Conference Papers on "Security and Trust Engineering" at the Chair of Prof. Dr. Christoph Meinel

2021 [ nach oben ]

1.
Koehler, D., Serth, S., Meinel, C.: Consuming Security: Evaluating Podcasts to Promote Online Learning Integrated with Everyday Life. 2021 World Engineering Education Forum/Global Engineering Deans Council (WEEF/GEDC). pp. 476–481. IEEE, Madrid, Spain (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Traditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.
@inproceedings{koehlerConsumingSecurityEvaluating2021, abstract = {Traditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.}, address = {{Madrid, Spain}}, author = {Koehler, Daniel and Serth, Sebastian and Meinel, Christoph}, booktitle = {2021 {{World Engineering Education Forum}}/{{Global Engineering Deans Council}} ({{WEEF}}/{{GEDC}})}, keywords = {myown webuniversity its}, month = {nov}, pages = {476–481}, publisher = {{IEEE}}, title = {Consuming {{Security}}: {{Evaluating Podcasts}} to {{Promote Online Learning Integrated}} with {{Everyday Life}}}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/WEEF/GEDC53299.2021.9657464
AbstractTraditional (online) teaching approaches put the student into a video-based, classroom-like situation. When asked to reproduce the content, the student can consciously remember what he learned and answer accordingly. Contrasting, knowledge of IT-security aspects requires sensitization for the topic throughout the daily life of a learner. We learned from interactions with former learners that they sometimes found themselves in situations where they - despite knowing better - still behaved in an undesired way. We thereby conclude that the classroom-based presentation of knowledge in Massive Open Online Courses (MOOCs) is not sufficient for the field of IT-Security Education. Therefore, this work presents an approach to a study to assess and analyze different audio-based methods of conveying knowledge, which can integrate into a learner's everyday life. In the spirit of Open Research, we therefore publish our research questions and chosen methods in order to discuss these within the community. Following, we will study the perception of the proposed education methods by learners and suggest possible improvements for subsequent research.

2.
Ehrmann, L., Stolle, M., Klieme, E., Tietz, C., Meinel, C.: Detecting Interaction Activities While Walking Using Smartphone Sensors. In: Barolli, L., Woungang, I., and Enokido, T. (eds.) Advanced Information Networking and Applications. pp. 382–393. Springer (2021).
[ BibTeX ] [ Details ]
 
@conference{noauthororeditor, author = {Ehrmann, Lukas and Stolle, Marvin and Klieme, Eric and Tietz, Christian and Meinel, Christoph}, booktitle = {Advanced Information Networking and Applications}, editor = {Barolli, Leonard and Woungang, Isaac and Enokido, Tomoya}, keywords = {seceng-security-tech myown smartphone detection activity seceng-secure-identities its interaction human seceng-biometric-authentication}, pages = {382-393}, publisher = {Springer}, title = {Detecting Interaction Activities While Walking Using Smartphone Sensors}, year = 2021 }
Weitere Informationen
HerausgeberBarolli, Leonard and Woungang, Isaac and Enokido, Tomoya
URNhttp://dx.doi.org/10.1007/978-3-030-75075-6_31

3.
Koehler, D., Klieme, E., Kreuseler, M., Cheng, F., Meinel, C.: Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords. Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021). IEEE (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{koehler2021assessment, author = {Koehler, Daniel and Klieme, Eric and Kreuseler, Matthias and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021)}, keywords = {authentication biometric smartphones seceng-biometric-authentication remote}, month = {January}, publisher = {IEEE}, series = {IProceedings of the EEE International Conference on Cryptography, Security and Privacy}, title = {Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords}, year = 2021 }
Weitere Informationen

4.
Koehler, D., Klieme, E., Kreuseler, D., Cheng, F., Meinel, C.: Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords. Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021). IEEE (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{noauthororeditor2021assessment, author = {Koehler, Daniel and Klieme, Eric and Kreuseler, Daniel and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021)}, keywords = {seceng-security-tech authentication biometric myown seceng-secure-identities its smartphones seceng-biometric-authentication remote}, month = {January}, publisher = {IEEE}, series = {IProceedings of the EEE International Conference on Cryptography, Security and Privacy}, title = {Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords}, year = 2021 }
Weitere Informationen

5.
Klieme, E., Trenz, P., Paeschke, D., Tietz, C., Meinel, C.: DoorCollect: Towards a Smart Door Handle for User Identification based on a Data Collection System for unsupervised Long-Term Experiments. 2021 IEEE Symposium on Computers and Communications (ISCC). pp. 1–7 (2021).
[ BibTeX ] [ Details ]
 
@inproceedings{9631517, author = {Klieme, Eric and Trenz, Philipp and Paeschke, Daniel and Tietz, Christian and Meinel, Christoph}, booktitle = {2021 IEEE Symposium on Computers and Communications (ISCC)}, keywords = {door seceng-secure-identities its data collection biometrics seceng-security-tech authentication behavioral unsupervised seceng-biometric-authentication}, pages = {1-7}, title = {DoorCollect: Towards a Smart Door Handle for User Identification based on a Data Collection System for unsupervised Long-Term Experiments}, year = 2021 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISCC53001.2021.9631517

6.
Grüner, A., Mühle, A., Meinel, C.: On the Structure and Assessment of Trust Models in Attribute Assurance. Proceedings of the 35th International Conference on Advanced Information Networking and Applications. Springer, Toronto, Canada (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Online services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.
@inproceedings{gruner2021structure, abstract = {Online services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.}, address = {Toronto, Canada}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 35th International Conference on Advanced Information Networking and Applications}, keywords = {assurance myown identity attribute trust}, publisher = {Springer}, title = {On the Structure and Assessment of Trust Models in Attribute Assurance}, year = 2021 }
Weitere Informationen
AbstractOnline services fundamentally rely on identity management to secure and personalize their presence. Within identity management, attribute assurance techniques target correctness and validity of attributes. These properties are an essential foundation for service provisioning in digital businesses. A myriad of attribute assurance trust models has been published. However, a superior trust model from the various proposals has not been discriminated. Additionally, a profound assessment is challenging due to a missing general notation and approach. In this paper, we work towards the structural characteristics of a secure trust model. To achieve this, we analyze common elements of attribute assurance trust models and outline differentiating factors compared to other domains. Based on the key components, we propose a formal meta-framework to depict existing trust models. Using the framework, characteristics and security attacks of these trust schemes are elaborated. As an outcome, we can conclude that a secure trust model depends on an attack-resistant trust function that considers high trust values and several attestation issuers.

