., Meinel, C.: Using Quantified Trust Level to Describe Authentication Requirements in Federated Identity Management. Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2008), in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008). pp. 71–80. ACM Press, Alexandria, VA, USA (2008).
[ Abstract ] [ BibTeX ] [ Details ]
 
Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.
@inproceedings{2008_Thomas_SWS, abstract = {Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.}, address = {Alexandria, VA, USA}, author = {Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2008), in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008)}, keywords = {its}, pages = {71-80}, publisher = {ACM Press}, title = {Using Quantified Trust Level to Describe Authentication Requirements in Federated Identity Management}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1456492.1456504
AbstractService-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.

3.
Thomas, I., Michael, M., Meinel, C.: Quantified Trust Levels for Authentication. Proceedings of the 2008 ACM workshop on Secure web services (ISSE 2008). pp. 71–80. ACM Press, Madrid, Spain (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Thomas_ISSE, address = {Madrid, Spain}, author = {Thomas, Ivonne and Michael, Menzel and Meinel, Christoph}, booktitle = {Proceedings of the 2008 ACM workshop on Secure web services (ISSE 2008)}, keywords = {its}, month = 10, pages = {71-80}, publisher = {ACM Press}, title = {Quantified Trust Levels for Authentication}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1456492.1456504

4.
Zhou, W., Meinel, C.: Enforcing Information Flow Constraints in RBAC Environments. Proceedings of the 1st International Symposium on Electronic Commerce and Security (ISECS 2008). pp. 153–158. IEEE Press, Guangzhou, China (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Zhou_ISECS, address = {Guangzhou, China}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Symposium on Electronic Commerce and Security (ISECS 2008)}, keywords = {its}, month = 8, pages = {153 - 158}, publisher = {IEEE Press}, title = {Enforcing Information Flow Constraints in RBAC Environments}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISECS.2008.57

5.
Alnemr, R., Meinel, C.: Getting more from Reputation Systems: A Context–aware Reputation Framework based on Trust Centers and Agent Lists. Proceedings of the 3rd International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008). pp. 137–142. IEEE Press, Athens, Greece (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Alnemr_ICCGI, address = {Athens, Greece}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008)}, keywords = {its}, month = 7, pages = {137 - 142}, publisher = {IEEE Press}, title = {Getting more from Reputation Systems: A Context–aware Reputation Framework based on Trust Centers and Agent Lists}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCGI.2008.45

6.
Wolter, C., Schaad, A., Meinel, C.: Task-Based Entailment Constraints For Basic Workflow Patterns. Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT 2008). pp. 51–60. ACM Press, Colorado, USA (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Wolter_SACMAT, address = {Colorado, USA}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT 2008)}, keywords = {its}, month = 6, pages = {51 - 60}, publisher = {ACM Press}, title = {Task-Based Entailment Constraints For Basic Workflow Patterns}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/1377836.1377844

7.
Zhang, G., Cheng, F., Meinel, C.: SIMPA: A SIP-based Mobile Payment Architecture. Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2008). pp. 287–292. IEEE Press, Portland, Oregon (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Zhang_ICIS, address = {Portland, Oregon}, author = {Zhang, Ge and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2008)}, keywords = {its}, month = 5, pages = {287 - 292}, publisher = {IEEE Press}, title = {SIMPA: A SIP-based Mobile Payment Architecture}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICIS.2008.80

8.
Menzel, M., Wolter, C., Meinel, C.: Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions. Proceedings of the 11th International Conference on Business Information Systems (BIS 2008). pp. 297–308. Springer, Innsbruck, Austria (2008).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organizational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organizations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as polices that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organizational service compositions.
@inproceedings{2008_Menzel_BIS, abstract = {The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organizational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organizations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as polices that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organizational service compositions.}, address = {Innsbruck, Austria}, author = {Menzel, Michael and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Business Information Systems (BIS 2008)}, keywords = {Security SOA its Service_Composition Security_Policy}, month = 5, pages = {297–308}, publisher = {Springer}, series = {LNBIP}, title = {Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions}, volume = 7, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-79396-0_26
AbstractThe seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organizational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organizations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as polices that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organizational service compositions.

