Potsdam. On the occasion of the Potsdam Conference on National Cyber Security, the Hasso Plattner Institute has presented a new database showing the vulnerabilities breaches in complex computer systems and networks. Currently, there are more than 55,000 registered vulnerability entries, related to over 140,000 programs. The database is available to everyone on the Internet at http://hpi-vdb.de, and is updated daily with the latest information on global threats. The most interesting feature is: this diverse information, often expressed in natural language, is converted into a uniform, machine-readable form and then centralized into the high performance database by the HPI research group, “Internet Technologies and Systems”.
“Thanks to our platform, the information is prepared in such a way that everyone can get a comprehensive list of the security breaches that apply to his or her own personal hardware and software equipment along with graphics of possible attack scenarios,” said HPI director Prof. Christoph Meinel. In this way, HPI wants to inform users about impending attacks on their IT infrastructure that target areas of vulnerability and error and thereby contribute to user protection.
Use of the „HPI-VDB: Database for IT Attack Analysis“ is free of charge. The database continuously collects data from public security related websites, portals of other vulnerability databases, and security pages of major Software vendors, e.g., NVD, CPE, OSVDB, Secunia, SecurityFocus, Microsoft Security Bulletins, Google Security Notes, SAP Security Notes, etc. It also supports various search mechanisms. Ordinary users can simply input the name or keyword of the software to search for all the vulnerabilities entries relevant to their input. Professional users can utilize searching based on CVE-ID, CPE-ID, and CWE-ID to get more accurate results. Registered users can also export the data in different format or directly use the provided API for their development work. The adoption and the deployment of the new In-Memory data management technology, i.e., SAP HANA database, make it possible for end users to do vulnerability browsing, searching, visualization, and analytics in very short time.
“With automatically generated graphics showing the vulnerability potential, we developed a new effective method to model, analyze and evaluate the security of complex IT systems and networks,” said Meinel. In the future, with just pressing a button, registered HPI database users will be able to get security information about the hardware and software they use and also advice on what needs to be done to protect against attacks. To recognize impending attacks, the HPI platform links the identified and collected information on the run-time behavior of the target system and network with the evaluated descriptions of known vulnerabilities from the HPI-VDB database.
Profile of Hasso Plattner Institute
The Hasso Plattner Institute for Software Systems Engineering GmbH (HPI) in Potsdam is Germany’s university excellence center for IT Systems Engineering. It is the only university institution in Germany offering bachelor and master programs in “IT Systems Engineering” – a practical and engineering-oriented study program in computer science, in which currently 450 students are enrolled. The HPI School of Design Thinking is Europe’s first innovation school and is based on the Stanford model of the d.school. It offers 240 places for a supplementary study. There are a total of ten HPI professors and over 50 guest professors, lecturers and contracted teachers at the Institute. HPI carries out research noted for its high standard of excellence in its nine topic areas, as well as at the HPI Research School for PhD candidates, with its further research branches in Cape Town, Haifa and Nanjing. HPI teaching and research focuses on the foundation and application of large-scale, highly complex and interconnected IT systems. The development and exploration of user-driven innovations for all sectors of life is an additional area of importance. HPI always earns the highest positions in the CHE university ranking. Since September 2012, HPI has provided an interactive Internet learning platform - openhpi.de. Its free, open online courses are available to everyone.