7.
Grüner, A., Mühle, A., Meinel, C.: Analyzing Interoperability and Portability Concepts for Self-Sovereign Identity. Proceedings of the 2021 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (accepted). IEEE, Shenyang, China (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.
@inproceedings{gruner2021analyzing, abstract = {The Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.}, address = {Shenyang, China}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 2021 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (accepted)}, keywords = {myown blockchain identity ssi decentralized trust}, publisher = {IEEE}, title = {Analyzing Interoperability and Portability Concepts for Self-Sovereign Identity}, year = 2021 }
Weitere Informationen
AbstractThe Self-Sovereign Identity (SSI) paradigm postulates global unique identities that are controlled by the user. To achieve a widespread applicability, the emphasized interoperability principle supports the proclaimed ambition. Furthermore, identity portability enables the transfer of the identity to another SSI solution. These axioms gain additional momentum due to the development of numerous implementations. In this paper, we examine interoperability and portability concepts for SSI. Initially, we define these principles regarding the blockchainbased SSI model. Subsequently, we outline assessment criteria considering functional scope, governance/ trust, scalability and further characteristics. For interoperability, we evaluate the concepts of protocol and standard, broker, hub and pairing. Besides that, we assess the transformer and auxiliary solutions for portability. We can conclude that all interoperability schemes provide the maximum functional level theoretically. In contrast, portability patterns are fragmented in this regard. Nonetheless, protocol and standards can only be applied in the design phase, whereas broker, hub, pairing, transformer and auxiliary solutions enable interoperability, respectively portability post-deployment of the SSI system.

8.
Grüner, A., Mühle, A., Meinel, C.: ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider. IEEE Access. 9, 138553–138570 (2021).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.
@article{gruner2021design, abstract = {Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, journal = {IEEE Access}, keywords = {assurance myown blockchain identity ssi attribute trust}, pages = {138553 - 138570}, title = {ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider}, volume = 9, year = 2021 }
Weitere Informationen
AbstractIdentity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self- Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers.We propose an Attribute Trustenhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users.

2020 [ nach oben ]

1.
Klieme, E., Wilke, J., van Dornick, N., Meinel, C.: FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). pp. 1857–1867 (2020).
[ BibTeX ] [ Details ]
 
@inproceedings{9343231, author = {Klieme, Eric and Wilke, Jonathan and van Dornick, Niklas and Meinel, Christoph}, booktitle = {2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)}, keywords = {seceng-security-tech authentication myown smartphone seceng-secure-identities continuous its behavioral webauthn seceng-biometric-authentication FIDO2}, pages = {1857-1867}, title = {FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication}, year = 2020 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/TrustCom50675.2020.00254

2.
Tietz, C., Klieme, E., Brabender, R., Lasarow, T., Rambold, L., Meinel, C.: Under Pressure: Pushing Down on Me - Touch Sensitive Door Handle to Identify Users at Room Entry. In: Samarati, P., di Vimercati, S.D.C., Obaidat, M.S., and Ben-Othman, J. (eds.) Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 - Volume 2: SECRYPT, Lieusaint, Paris, France, July 8-10, 2020. pp. 565–571. ScitePress (2020).
[ BibTeX ] [ Details ]
 
@inproceedings{DBLP:conf/icete/TietzKBLRM20, author = {Tietz, Christian and Klieme, Eric and Brabender, Rachel and Lasarow, Theresa and Rambold, Lukas and Meinel, Christoph}, booktitle = {Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, {ICETE} 2020 - Volume 2: SECRYPT, Lieusaint, Paris, France, July 8-10, 2020}, editor = {Samarati, Pierangela and di Vimercati, Sabrina De Capitani and Obaidat, Mohammad S. and Ben{-}Othman, Jalel}, keywords = {seceng-security-tech authentication myown door seceng-secure-identities handle its behavioral touch interaction seceng-biometric-authentication}, pages = {565–571}, publisher = {ScitePress}, title = {Under Pressure: Pushing Down on Me - Touch Sensitive Door Handle to Identify Users at Room Entry}, year = 2020 }
Weitere Informationen
HerausgeberSamarati, Pierangela and di Vimercati, Sabrina De Capitani and Obaidat, Mohammad S. and Ben-Othman, Jalel
URNhttp://dx.doi.org/10.5220/0009818805650571

3.
Grüner, A., Mühle, A., Meinel, C.: A Taxonomy of Trust Models for Attribute Assurance in Identity Management. Proceedings of the Workshops of the International 34th Conference on Advanced Information Networking and Applications. Springer, Caserta, Italy (2020).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Attribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.
@conference{gruner2020taxonomy, abstract = {Attribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.}, address = {Caserta, Italy}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the Workshops of the International 34th Conference on Advanced Information Networking and Applications}, keywords = {assurance myown identity attribute trust}, publisher = {Springer}, title = {A Taxonomy of Trust Models for Attribute Assurance in Identity Management}, year = 2020 }
Weitere Informationen
AbstractAttribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.

2019 [ nach oben ]

1.
Najafi, P., Mühle, A., Pünter, W., Cheng, F., Meinel, C.: MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs. Proceedings of the 35th Annual Computer Security Applications Conference. pp. 417–429. ACM (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.
@inproceedings{najafi2019malrank, abstract = {In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.}, author = {Najafi, Pejman and M{ü}hle, Alexander and P{ü}nter, Wenzel and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 35th Annual Computer Security Applications Conference}, keywords = {seceng-security-tech myown seceng-security-analytics big-data security graph-mining}, organization = {ACM}, pages = {417–429}, title = {MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs}, year = 2019 }
Weitere Informationen
AbstractIn this paper, we formulate threat detection in SIEM environments as a large-scale graph inference problem. We introduce a SIEM- based knowledge graph which models global associations among entities observed in proxy and DNS logs, enriched with related open-source intelligence (OSINT) and cyber threat intelligence (CTI). Next, we propose MalRank, a graph-based inference algorithm designed to infer a node maliciousness score based on its associations to other entities presented in the knowledge graph, e.g., shared IP ranges or name servers. After a series of experiments on real-world data captured from a global enterprise’s SIEM (spanning over 3TB of disk space), we show that MalRank maintains a high detection rate (AUC = 96%) outperforming its predecessor, Belief Propagation, both in terms of accuracy and efficiency. Furthermore, we show that this approach is effective in identifying previously unknown malicious entities such as malicious domain names and IP addresses. The system proposed in this research can be implemented in conjunction with an organization’s SIEM, providing a maliciousness score for all observed entities, hence aiding SOC investigations.