9.
Willems, C., Meinel, C.: Awareness Creation mit Tele-Lab IT-Security: praktisches IT-Sicherheitstraining am Beispiel Trojanischer Pferde. Proceedings of GI 2008 International Conference on Sicherheit (Sicherheit 2008). pp. 513–532. GI Press, Saarbrücken, Germany (2008).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2008_Willems_Sicherheit, address = {Saarbrücken, Germany}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of GI 2008 International Conference on Sicherheit (Sicherheit 2008)}, keywords = {its}, month = 4, pages = {513 - 532}, publisher = {GI Press}, series = {LNI}, title = {Awareness Creation mit Tele-Lab IT-Security: praktisches IT-Sicherheitstraining am Beispiel Trojanischer Pferde}, volume = 128, year = 2008 }
Weitere Informationen

10.
Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. Proceedings of GI 2008 International Conference on Modellierung (Modellierung 2008). pp. 197–212. GI Press, Berlin, Germany (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Wolter_Modellierung, address = {Berlin, Germany}, author = {Wolter, Christian and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of GI 2008 International Conference on Modellierung (Modellierung 2008)}, keywords = {its}, month = 3, pages = {197 - 212}, publisher = {GI Press}, series = {LNI}, title = {Modelling Security Goals in Business Processes}, volume = 127, year = 2008 }
Weitere Informationen

11.
Zhang, G., Cheng, F., Meinel, C.: Towards Secure Mobile Payment Based on SIP. Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2008). pp. 96–104. IEEE Press, Belfast, Northern Ireland, UK (2008).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2008_Zhang_ECBS, address = {Belfast, Northern Ireland, UK}, author = {Zhang, Ge and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2008)}, keywords = {its}, month = 3, pages = {96 - 104}, publisher = {IEEE Press}, title = {Towards Secure Mobile Payment Based on SIP}, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ECBS.2008.21

12.
Wolter, C., Schaad, A., Meinel, C.: A Transformation Approach for Security Enhanced Business Processes. Proceedings of the IASTED International Conference on Software Engineering (SE 2008). pp. 14–19. ACTA Press, Innsbruck, Austria (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Wolter_SE, address = {Innsbruck, Austria}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of the IASTED International Conference on Software Engineering (SE 2008)}, keywords = {its}, month = 2, pages = {14-19}, publisher = {ACTA Press}, title = {A Transformation Approach for Security Enhanced Business Processes}, year = 2008 }
Weitere Informationen

13.
Cheng, F., Meinel, C.: Strong Authentication over Lock-Keeper. Proceedings of the 34th conference on Current trends in theory and practice of computer science (SOFSEM 2008). pp. 572–584. Springer, High Tatras, Slovakia (2008).
[ BibTeX ] [ Details ]
 
@inproceedings{2008_Cheng_SOFSEM, address = {High Tatras, Slovakia}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 34th conference on Current trends in theory and practice of computer science (SOFSEM 2008)}, keywords = {its}, month = 1, pages = {572 - 584}, publisher = {Springer}, series = {LNCS}, title = {Strong Authentication over Lock-Keeper}, volume = 4910, year = 2008 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-77566-9_50

2007 [ nach oben ]

1.
Menzel, M., Thomas, I., Wolter, C., Meinel, C.: SOA Security - Secure Cross-Organizational Service Composition. Proceedings of the Stuttgarter Softwaretechnik Forum 2007 (SSF 2007). pp. 41–53. Fraunhofer IRB-Verlag, Stuttgart, Germany (2007).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2007_Menzel_SSF, address = {Stuttgart, Germany}, author = {Menzel, Michael and Thomas, Ivonne and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the Stuttgarter Softwaretechnik Forum 2007 (SSF 2007)}, keywords = {its}, pages = {41 - 53}, publisher = {Fraunhofer IRB-Verlag}, title = {SOA Security - Secure Cross-Organizational Service Composition}, year = 2007 }
Weitere Informationen

2.
Menzel, M., Cheng, F., Meinel, C.: Providing Secure Web Services Using Physical Separation. Proceedings of the 9th International Conference on Information and Communications Security (ICICS 2007). Springer, Zhengzhou, China (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Menzel_ICICS, address = {Zhengzhou, China}, author = {Menzel, Michael and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information and Communications Security (ICICS 2007)}, keywords = {its}, month = 12, publisher = {Springer}, title = {Providing Secure Web Services Using Physical Separation}, year = 2007 }
Weitere Informationen

