Chair
Hasso-Plattner-Institut
Hasso-Plattner-Institut
Prof. Dr. Christoph Meinel
 

schließen

schließen

schließen

schließen

schließen

schließen
  1. HOME
  2.  > Security Eng
  3.  > Former Projects and Research Areas
  4.  > Cloud...

Multi-Cloud Event Log Analytics and User Behavior Monitoring

Cloud storage consists of logical constructions that are beyond the management of enterprises in contrast to traditional on-premise storage systems.  Consequently, this results to loss of control and ineffectiveness of traditional security tools applied to secure cloud storage.

 

In order to mitigate this security lapse and provide secure enterprise file syncing and sharing options, we employ log event aggregation and analysis to detect suspicious user  behaviour and activities against CloudRAID cloud accounts and resources. All event logs and activities from CloudRAID cloud accounts are collected, aggregated and analysed for malicious activities. Machine learning techniques and Complex Even Processing  (CEP) strategies are employed to detect malicious file sharing activities and unusual requests from users and devices. This approach introduces security control and counter-measures against several attack vectors.

Secure Cloud Configuration Management and Risk Analysis

We use CSBAuditor, a novel cloud security system that continuously audits Cloud Storage Broker (CSB) resources e.g. CloudRAID, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. This approach is particularly imperative given the increasing attacks against cloud storage owing to misconfigurations, which have led to several data breaches e.g. the Verizon AWS S3 data breach. 

 

Our methodology consists of consistent maintenance of the cloud state via a continuous snapshotting mechanism thereby ensuring fault tolerance and visibility. We adopt the principles of chaos engineering by integrating BrokerMonkey, a complimentary system that continuously injects failures into our reference CSB system, CloudRAID. Hence, CSBAuditor is continuously tested for its efficiency in detecting unauthorized changes made in the cloud accounts which could indicate cloud attacks. Furthermore, unlike similar systems CSBAuditor employs security metrics for risk analysis by computing numeric severity scores for detected vulnerabilities using several methodologies e.g. the Common Configuration Scoring System. Hence, the limitation of insufficient or binary-based security metrics in existing cloud auditing schemes is overcome and the security of monitored cloud services is quantitatively measured. 

Contact us!

Want to contact us for a coffee, question or chat? Feel free to contact us: sec-eng-webadmin(at)hpi.de

News

July 2022

HPI Cybersecurity Courses for German-Chinese Summer School at Nanjing University

HPI has maintained close relations with well-known Chinese universities for more than two decades and opened its own HPI Research School at Nanjing University back in 2011. As part of an interdisciplinary summer school at Nanjng University, HPI specifically offered a Lecture Series on cybersecurity from July 5 to 7, 2022.

 

June 2022

Announcement: The free Online-Course "Tatort Internet: Auflage 2022" (German) starts in October. In the Course, Prof. Meinel and the Security-Team present fundamentals of IT-Security as well as current news on security around the world. You can enroll into the course already from today so that you do not miss the start in October!

 

May 2022

openHPI-Kurs: Cloud Computing (German) presented by Prof. Meinel, Hendrik Steinbeck and Daniel Köhler. Aside the fundamentals on Cloud Computing and it's enablers such as the Internet and Virtualization, the course further touches on areas such as Risks and Responsibilities when using or providing cloud services.

Edit: The course has finished, but the teaching-material is still available for self-paced study!

 

March 2022

[German] DDoS-Attacks: What are they and how do they work?

The attack from Russia against the Ukraine is not only run in the physical world. Cyber-War is becoming more and more prominent and the Online-Activists Anonymous have started to perform DDoS-Attacks against Russion webpages, companies and servers. In the German Interview, Daniel Köhler explains, what DDoS-Attacks are and how they are usually run. 

 

January 2022

In January, a repetition of our English-language cybersecurity series started on openHPI with the course Confidential Communication in the Internet.

Join the Team!

Teaching

Sommer Semester 2024

Winter Semester 2023/44

  • Bachelor Seminar: Big Data Security Analytics
  • Master Seminar: Network Security in Practice
  • Master Project
    • Towards Red Team Exercising

Team

  • Supervisor: Prof. Dr. sc. nat., Dr. rer. nat. Christoph Meinel
  • Head & Senior Researcher: Dr. rer. nat. Feng Cheng
  • PostDoc/PhD Students/Research Assistants:
    • Dr.-Ing.Pejman Najafi
    • Eric Klieme, M.Sc.
    • Alexander Mühle, M.Sc.
    • Daniel Köhler, M.Eng.
    • Mehryar Majd, M.Sc.
    • Farzad Motlagh, M.Sc.
    • Mehrdad Hajizadeh, M.Sc. (Visiting PhD Student, TU Chemnitz)
    • Dominic Schaa (Master student assistant)
    • Jonas Schmitz (ongoing Master thesis)
    • Lars Prepens (ongoing Master thesis)
    • Lieven Leue (ongoing Master thesis)
    • Mohamed Budagow (ongoing Master thesis)
  • External PhD Students: 
    • Hendrik Graupner M.Sc. (with Bundesdruckerei GmbH)
    • Kennedy Torkura, M.Sc. (external, Mitigant GmbH, Potsdam)
    • Kaja Schmidt, M.Sc. (with European Commision)
  • Former Team Members