2.
Bock, B., Matysik, J.-T., Krentz, K.-F., Meinel, C.: Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
[ Abstract ] [ BibTeX ] [ Details ]
 
While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
@conference{bock2019layer, abstract = {While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.}, address = {Limerick, Ireland}, author = {Bock, Benedikt and Matysik, Jan-Tobias and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme}, year = 2019 }
Weitere Informationen
AbstractWhile the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.

3.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Comparative Analysis of Trust Requirements in Decentralized Identity Management. Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications. Springer, Matsue, Japan (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
@inproceedings{gruner2019comparative, abstract = {Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.}, address = {Matsue, Japan}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications}, keywords = {myown blockchain identity its decentralized requirements security trust}, publisher = {Springer}, title = {A Comparative Analysis of Trust Requirements in Decentralized Identity Management}, year = 2019 }
Weitere Informationen
AbstractIdentity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.

4.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2019slingshot, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {myown incident-response threat-detection cloud-security security}, publisher = {IEEE}, title = {SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems}, type = {Publication}, year = 2019 }
Weitere Informationen

5.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: Security Chaos Engineering for Cloud Services. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2019security, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {resilient-architecutures myown cloud-security its chaos-engineering security}, publisher = {IEEE}, title = {Security Chaos Engineering for Cloud Services}, year = 2019 }
Weitere Informationen

6.
Grüner, A., Mühle, A., Meinel, C.: An Integration Architecture to Enable Service Providers for Self-sovereign Identity. Proceedings of the 18th. International Symposium on Network Computing and Applications. IEEE, Boston, MA (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.
@inproceedings{gruner2019integration, abstract = {The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.}, address = {Boston, MA}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 18th. International Symposium on Network Computing and Applications}, keywords = {myown blockchain identity ssi decentralized trust}, publisher = {IEEE}, title = {An Integration Architecture to Enable Service Providers for Self-sovereign Identity}, year = 2019 }
Weitere Informationen
AbstractThe self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.

7.
Seidel, F., Krentz, K.-F., Meinel, C.: Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
[ Abstract ] [ BibTeX ] [ Details ]
 
Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.
@conference{seidel2019enroute, abstract = {Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.}, address = {Limerick, Ireland}, author = {Seidel, Felix and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers}, year = 2019 }
Weitere Informationen
AbstractDevices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.

8.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Identifying Data Exposure Across Distributed High-Dimensional Health Data Silos through Bayesian Networks Optimised by Multigrid and Manifold. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). pp. 556–563. IEEE (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019identifying, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)}, keywords = {imported}, organization = {IEEE}, pages = {556–563}, title = {Identifying Data Exposure Across Distributed High-Dimensional Health Data Silos through Bayesian Networks Optimised by Multigrid and Manifold}, year = 2019 }
Weitere Informationen

9.
Podlesny, N.J., Kayem, A.V., Meinel, C., Jungmann, S.: How Data Anonymisation Techniques influence Disease Triage in Digital Health: A Study on Base Rate Neglect. Proceedings of the 9th International Conference on Digital Public Health. pp. 55–62. ACM (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019data, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph and Jungmann, Sven}, booktitle = {Proceedings of the 9th International Conference on Digital Public Health}, keywords = {imported}, organization = {ACM}, pages = {55–62}, title = {How Data Anonymisation Techniques influence Disease Triage in Digital Health: A Study on Base Rate Neglect}, year = 2019 }
Weitere Informationen

10.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization. Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. pp. 109–119. ACM (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019attribute, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy}, keywords = {imported}, organization = {ACM}, pages = {109–119}, title = {Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization}, year = 2019 }
Weitere Informationen

11.
Podlesny, N.J., Kayem, A.V., Meinel, C.: Towards Identifying De-anonymisation Risks in Distributed Health Data Silos. International Conference on Database and Expert Systems Applications. pp. 33–43. Springer (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{podlesny2019towards, author = {Podlesny, Nikolai J and Kayem, Anne VDM and Meinel, Christoph}, booktitle = {International Conference on Database and Expert Systems Applications}, keywords = {imported}, organization = {Springer}, pages = {33–43}, title = {Towards Identifying De-anonymisation Risks in Distributed Health Data Silos}, year = 2019 }
Weitere Informationen

12.
Grüner, A., Mühle, A., Meinel, C.: Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance. Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence in Cyber Security. IEEE, Xiamen, China (2019).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
@inproceedings{gruner2019using, abstract = {Identity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.}, address = {Xiamen, China}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence in Cyber Security}, keywords = {myown blockchain identity aggregation attribute trust}, publisher = {IEEE}, title = {Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance}, year = 2019 }
Weitere Informationen
AbstractIdentity management is an essential cornerstone of securing online services. Service provisioning relies on correct and valid attributes of a digital identity. Therefore, the identity provider is a trusted third party with a specific trust requirement towards a verified attribute supply. This trust demand implies a significant dependency on users and service providers. We propose a novel attribute aggregation method to reduce the reliance on one identity provider. Trust in an attribute is modelled as a combined assurance of several identity providers based on probability distributions. We formally describe the proposed aggregation model. The resulting trust model is implemented in a gateway that is used for authentication with self-sovereign identity solutions. Thereby, we devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.

13.
Tietz, C., Klieme, E., Behrendt, L., Böning, P., Marschke, L., Meinel, C.: Verification of Keyboard Acoustics Authentication on Laptops and Smartphones Using WebRTC. 2019 3rd Cyber Security in Networking Conference (CSNet). pp. 130–137 (2019).
[ BibTeX ] [ Details ]
 
@inproceedings{9108962, author = {Tietz, Christian and Klieme, Eric and Behrendt, Lukas and Böning, Pawel and Marschke, Leonard and Meinel, Christoph}, booktitle = {2019 3rd Cyber Security in Networking Conference (CSNet)}, keywords = {seceng-security-tech authentication myown smartphone seceng-secure-identities sound its behavioral typing seceng-biometric-authentication laptop}, pages = {130-137}, title = {Verification of Keyboard Acoustics Authentication on Laptops and Smartphones Using WebRTC}, year = 2019 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSNet47905.2019.9108962

2018 [ nach oben ]

1.
Torkura, K.A., Sukmana, M.I., Meinig, M., Graupner, H., Cheng, F., Meinel, C.: A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems. 16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018). IEEE/IFIP (2018).
[ Abstract ] [ BibTeX ] [ Details ]
 
Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.
@inproceedings{a2017threat, abstract = {Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinig, Michael and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018)}, keywords = {myown cloud-storage threat-analysis cloud-security its}, publisher = {IEEE/IFIP}, series = {NOMS}, title = {A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems}, year = 2018 }
Weitere Informationen
AbstractCloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.