3.
Wolter, C., Schaad, A., Meinel, C.: Deriving XACML Policies from Business Process Models. Proceedings of International Workshops on Web Information Systems Engineering (WISE 2007). pp. 142–153. Springer, Nancy, France (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Wolter_WISE, address = {Nancy, France}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of International Workshops on Web Information Systems Engineering (WISE 2007)}, keywords = {its}, month = 12, pages = {142 - 153}, publisher = {Springer}, series = {LNCS}, title = {Deriving XACML Policies from Business Process Models}, volume = 4832, year = 2007 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-77010-7_15

4.
Menzel, M., Wolter, C., Meinel, C.: Access Control for Cross-Organisational Web Service Composition. Information Assurance and Security 2 (2007) 155–160. pp. 701–711 (2007).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2007_Menzel_SIS, author = {Menzel, Michael and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2nd International Workshop on Secure Information Systems (SIS 2007)}, journal = {Information Assurance and Security 2 (2007) 155–160}, keywords = {its}, month = 10, pages = {701 - 711}, title = {Access Control for Cross-Organisational Web Service Composition}, year = 2007 }
Weitere Informationen

5.
Cheng, F., Menzel, M., Meinel, C.: A Secure Web Services Providing Framework based on Lock-Keeper. Proceedings of the 10th International Conference on Managing Next Generation Networks and Services (APNOMS 2007). pp. 375–384. Springer, Sapporo, Japan (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Cheng_APNOMS, address = {Sapporo, Japan}, author = {Cheng, Feng and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference on Managing Next Generation Networks and Services (APNOMS 2007)}, keywords = {its}, month = 10, pages = {375 - 384}, publisher = {Springer}, series = {LNCS}, title = {A Secure Web Services Providing Framework based on Lock-Keeper}, volume = 4773, year = 2007 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-75476-3_38

6.
Zhou, W., Meinel, C.: Team and Task Based RBAC Access Control Model. Proceedings of the 5th International Conference on Network Operations and Management Symposium (LANOMS 2007). pp. 84–94. IEEE Press, Petrópolis, Brazil (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Zhou_LANOMS, address = {Petrópolis, Brazil}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Network Operations and Management Symposium (LANOMS 2007)}, keywords = {its}, month = 9, pages = {84 - 94}, publisher = {IEEE Press}, title = {Team and Task Based RBAC Access Control Model}, year = 2007 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/LANOMS.2007.4362463

7.
Zhou, W., Meinel, C.: A Policy Language for Integrating Heterogeneous Authorization Policies. Proceedings of the 4th International Conference on Grid Service Engineering and Management (GSEM 2007). pp. 9–23. , Leipzig, Germany (2007).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2007_Zhou_GSEM, address = {Leipzig, Germany}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Grid Service Engineering and Management (GSEM 2007)}, keywords = {its}, month = 9, pages = {9 - 23}, title = {A Policy Language for Integrating Heterogeneous Authorization Policies}, year = 2007 }
Weitere Informationen

8.
Cheng, F., Wolter, C., Meinel, C.: A Simple, Smart and Extensible Framework for Network Security Measurement. Proceedings of the 3rd International Conference on Information Security and Cryptology (Inscrypt 2007). pp. 517–531. Springer, Xining, China (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Cheng_Inscrypt, address = {Xining, China}, author = {Cheng, Feng and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Conference on Information Security and Cryptology (Inscrypt 2007)}, keywords = {its}, month = 8, pages = {517 - 531}, publisher = {Springer}, series = {LNCS}, title = {A Simple, Smart and Extensible Framework for Network Security Measurement}, volume = 4990, year = 2007 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-79499-8_41

9.
Zhou, W., Meinel, C.: Function-Based Authorization Constraints Specification and Enforcement. Proceedings of the 3rd International Symposium on Information Assurance and Security (IAS 2007). pp. 119–124. IEEE Press, Manchester, United Kingdom (2007).
[ BibTeX ] [ Details ]
 
@inproceedings{2007_Zhou_IAS, address = {Manchester, United Kingdom}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Symposium on Information Assurance and Security (IAS 2007)}, keywords = {its}, month = 8, pages = {119-124}, publisher = {IEEE Press}, title = {Function-Based Authorization Constraints Specification and Enforcement}, year = 2007 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/IAS.2007.40

2006 [ nach oben ]

1.
Hu, J., Cordel, D., Meinel, C.: New Media for Teaching Applied Cryptography and Network Security. Proceedings of the 1st European Conference on Technology Enhanced Learning (EC-TEL 2006). pp. 488–493. Springer, Crete, Greece (2006).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2006_Hu_EC-TEL, address = {Crete, Greece}, author = {Hu, J. and Cordel, D. and Meinel, Christoph}, booktitle = {Proceedings of the 1st European Conference on Technology Enhanced Learning (EC-TEL 2006)}, keywords = {its}, month = 10, pages = {488-493}, publisher = {Springer}, series = {LNCS}, title = {New Media for Teaching Applied Cryptography and Network Security}, volume = 4227, year = 2006 }
Weitere Informationen

2.
Cheng, F., Meinel, C.: Lock-Keeper: A New Implementation of Physical Separation Technology. Proceedings of International Conference on Securing Electronic Busines Processes (ISSE 2006). pp. 275–286. Springer, Rome, Italy (2006).
[ BibTeX ] [ Details ]
 
@inproceedings{2006_Cheng_ISSE, address = {Rome, Italy}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of International Conference on Securing Electronic Busines Processes (ISSE 2006)}, keywords = {its}, month = 10, pages = {275-286}, publisher = {Springer}, title = {Lock-Keeper: A New Implementation of Physical Separation Technology}, year = 2006 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-8348-9195-2_30

3.
Cheng, F., Meinel, C.: Deployment of Virtual Machines in Lock-Keeper. Proceedings of the 7th International Conference on Information Security Applications (WISA 2006). pp. 339–351. Springer, Jeju Island, South Korea (2006).
[ BibTeX ] [ Details ]
 
@inproceedings{2006_Cheng_WISA, address = {Jeju Island, South Korea}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Information Security Applications (WISA 2006)}, keywords = {its}, month = 8, pages = {339-351}, publisher = {Springer}, series = {LNCS}, title = {Deployment of Virtual Machines in Lock-Keeper}, volume = 4298, year = 2006 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-540-71093-6_12

4.
Zhou, W., Raja, V.H., Meinel, C., Ahmad, M.: Label-Based Access Control Policy Enforcement and Management. Proceedings of the 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2006). pp. 395–400. IEEE Press, Las Vegas, Nevada (2006).
[ BibTeX ] [ Details ]
 
@inproceedings{2006_Zhou_SNPD, address = {Las Vegas, Nevada}, author = {Zhou, Wei and Raja, Vinesh H. and Meinel, Christoph and Ahmad, Munir}, booktitle = {Proceedings of the 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2006)}, keywords = {its}, month = 6, pages = {395-400}, publisher = {IEEE Press}, title = {Label-Based Access Control Policy Enforcement and Management}, year = 2006 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SNPD-SAWN.2006.45

2005 [ nach oben ]

1.
Zhou, W., Raja, V.H., Meinel, C., Ahmad, M.: A Framework for Cross-Institutional Authentication and Authorisation. Proceedings of the 6th Annual Conferences on eBusiness, eGovernment, eWork, eEurope 2005 (eChallenges 2005). pp. 1259–1266. IEEE Press, Ljubljana, Slovenia (2005).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2005_Zhou_eChallenges, address = {Ljubljana, Slovenia}, author = {Zhou, W. and Raja, V. H. and Meinel, Christoph and Ahmad, M.}, booktitle = {Proceedings of the 6th Annual Conferences on eBusiness, eGovernment, eWork, eEurope 2005 (eChallenges 2005)}, keywords = {its}, month = 10, pages = {1259-1266}, publisher = {IEEE Press}, title = {A Framework for Cross-Institutional Authentication and Authorisation}, year = 2005 }
Weitere Informationen

2.
Ghasemzadeh, M., Klotz, V., Meinel, C.: Splitting Versus Unfolding. Proceedings of the 7th International Symposium on Representations and Methodology of Future Computing Technology (RM 2005). pp. 30–34 (2005).
[ BibTeX ] [ Details ]
 
@inproceedings{2005_Ghasemzadeh_RM, author = {Ghasemzadeh, M. and Klotz, V. and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Symposium on Representations and Methodology of Future Computing Technology (RM 2005)}, keywords = {its}, month = 9, pages = {30-34}, title = {Splitting Versus Unfolding}, year = 2005 }
Weitere Informationen