2.
Torkura, K. .A, Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018). IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018csbauditor, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018)}, keywords = {myown assessments cloud-security its}, publisher = {IEEE}, title = {CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems}, year = 2018 }
Weitere Informationen

3.
Krentz, K.-F., Meinel, C., Graupner, H.: Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018). Junction, Madrid, Spain (2018).
[ Abstract ] [ BibTeX ] [ Details ]
 
Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
@conference{krentz2018denialofsleepresilient, abstract = {Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.}, address = {Madrid, Spain}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018)}, keywords = {myown iot}, publisher = {Junction}, title = {Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive}, year = 2018 }
Weitere Informationen
AbstractBattery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.

4.
Torkura, K. .A, Sukmana, M.I.H., Meinig, M., Kayem, A., Cheng, F., Graupner, H., Meinel, C.: Securing Cloud Storage Brokerage Systems through Threat Models. The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018). IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkuara2018securing, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Meinig, Michael and Kayem, Anne and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018)}, keywords = {myown threat-analysis its security}, publisher = {IEEE}, title = {Securing Cloud Storage Brokerage Systems through Threat Models}, year = 2018 }
Weitere Informationen

5.
Torkura, K. .A, Sukmana, M.I.H., Cheng, F., Meinel, C.: CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era. 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018). Springer (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018cavas, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018)}, keywords = {myown cloud-security its microservices-security container-security}, publisher = {Springer}, title = {CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era}, year = 2018 }
Weitere Informationen

6.
Torkura, K. .A, Sukmana, M.I.H., Kayem, A.V., Cheng, F., Meinel, C.: A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures. 32nd IEEE International Symposium on Parallel and Distributed Processing with Applications. IEEE (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{noauthororeditor2018cyber, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Kayem, Anne VDM and Cheng, Feng and Meinel, Christoph}, booktitle = {32nd IEEE International Symposium on Parallel and Distributed Processing with Applications}, keywords = {myown security-risk-analysis cloud-security its security}, publisher = {IEEE}, title = {A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures}, year = 2018 }
Weitere Informationen

7.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: Towards a Blockchain-based Identity Provider. Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies. IARIA, Venice, Italy (2018).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.
@inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel09/2018, abstract = {The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.}, address = {Venice, Italy}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies}, keywords = {myown blockchain identity Ethereum}, publisher = {IARIA}, title = {Towards a Blockchain-based Identity Provider}, year = 2018 }
Weitere Informationen
AbstractThe emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.

8.
Torkura, K. .A, Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: Defeating Malicious Intrusions in Multi-Cloud Storage Systems. Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018. Hasso Plattner Institute, Potsdam, Germany (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{torkura2018defeating, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018}, keywords = {risk-assessment myown cloud-security its}, publisher = {Hasso Plattner Institute, Potsdam, Germany}, series = {Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam}, title = {Defeating Malicious Intrusions in Multi-Cloud Storage Systems}, year = 2018 }
Weitere Informationen

9.
Klieme, E., Tietz, C., Meinel, C.: Beware of SMOMBIES: Verification of Users Based on Activities While Walking. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). pp. 651–660 (2018).
[ BibTeX ] [ Details ]
 
@inproceedings{klieme2019smombies, author = {Klieme, Eric and Tietz, Christian and Meinel, Christoph}, booktitle = {2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)}, keywords = {myown seceng-secure-identities its data collection gyroscope seceng-security-tech authentication gait accelerometer behavioral machine sensor vector support seceng-biometric-authentication}, month = {aug}, pages = {651-660}, title = {Beware of SMOMBIES: Verification of Users Based on Activities While Walking}, year = 2018 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/TrustCom/BigDataSE.2018.00096

10.
Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Quantifiable Trust Model for Blockchain-Based Identity Management. Proceedings of the 2018 International Conference on Blockchain. IEEE, Halifax, Canada (2018).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.
@inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel07/2018, abstract = {Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.}, address = {Halifax, Canada}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 2018 International Conference on Blockchain}, keywords = {Blockchain myown identity trust}, publisher = {IEEE}, title = {A Quantifiable Trust Model for Blockchain-Based Identity Management}, year = 2018 }
Weitere Informationen
AbstractRemoving the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.

2017 [ nach oben ]

1.
Krentz, K.-F., Meinel, C., Graupner, H.: Countering Three Denial-of-Sleep Attacks on ContikiMAC. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017). Junction, Uppsala, Sweden (2017).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2017_Krentz_EWSN, address = {Uppsala, Sweden}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017)}, keywords = {its}, publisher = {Junction}, title = {Countering Three Denial-of-Sleep Attacks on ContikiMAC}, year = 2017 }
Weitere Informationen

2.
Torkura, K.A., Sukmana, M.I., Cheng, F., Meinel, C.: Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications. Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud). IEEE (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.
@conference{torkura2017leveraging, abstract = {This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.}, author = {Torkura, Kennedy A and Sukmana, Muhammad IH and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud)}, keywords = {myown its}, month = {23 Nov 2017}, publisher = {IEEE}, title = {Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SmartCloud.2017.21
AbstractThis paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.

3.
Krentz, K.-F., Meinel, C., Graupner, H.: Secure Self-Seeding with Power-Up SRAM States. Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017). IEEE, Heraklion, Greece (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
@inproceedings{2017_Krentz_ISCC, abstract = {Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.}, address = {Heraklion, Greece}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017)}, keywords = {its}, publisher = {IEEE}, title = {Secure Self-Seeding with Power-Up SRAM States}, year = 2017 }
Weitere Informationen
AbstractGenerating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.

4.
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages. Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM Press, New York, NY, USA (2017).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
@inproceedings{seitzEnablingEnRouteFiltering2017, abstract = {IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.}, address = {New York, NY, USA}, author = {Seitz, Klara and Serth, Sebastian and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017)}, keywords = {myown its IoT}, month = {02}, organization = {ACM Press}, publisher = {ACM Press}, series = {SenSys '17}, title = {Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/3131672.3136960
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.