3.
Zhou, W., Raja, V.H., Meinel, C.: An Authentication and Authorization System for Virtual Organizations. Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2005). pp. 150–155. INT INST INFORMATICS & SYSTEMICS, Florida, USA (2005).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2005_Zhou_WMSCI, address = {Florida, USA}, author = {Zhou, W. and Raja, V. H. and Meinel, Christoph}, booktitle = {Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2005)}, keywords = {its}, month = 7, pages = {150-155}, publisher = {INT INST INFORMATICS & SYSTEMICS}, title = {An Authentication and Authorization System for Virtual Organizations}, volume = 7, year = 2005 }
Weitere Informationen

4.
Zhou, W., Meinel, C., Raja, V.H.: A Framework for Supporting Distributed Access Control Policies. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005). pp. 442–447. IEEE Press, Cartagena, Spain (2005).
[ BibTeX ] [ Details ]
 
@inproceedings{2005_Zhou_ISCC, address = {Cartagena, Spain}, author = {Zhou, W. and Meinel, Christoph and Raja, V. H.}, booktitle = {Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005)}, keywords = {its}, month = 6, pages = {442- 447}, publisher = {IEEE Press}, title = {A Framework for Supporting Distributed Access Control Policies}, year = 2005 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISCC.2005.10

5.
Hu, J., Cordel, D., Meinel, C.: Virtual Machine Management for Tele-Lab "IT-Security" Server. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005). pp. 448–453. IEEE Press, Cartagena, Spain (2005).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2005_Hu_ISCC, address = {Cartagena, Spain}, author = {Hu, J. and Cordel, D. and Meinel, Christoph}, booktitle = {Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005)}, keywords = {its}, month = 6, pages = {448- 453}, publisher = {IEEE Press}, title = {Virtual Machine Management for Tele-Lab "IT-Security" Server}, year = 2005 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISCC.2005.153

6.
Zhang, X., Jiang, C., Huang, W., Meinel, C.: A XML Format Secure Protocal - OpenSST. Proceedings of the 3rd ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2005). p. 89. IEEE Press, Cairo, Egypt (2005).
[ BibTeX ] [ Details ]
 
@inproceedings{2005_Zhang_AICCSA, address = {Cairo, Egypt}, author = {Zhang, X. and Jiang, C. and Huang, W. and Meinel, Christoph}, booktitle = {Proceedings of the 3rd ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2005)}, keywords = {its}, month = 1, pages = 89, publisher = {IEEE Press}, title = {A XML Format Secure Protocal - OpenSST}, year = 2005 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/AICCSA.2005.1387080

7.
Cordel, D., Hu, J., Meinel, C.: Tele-Lab IT-Security - IT Sicherheitstraining im Internet. Proceedings of International Symposium one-Lecturing und tele-TASK: Grenzenloses elektronisches Lernen für alle (D-A-C-H Security 2005). syssec Verlag, Darmstadt, Germany (2005).
[ BibTeX ] [ Details ]
 
@inproceedings{2005_Cordel_D-A-C-H_Security, address = {Darmstadt, Germany}, author = {Cordel, D. and Hu, J. and Meinel, Christoph}, booktitle = {Proceedings of International Symposium one-Lecturing und tele-TASK: Grenzenloses elektronisches Lernen für alle (D-A-C-H Security 2005)}, keywords = {its}, month = 1, publisher = {syssec Verlag}, title = {Tele-Lab IT-Security - IT Sicherheitstraining im Internet}, year = 2005 }
Weitere Informationen

2004 [ nach oben ]

1.
Hu, J., Meinel, C.: A Virtual Laboratory for IT Security Education. Proceedings of EMISA International Conference on Informationssysteme im E-Business und E-Government (EMISA 2004). pp. 60–71. GI Press, Luxemburg (2004).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2004_Hu_EMISA, address = {Luxemburg}, author = {Hu, Ji and Meinel, Christoph}, booktitle = {Proceedings of EMISA International Conference on Informationssysteme im E-Business und E-Government (EMISA 2004)}, keywords = {its}, month = 10, pages = {60-71}, publisher = {GI Press}, series = {LNI}, title = {A Virtual Laboratory for IT Security Education}, volume = 56, year = 2004 }
Weitere Informationen