5.
Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages. 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM, Delft, The Netherlands (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
@conference{seitz2017abstract, abstract = {IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.}, address = {Delft, The Netherlands}, author = {Seitz, Klara and Serth, Sebastian and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017)}, keywords = {IoT}, publisher = {ACM}, title = {Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages}, year = 2017 }
Weitere Informationen
AbstractIoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.

6.
Krentz, K.-F., Meinel, C., Graupner, H.: More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization. Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017). Springer, Nancy, France (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
@conference{krentz2017lightweight, abstract = {802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.}, address = {Nancy, France}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017)}, keywords = {myown IoT}, publisher = {Springer}, title = {More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization}, year = 2017 }
Weitere Informationen
Abstract802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.

7.
Torkura, K.A., Sukmana, M.I., Meinel, C.: Integrating Continuous Security Assessments in Microservices and Cloud Native Applications. Proceedings of the10th International Conference on Utility and Cloud Computing. pp. 171–180. ACM (2017).
[ Abstract ] [ BibTeX ] [ Details ]
 
Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.
@inproceedings{atorkura2017integrating, abstract = {Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinel, Christoph}, booktitle = {Proceedings of the10th International Conference on Utility and Cloud Computing}, keywords = {myown assessments its security}, organization = {IEEE/CM}, pages = {171–180}, publisher = {ACM}, series = {UCC '17}, title = {Integrating Continuous Security Assessments in Microservices and Cloud Native Applications}, year = 2017 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/3147213.3147229
AbstractCloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.

8.
Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Classification using Machine Learning. Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017). Springer (2017).
[ BibTeX ] [ Details ]
 
@inproceedings{gawron2017automatic, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017)}, keywords = {security}, publisher = {Springer}, title = {Automatic Vulnerability Classification using Machine Learning}, year = 2017 }
Weitere Informationen

9.
Najafi, P., Sapegin, A., Cheng, F., Meinel, C.: Guilt-by-Association: Detecting Malicious Entities via Graph Mining. International Conference on Security and Privacy in Communication Systems. pp. 88–107. Springer (2017).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
In this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.
@inproceedings{najafi2017guilt, abstract = {In this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.}, author = {Najafi, Pejman and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {International Conference on Security and Privacy in Communication Systems}, keywords = {seceng-security-tech myown seceng-security-analytics big-data security graph-mining}, organization = {Springer}, pages = {88–107}, title = {Guilt-by-Association: Detecting Malicious Entities via Graph Mining}, year = 2017 }
Weitere Informationen
AbstractIn this paper, we tackle the problem of detecting malicious domains and IP addresses using graph inference. In this regard, we mine proxy and DNS logs to construct an undirected graph in which vertices represent domain and IP address nodes, and the edges represent relationships describing an association between those nodes. More specifically, we investigate three main relationships: subdomainOf, referredTo, andresolvedTo. We show that by providing minimal ground truth information, it is possible to estimate the marginal probability of a domain or IP node being malicious based on its association with other malicious nodes. This is achieved by adopting belief propagation, i.e., an efficient and popular inference algorithm used in probabilistic graphical models. We have implemented our system in Apache Spark and evaluated using one day of proxy and DNS logs collected from a global enterprise spanning over 2 terabytes of disk space. In this regard, we show that our approach is not only efficient but also capable of achieving high detection rate (96% TPR) with reasonably low false positive rates (8% FPR). Furthermore, it is also capable of fixing errors in the ground truth as well as identifying previously unknown malicious domains and IP addresses. Our proposal can be adopted by enterprises to increase both the quality and the quantity of their threat intelligence and blacklists using only proxy and DNS logs.

2016 [ nach oben ]

1.
Krentz, K.-F., Meinel, C., Schnjakin, M.: POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames. Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016). IEEE, Salzburg, Austria (2016).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2016_Krentz_ARES, address = {Salzburg, Austria}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Schnjakin, Maxim}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016)}, keywords = {its}, publisher = {IEEE}, title = {POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ARES.2016.7

2.
Jaeger, D., Pelchen, C., Graupner, H., Cheng, F., Meinel, C.: Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use. Proceedings of the 11th International Conference on Passwords (PASSWORDS2016). Springer, Bochum, Germany (2016).
[ BibTeX ] [ Details ]
 
@inproceedings{2016_Jaeger_PASSWORDS, address = {Bochum, Germany}, author = {Jaeger, David and Pelchen, Chris and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Passwords (PASSWORDS2016)}, keywords = {its}, month = 12, publisher = {Springer}, title = {Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use}, year = 2016 }
Weitere Informationen

3.
Amirkhanyan, A., Meinel, C.: Visualization and Analysis of Public Social Geodata to Provide Situational Awareness. Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016). IEEE, Chiang Mai, Thailand (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.
@inproceedings{2016_Amirkhanyan_ICACI, abstract = {Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.}, address = {Chiang Mai, Thailand}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016)}, keywords = {visualization big_data its location-based_social_network geodata situational_awareness}, month = 2, publisher = {IEEE}, title = {Visualization and Analysis of Public Social Geodata to Provide Situational Awareness}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICACI.2016.7449805
AbstractNowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.

4.
Amirkhanyan, A., Meinel, C.: Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness. Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly. Springer, Swansea, Wales, UK (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.
@inproceedings{2016_Amirkhanyan_I3E, abstract = {In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.}, address = {Swansea, Wales, UK}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly}, keywords = {public_safety_awareness geotagged_data big_data its georeferenced_data location-based_social_networks analysis situational_awareness statistics}, month = 9, publisher = {Springer}, title = {Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness}, year = 2016 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-319-45234-0
AbstractIn the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.

5.
Torkura, K., Meinel, C.: Towards Vulnerability Assessment as a Service in OpenStack Clouds. Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN). IEEE, Dubai, UAE (2016).
[ Abstract ] [ BibTeX ] [ Details ]
 
Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.
@inproceedings{Kennedy2016a, abstract = {Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.}, address = {Dubai, UAE}, author = {Torkura, Kennedy and Meinel, Christoph}, booktitle = {Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN)}, keywords = {vulnerability_assessment its Cloud_Security Security_as_a_Service cloud-specific_vulnerabilities}, publisher = {IEEE}, title = {Towards Vulnerability Assessment as a Service in OpenStack Clouds}, year = 2016 }
Weitere Informationen
AbstractEfforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.

2015 [ nach oben ]

1.
Cheng, F., Sapegin, A., Gawron, M., Meinel, C.: Analyzing Boundary Device Logs on the In-Memory Platform. Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.
@inproceedings{Feng2015a, abstract = {The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.}, author = {Cheng, Feng and Sapegin, Andrey and Gawron, Marian and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15)}, keywords = {its}, publisher = {IEEE}, title = {Analyzing Boundary Device Logs on the In-Memory Platform}, year = 2015 }
Weitere Informationen
AbstractThe boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.

2.
Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP’15) (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
@inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, year = 2015 }
Weitere Informationen
AbstractAn important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.

3.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Passive Network Monitoring using REAMS. Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015). pp. 205–215. Sprinter, Pattaya, Thailand (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{2015_ICISA_AZODI, address = {Pattaya, Thailand}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015)}, keywords = {its}, month = 2, pages = {205-215}, publisher = {Sprinter}, series = {LNEE}, title = {Passive Network Monitoring using REAMS}, volume = 339, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-662-46578-3_24

4.
Elsaid, M.E., Meinel, C.: Friendship based Storage Allocation for Online Social Networks Cloud Computing. Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015). IEEE Press, Marrakesh, Morrocco (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{2015_Esam_CloudTech, address = {Marrakesh, Morrocco}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015)}, keywords = {its}, month = 6, publisher = {IEEE Press}, title = {Friendship based Storage Allocation for Online Social Networks Cloud Computing}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CloudTech.2015.7336970

5.
Krentz, K.-F., Meinel, C.: Handling Reboots and Mobility in 802.15.4 Security. Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015). ACM, Los Angeles, CA, USA (2015).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2015_Krentz_ACSAC, address = {Los Angeles, CA, USA}, author = {Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015)}, keywords = {its}, publisher = {ACM}, title = {Handling Reboots and Mobility in 802.15.4 Security}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2818000.2818002

6.
Sapegin, A., Amirkhanyan, A., Gawron, M., Cheng, F., Meinel, C.: Poisson-based Anomaly Detection for Identifying Malicious User Behaviour. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN’15). Springer (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.
@inproceedings{Andrey2015b, abstract = {Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.}, author = {Sapegin, Andrey and Amirkhanyan, Aragats and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {authentication intrusion_detection its user_behaviour anomaly_detection}, publisher = {Springer}, title = {Poisson-based Anomaly Detection for Identifying Malicious User Behaviour}, year = 2015 }
Weitere Informationen
AbstractNowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.

7.
Ussath, M., Cheng, F., Meinel, C.: Concept for a Security Investigation Framework. Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15) (2015).
[ BibTeX ] [ Details ]
 
@inproceedings{Martin2015a, author = {Ussath, Martin and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15)}, keywords = {its}, title = {Concept for a Security Investigation Framework}, year = 2015 }
Weitere Informationen

8.
Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143–148. IEEE Press, Lodz, Poland (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
@inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {cloud trust}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSCESM.2015.7331883
AbstractIn the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).

9.
Torkura, K.A., Cheng, F., Meinel, C.: A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks
@inproceedings{2015_Torkura_ICITST, abstract = {Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITST.2015.7412055
AbstractVulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks

10.
Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP’15). pp. 237–248. Springer Internation Publishing (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
@inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, pages = {237-248}, publisher = {Springer Internation Publishing}, series = {Lecture Notes in Computer Science}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, volume = 9311, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-319-24018-3_15
AbstractAn important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.

11.
Torkura, K.A., Cheng, F., Meinel, C.: Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment. Journal of Internet Technology and Secured Transactions. 4, (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time
@article{Kennedy2015a, abstract = {The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time}, author = {Torkura, Kennedy A. and Cheng, Feng and Meinel, Christoph}, journal = {Journal of Internet Technology and Secured Transactions}, keywords = {its}, organization = {infonomics Society}, title = {Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment}, volume = 4, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.20533/jitst.2046.3723.2015.0049
AbstractThe current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time

12.
Azodi, A., Gawron, M., Sapegin, A., Cheng, F., Meinel., C.: Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN’15). Springer (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.
@inproceedings{Amir2015a, abstract = {Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.}, author = {Azodi, Amir and Gawron, Marian and Sapegin, Andrey and Cheng, Feng and Meinel., Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {Traffic_Classification Machine_Learning its Event_Normalization Network_Monitoring}, publisher = {Springer}, title = {Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes.}, year = 2015 }
Weitere Informationen
AbstractModern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.

13.
Sapegin, A., Gawron, M., Jaeger, D., Cheng, F., Meinel, C.: High-speed Security Analytics Powered by In-memory Machine Learning Engine. Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015). pp. 74–81. IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.
@inproceedings{Andrey2015a, abstract = {Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.}, author = {Sapegin, Andrey and Gawron, Marian and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015)}, keywords = {its}, pages = {74 - 81}, publisher = {IEEE}, title = {High-speed Security Analytics Powered by In-memory Machine Learning Engine}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ISPDC.2015.16
AbstractModern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.

14.
Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143–148. IEEE Press, Lodz, Poland (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
@inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {its}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CSCESM.2015.7331883
AbstractIn the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).

15.
Amirkhanyan, A., Sapegin, A., Cheng, F., Meinel, C.: Simulation User Behavior on A Security Testbed Using User Behavior States Graph. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 217–223. ACM Press (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.
@inproceedings{2015_Amirkhanyan_SIN, abstract = {For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.}, author = {Amirkhanyan, Aragats and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {its simulation_tool data user_behavior testbed security_analytics network_security}, pages = {217-223}, publisher = {ACM Press}, title = {Simulation User Behavior on A Security Testbed Using User Behavior States Graph}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/http://dx.doi.org/10.1145/2799979.2799985
AbstractFor testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.

16.
Gawron, M., Cheng, F., Meinel, C.: Automatic Detection of Vulnerabilities for Advanced Security Analytics. Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15). pp. 471–474. IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.
@inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15)}, keywords = {its}, pages = {471-474}, publisher = {IEEE}, title = {Automatic Detection of Vulnerabilities for Advanced Security Analytics}, year = 2015 }
Weitere Informationen
AbstractThe detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.

17.
Amirkhanyan, A., Cheng, F., Meinel, C.: Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis. Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015). IEEE, Dubai, UAE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.
@inproceedings{2015_Amirkhanyan_IIT, abstract = {Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.}, address = {Dubai, UAE}, author = {Amirkhanyan, Aragats and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015)}, keywords = {geo_clustering real-time online_maps geohash its density-based_clustering}, month = 11, publisher = {IEEE}, title = {Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/INNOVATIONS.2015.7381559
AbstractNowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.