2.
Zhang, X., Cheng, F., Dulaunoy, A., Meinel, C.: An Http-based implementation of OpenSST. Proceedings of International Conference on Computer Communication (ICCC 2004). , Beijing, China (2004).
[ BibTeX ] [ Details ]
 
@inproceedings{2004_Zhang_ICCC, address = {Beijing, China}, author = {Zhang, Xinhua and Cheng, Feng and Dulaunoy, Alexandre and Meinel, Christoph}, booktitle = {Proceedings of International Conference on Computer Communication (ICCC 2004)}, keywords = {its}, month = 8, title = {An Http-based implementation of OpenSST}, year = 2004 }
Weitere Informationen

3.
Hu, J., Meinel, C., Schmitt, M.: Tele-Lab IT Security: An Architecture for Interactive Lessons for Security Education. Proceedings of the 35th SIGCSE technical symposium on Computer science education (SIGCSE 2004). pp. 412–416. ACM Press, Norfolk, Virginia, USA (2004).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2004_Hu_SIGCSE, address = {Norfolk, Virginia, USA}, author = {Hu, J. and Meinel, Christoph and Schmitt, M.}, booktitle = {Proceedings of the 35th SIGCSE technical symposium on Computer science education (SIGCSE 2004)}, keywords = {its}, month = 3, pages = {412-416}, publisher = {ACM Press}, title = {Tele-Lab IT Security: An Architecture for Interactive Lessons for Security Education}, year = 2004 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/971300.971440

4.
Hu, J., Meinel, C.: Tele-Lab IT-Security: A Means to Build Security Laboratories on the Web. Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). pp. 285–288. IEEE Press, Fukuoka, Japan (2004).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2004_Hu_AINA, address = {Fukuoka, Japan}, author = {Hu, Ji and Meinel, Christoph}, booktitle = {Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004)}, keywords = {its}, month = 3, pages = {285-288}, publisher = {IEEE Press}, title = {Tele-Lab IT-Security: A Means to Build Security Laboratories on the Web}, volume = 2, year = 2004 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/AINA.2004.1283804

5.
Zhou, W., Meinel, C.: Implement Role based Access Control with Attribute Certificates. Proceedings of the 6th International Conference Advanced Communication Technology (ICACT 2004). pp. 536–541. IEEE Press, Phoenix Park, Republic of Korea (2004).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2004_Zhou_ICACT, address = {Phoenix Park, Republic of Korea}, author = {Zhou, W. and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference Advanced Communication Technology (ICACT 2004)}, keywords = {its}, month = 2, pages = {536-541}, publisher = {IEEE Press}, title = {Implement Role based Access Control with Attribute Certificates}, year = 2004 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICACT.2004.1292928

2003 [ nach oben ]

1.
Zhang, X., Dulaunoy, A., Meinel, C.: Enhance opensst Protocol´s Security with Smart Card. Proceedings of the IADIS International Conference WWW/Internet (WWW/Internet 2003). pp. 565–571. IADIS Press, Algarve, Portugal (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Zhang_WWWInternet, address = {Algarve, Portugal}, author = {Zhang, X. and Dulaunoy, A. and Meinel, Christoph}, booktitle = {Proceedings of the IADIS International Conference WWW/Internet (WWW/Internet 2003)}, keywords = {its}, month = 11, pages = {565-571}, publisher = {IADIS Press}, title = {Enhance opensst Protocol´s Security with Smart Card}, year = 2003 }
Weitere Informationen

2.
Zhang, X., Meinel, C., Dulaunoy, A.: A Security Improved opensst Prototype combining with Smart Card. Proceedings of International Conference on Computer Networks and Mobile Computing (ICCNMC 2003). pp. 358–361. IEEE Press, Shanghai, China (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Zhang_ICCNMC, address = {Shanghai, China}, author = {Zhang, X. and Meinel, Christoph and Dulaunoy, A.}, booktitle = {Proceedings of International Conference on Computer Networks and Mobile Computing (ICCNMC 2003)}, keywords = {its}, month = 10, pages = {358-361}, publisher = {IEEE Press}, title = {A Security Improved opensst Prototype combining with Smart Card}, year = 2003 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCNMC.2003.1243070