18.
Torkura, K.A., Meinel, C.: Towards Cloud-Aware Vulnerability Assessments. Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.
@inproceedings{2015_Torkura_SITIS, abstract = {Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.}, author = {Torkura, Kennedy A and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015)}, keywords = {its}, publisher = {IEEE}, title = {Towards Cloud-Aware Vulnerability Assessments}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SITIS.2015.63
AbstractVulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.

19.
Torkura, K.A., Cheng, F., Meinel, C.: Application of Quantitative Security Metrics In Cloud Computing. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.
@inproceedings{2015_Torkura_ICITST, abstract = {Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {Application of Quantitative Security Metrics In Cloud Computing}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITST.2015.7412101
AbstractSecurity issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.

20.
Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 229–236. ACM Press (2015).
[ Abstract ] [ BibTeX ] [ Details ]
 
The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.
@inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {Vulnerability_Analysis Security_Analytics its Attack_Graph Network_Security Vulnerability_Detection}, pages = {229-236}, publisher = {ACM Press}, title = {Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation}, year = 2015 }
Weitere Informationen
URNhttp://dx.doi.org/http://dx.doi.org/10.1145/2799979.2799986
AbstractThe detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.

2014 [ nach oben ]

1.
Sianipar, J., Saleh, E., Meinel, C.: Construction of Agent-Based Trust in Cloud Infrastructure. Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014. pp. 941–946. IEEE Computer Society, London, United Kingdom (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.
@inproceedings{2014_Sianipar_UCC, abstract = {By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.}, address = {London, United Kingdom}, author = {Sianipar, Johannes and Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014}, keywords = {its}, month = 12, pages = {941–946}, publisher = {IEEE Computer Society}, title = {Construction of Agent-Based Trust in Cloud Infrastructure}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/UCC.2014.153
AbstractBy design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.

2.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines. In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014). IEEE Press, Beijing, China (2014).
[ BibTeX ] [ Details ]
 
@inproceedings{2014_AZODI_ICITCS, address = {Beijing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014)}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines}, year = 2014 }
Weitere Informationen

3.
Jaeger, D., Graupner, H., Sapegin, A., Cheng, F., Meinel, C.: Gathering and Analyzing Identity Leaks for Security Awareness. Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014). Springer, Trondheim, Norway (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.
@inproceedings{2014_Jaeger_PASSWORDS, abstract = {The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.}, address = {Trondheim, Norway}, author = {Jaeger, David and Graupner, Hendrik and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014)}, institution = {Hasso-Plattner-Institute}, keywords = {identity_leak password its data_breach security_awareness}, month = 12, publisher = {Springer}, series = {Lecture Notes for Computer Science (LNCS)}, title = {Gathering and Analyzing Identity Leaks for Security Awareness}, year = 2014 }
Weitere Informationen
AbstractThe amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.

4.
Elsaid, M.E., Meinel, C.: Live Migration Impact on Virtual Datacenter Performance. Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014). pp. 216–221. IEEE Press, Barcelona, Spain (2014).
[ BibTeX ] [ Details ]
 
@inproceedings{2014_Esam_FiCloud, address = {Barcelona, Spain}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014)}, keywords = {its}, month = 8, pages = {216 - 221}, publisher = {IEEE Press}, title = {Live Migration Impact on Virtual Datacenter Performance}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/FiCloud.2014.42

5.
Saleh, E., Sianipar, J., Takouna, I., Meinel, C.: SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments. 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014. pp. 596–602. IEEE Computer Society, Bali, Indonesia (2014).
[ Abstract ] [ BibTeX ] [ Details ]
 
Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.
@inproceedings{2014_Saleh_UIC-ATC-ScalCom, abstract = {Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.}, address = {Bali, Indonesia}, author = {Saleh, Eyad and Sianipar, Johannes and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014}, keywords = {its}, month = 12, pages = {596-602}, publisher = {IEEE Computer Society}, title = {SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments}, year = 2014 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/UIC-ATC-ScalCom.2014.31
AbstractSoftware-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.

2013 [ nach oben ]

1.
Rafiee, H., Meinel, C.: Privacy and Security in IPv6 Networks: Challenges and Possible Solutions. ACM. ACM press, Aksaray, Turkey (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.
@inproceedings{2013_Rafiee_SIN_1, abstract = {Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, journal = {ACM}, keywords = {IID_generation lifetime_of_IID its privacy Privacy_model_in_network_layer}, month = 11, publisher = {ACM press}, title = {Privacy and Security in IPv6 Networks: Challenges and Possible Solutions}, year = 2013 }
Weitere Informationen
AbstractPrivacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.

2.
Schnjakin, M., Meinel, C.: Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013). pp. 91–102. Springer, Seoul, Korea (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_GPC, address = {Seoul, Korea}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013)}, keywords = {its}, month = 5, pages = {91-102}, publisher = {Springer}, series = {LNCS}, title = {Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, volume = 7861, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-38027-3_10

3.
Sapegin, A., Cheng, F., Meinel, C.: Catch the Spike: on the Locality of Individual BGP Update Bursts. Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013). pp. 78–83. IEEE CS, Dalian, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Sapegin_MSN, address = {Dalian, China}, author = {Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013)}, keywords = {its}, month = 12, pages = {78-83}, publisher = {IEEE CS}, title = {Catch the Spike: on the Locality of Individual BGP Update Bursts}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/MSN.2013.17

4.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems. Proceedings of the 1st International Conference on Advanced Cloud and Big Data. IEEE CS, Nanjing, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Azodi_CBD, address = {Nanjing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Conference on Advanced Cloud and Big Data}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems}, year = 2013 }
Weitere Informationen

5.
Krentz, K.-F., Rafiee, H., Meinel, C.: 6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer. Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013). ACM, Zurich, Switzerland (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Krentz_ASPI, address = {Zurich, Switzerland}, author = {Krentz, Konrad-Felix and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013)}, keywords = {its}, month = 9, publisher = {ACM}, title = {6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2523501.2523502

6.
Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical Object Log Format for Normalisation of Security Events. Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). IEEE CS, Tunis, Tunisia (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Sapegin_IAS, address = {Tunis, Tunisia}, author = {Sapegin, Andrey and Jaeger, David and Azodi, Amir and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Hierarchical Object Log Format for Normalisation of Security Events}, year = 2013 }
Weitere Informationen