3.
Cheng, F., Ferring, P., Meinel, C., Müllenheim, G., Bern, J.: The DualGate Lock-Keeper: A Highly Efficient Flexible and Applicable Network Security Solution. Proceedings of the 4th International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2003). pp. 152–159. ACIS Press, Lübeck, Germany (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Cheng_SNPD, address = {Lübeck, Germany}, author = {Cheng, F. and Ferring, P. and Meinel, Christoph and Müllenheim, G. and Bern, J.}, booktitle = {Proceedings of the 4th International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2003)}, keywords = {its}, month = 10, pages = {152-159}, publisher = {ACIS Press}, title = {The DualGate Lock-Keeper: A Highly Efficient Flexible and Applicable Network Security Solution}, year = 2003 }
Weitere Informationen

4.
Becker, T., Meinel, C.: Sicherheit: Der entscheidende Erfolgsfaktor für E-Commerce und M-Commerce. Presented at the , Düsseldorf, Germany September (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Becker_ONLINE, address = {Düsseldorf, Germany}, author = {Becker, Torsten and Meinel, Christoph}, keywords = {its}, month = 9, pages = {C421.03-C421.08}, title = {Sicherheit: Der entscheidende Erfolgsfaktor für E-Commerce und M-Commerce}, year = 2003 }
Weitere Informationen

5.
Cheng, F., Meinel, C., Engel, T., Müllenheim, G., Bern, J., Thewes, D.: A Complete Solution for Highly Secure Data Exchange: Lock-Keeper and its Advancements. Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2003). pp. 201–205. IEEE Press, Chengdu, China (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Cheng_PDCAT, address = {Chengdu, China}, author = {Cheng, Feng and Meinel, Christoph and Engel, Thomas and Müllenheim, Gerhard and Bern, Jochen and Thewes, Dominik}, booktitle = {Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2003)}, keywords = {its}, month = 8, pages = {201-205}, publisher = {IEEE Press}, title = {A Complete Solution for Highly Secure Data Exchange: Lock-Keeper and its Advancements}, year = 2003 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/PDCAT.2003.1236288

6.
Hu, J., Meinel, C., Schmitt, M., Willems, C.: A Tutoring System for IT-Security. Proceedings of the 3rd World Conference in Information Security Education (WISE 2003). pp. 51–60. Kluwer Press, Monterey, California, USA (2003).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2003_Hu_WISE, address = {Monterey, California, USA}, author = {Hu, J. and Meinel, Christoph and Schmitt, M. and Willems, Ch.}, booktitle = {Proceedings of the 3rd World Conference in Information Security Education (WISE 2003)}, keywords = {its}, month = 6, pages = {51-60}, publisher = {Kluwer Press}, series = {IFIP Conference Proceedings}, title = {A Tutoring System for IT-Security}, volume = 253, year = 2003 }
Weitere Informationen

2001 [ nach oben ]

1.
Haffner, E.-G., Roth, U., Heuer, A., Engel, T., Meinel, C.: Managing Distributed Personal Firewalls with Smart Data Servers. Proceedings of World Conference on the WWW and Internet (WebNet 2001). pp. 466–471. AACE Press, Orlando, Florida, USA (2001).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2001_Haffner_WebNet, address = {Orlando, Florida, USA}, author = {Haffner, Ernst-Georg and Roth, Uwe and Heuer, Andreas and Engel, Thomas and Meinel, Christoph}, booktitle = {Proceedings of World Conference on the WWW and Internet (WebNet 2001)}, keywords = {its}, month = 10, pages = {466-471}, publisher = {AACE Press}, title = {Managing Distributed Personal Firewalls with Smart Data Servers}, year = 2001 }
Weitere Informationen

2.
Roth, U., Louizi, K., Haffner, E.-G., Meinel, C.: How Much Middle-Tier Do You Need?. Proceedings of World Conference on the WWW and Internet (WebNet 2001). pp. 1053–1056. AACE Press, Orlando, Florida, USA (2001).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2001_Roth_WebNet, address = {Orlando, Florida, USA}, author = {Roth, Uwe and Louizi, Kais and Haffner, Ernst-Georg and Meinel, Christoph}, booktitle = {Proceedings of World Conference on the WWW and Internet (WebNet 2001)}, keywords = {its}, month = 10, pages = {1053-1056}, publisher = {AACE Press}, title = {How Much Middle-Tier Do You Need?}, year = 2001 }
Weitere Informationen

3.
Gollan, L., Meinel, C.: Elektronische Signaturen - eine amerikanische und europäische Perspektive. Proceedings of the 7th Deutsche IT-Sicherheitskongress des BSI (BSI 2001). pp. 97–112. SecuMedia Press, Bonn, Germany (2001).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2001_Gollan_BSI, address = {Bonn, Germany}, author = {Gollan, Lutz and Meinel, Christoph}, booktitle = {Proceedings of the 7th Deutsche IT-Sicherheitskongress des BSI (BSI 2001)}, keywords = {its}, month = 5, pages = {97-112}, publisher = {SecuMedia Press}, title = {Elektronische Signaturen - eine amerikanische und europäische Perspektive}, year = 2001 }
Weitere Informationen

4.
Vorwerk, L., Losemann, F., Meinel, C.: Suggestion for an Alternative of watermarking and digital Signatures. Proceedings of SPIE Conference on Photonics West (PhotonicsWest 2001). pp. 158–165. SPIE Press, San Jose, California, USA (2001).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2001_Vorwerk_PhotonicsWest, address = {San Jose, California, USA}, author = {Vorwerk, Lutz and Losemann, Frank and Meinel, Christoph}, booktitle = {Proceedings of SPIE Conference on Photonics West (PhotonicsWest 2001)}, keywords = {its}, month = 1, pages = {158-165}, publisher = {SPIE Press}, title = {Suggestion for an Alternative of watermarking and digital Signatures}, volume = 4314, year = 2001 }
Weitere Informationen

2000 [ nach oben ]

1.
Vorwerk, L., Meinel, C.: Integration of TLS in an Intern/Intranet/based Application. Proceedings of the International Conference on Emerging Technologies and Life Sciences: Medicine and Communication (MEDICOM 2000). pp. 143–149. Books Express, Remagen, Germany (2000).
[ BibTeX ] [ Details ]
 
@inproceedings{2000_Vorwerk_MEDICOM, address = {Remagen, Germany}, author = {Vorwerk, Lutz and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Emerging Technologies and Life Sciences: Medicine and Communication (MEDICOM 2000)}, keywords = {its}, month = 9, pages = {143-149}, publisher = {Books Express}, title = {Integration of TLS in an Intern/Intranet/based Application}, year = 2000 }
Weitere Informationen

2.
Haffner, E.-G., Engel, T., Meinel, C.: Integration der Schleusentechnologie "Lock-Keeper" in moderne Sicherheitsarchitekturen. Proceedings GI-Workshop "Internet-Datenbanken" (GI Jahrestagung 2000). , Berlin, Germany (2000).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2000_Haffner_GI, address = {Berlin, Germany}, author = {Haffner, Ernst-Georg and Engel, Thomas and Meinel, Christoph}, booktitle = {Proceedings GI-Workshop "Internet-Datenbanken" (GI Jahrestagung 2000)}, keywords = {its}, month = 9, title = {Integration der Schleusentechnologie "Lock-Keeper" in moderne Sicherheitsarchitekturen}, year = 2000 }
Weitere Informationen

3.
Lüpken, B., Losemann, F., Engel, T., Meinel, C.: Functional Integration Test of Mass Processes with Electronic Signatures in Public Administrations. Proceedings of the 8th European Conference on Information Systems (ECIS 2000). , Wien, Österreich (2000).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2000_Lüpken_ECIS, address = {Wien, Österreich}, author = {Lüpken, Burkhard and Losemann, Frank and Engel, Thomas and Meinel, Christoph}, booktitle = {Proceedings of the 8th European Conference on Information Systems (ECIS 2000)}, keywords = {its}, month = 7, title = {Functional Integration Test of Mass Processes with Electronic Signatures in Public Administrations}, year = 2000 }
Weitere Informationen

4.
Haffner, E.G., Engel, T., Meinel, C.: Techniques for Securing Networks Against Criminal Attacks. Proceedings of the International Conference on Internet Computing (IC 2000). pp. 365–369. CSREA Press, Las Vegas, Nevada, USA (2000).
[ BibTeX ] [ Details ]
 
@inproceedings{2000_Haffner_IC, address = {Las Vegas, Nevada, USA}, author = {Haffner, Ernst Georg and Engel, Thomas and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Internet Computing (IC 2000)}, keywords = {its}, month = 6, pages = {365-369}, publisher = {CSREA Press}, title = {Techniques for Securing Networks Against Criminal Attacks}, year = 2000 }
Weitere Informationen