7.
Saleh, E., Takouna, I., Meinel, C.: SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments. Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013). pp. 213–218. IEEE Press, Mysore, India (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Saleh_ICACCI, address = {Mysore, India}, author = {Saleh, Eyad and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013)}, keywords = {its}, month = 8, pages = {213 - 218}, publisher = {IEEE Press}, title = {SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICACCI.2013.6637173

8.
Rafiee, H., Mueller, C., Niemeier, L., Streek, J., Sterz, C., Meinel, C.: A Flexible Framework For Detecting IPv6 Vulnerabilities. Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013). ACM Press, Aksaray, Turkey (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.
@inproceedings{2013_Rafiee_SIN_2, abstract = {Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Mueller, Christoph and Niemeier, Lukas and Streek, Jannik and Sterz, Christoph and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, keywords = {Penetration_test Security IPv6 its DNSSEC Fuzzier_approach Attacks NSEC3 Privacy Zone_walking}, month = 11, publisher = {ACM Press}, title = {A Flexible Framework For Detecting IPv6 Vulnerabilities}, year = 2013 }
Weitere Informationen
AbstractSecurity has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.

9.
Schnjakin, M., Meinel, C.: Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013). pp. 1–9. IEEE, Nassau, Bahamas (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_ICCCN, address = {Nassau, Bahamas}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013)}, keywords = {its}, month = 8, pages = {1-9}, publisher = {IEEE}, title = {Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCCN.2013.6614137

10.
Schnjakin, M., Metzke, T., Meinel, C.: Applying Erasure Codes for Fault Tolerance in Cloud-RAID. Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013). IEEE, Sydney, Australia (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_CSE, address = {Sydney, Australia}, author = {Schnjakin, Maxim and Metzke, Tobias and Meinel, Christoph}, booktitle = {Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013)}, keywords = {its}, month = 12, publisher = {IEEE}, title = {Applying Erasure Codes for Fault Tolerance in Cloud-RAID}, year = 2013 }
Weitere Informationen

11.
Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Multi-Core Supported High Performance Security Analytics. Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013). IEEE CS, Chengdu, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Cheng_ScalCom, address = {Chengdu, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Multi-Core Supported High Performance Security Analytics}, year = 2013 }
Weitere Informationen

12.
Rafiee, H., Meinel, C.: A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration. Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013). pp. 165–172. IEEE Press, MA, USA (2013).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.
@inproceedings{2013_Rafiee_NCA, abstract = {The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.}, address = {MA, USA}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013)}, keywords = {IPv6_autoconfiguration DNS_update Resolver_authentication its NDP CGA-TSIG DNS TSIG CGA}, month = 8, pages = {165 - 172}, publisher = {IEEE Press}, title = {A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NCA.2013.37
AbstractThe Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.

13.
Schnjakin, M., Meinel, C.: The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds. Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013) (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_Sicherheit, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013)}, keywords = {its}, month = 5, title = {The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds}, year = 2013 }
Weitere Informationen

14.
Saleh, E., Meinel, C.: HPISecure: Towards Data Confidentiality in Cloud Applications. Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013). pp. 605–609. IEEE CS, Delft, Netherlands (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Saleh_CCGrid, address = {Delft, Netherlands}, author = {Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013)}, keywords = {its}, month = 5, pages = {605-609}, publisher = {IEEE CS}, title = {HPISecure: Towards Data Confidentiality in Cloud Applications}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CCGrid.2013.109

15.
Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems. Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013). IEEE CS, Chengdu, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Azodi_DASC, address = {Chengdu, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems}, year = 2013 }
Weitere Informationen

16.
Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Security Event Correlation Supported by Multi-Core Architecture. Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013). pp. 1–5. IEEE CS, Macau, China (2013).
[ BibTeX ] [ Details ]
 
@inproceedings{2013_Cheng_ICITCS, address = {Macau, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013)}, keywords = {its}, month = 12, pages = {1-5}, publisher = {IEEE CS}, title = {Security Event Correlation Supported by Multi-Core Architecture}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICITCS.2013.6717881

17.
Rafiee, H., von Löwis, M., Meinel, C.: DNS Update Extension to IPv6 Secure Addressing. Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013). pp. 896–902. IEEE CS, Barcelona, Spain (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Rafiee_FINA, address = {Barcelona, Spain}, author = {Rafiee, Hosnieh and von Löwis, Martin and Meinel, Christoph}, booktitle = {Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013)}, keywords = {SEND_extension SEND DNS_update its DNS_authentication}, month = 3, pages = {896-902}, publisher = {IEEE CS}, title = {DNS Update Extension to IPv6 Secure Addressing}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/WAINA.2013.117

18.
Schnjakin, M., Korsch, D., Schoenberg, M., Meinel, C.: Implementation of a Secure and Reliable Storage Above the Untrusted Clouds. Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013). pp. 347–353. IEEE, Colombo (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Schnjakin_ICCSE, address = {Colombo}, author = {Schnjakin, Maxim and Korsch, Dimitri and Schoenberg, Martin and Meinel, Christoph}, booktitle = {Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013)}, keywords = {its}, month = 4, pages = {347 - 353}, publisher = {IEEE}, title = {Implementation of a Secure and Reliable Storage Above the Untrusted Clouds}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICCSE.2013.6553936

19.
Takouna, I., Dawoud, W., Sachs, K., Meinel, C.: A Robust Optimization for Proactive Energy Management in Virtualized Data Centers. Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013). pp. 323–326. ACM Press, Prague, Czech Republic (2013).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2013_Takouna_ICPE, address = {Prague, Czech Republic}, author = {Takouna, Ibrahim and Dawoud, Wesam and Sachs, Kai and Meinel, Christoph}, booktitle = {Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013)}, keywords = {its}, month = 4, pages = {323-326}, publisher = {ACM Press}, title = {A Robust Optimization for Proactive Energy Management in Virtualized Data Centers}, year = 2013 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2479871.2479917

2012 [ nach oben ]

1.
AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability. Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012). Springer, Montreal, QC, Canada (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_FPS, address = {Montreal, QC, Canada}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012)}, keywords = {its}, month = 10, publisher = {Springer}, series = {Lecture Notes in Computer Science (LNCS)}, title = {IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability.}, year = 2012 }
Weitere Informationen

2.
Willems, C., Meinel, C.: Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab. Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012). IEEE Press, Marrakesh, Morocco (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Willems_EDUCON, address = {Marrakesh, Morocco}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012)}, keywords = {its}, publisher = {IEEE Press}, title = {Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab}, year = 2012 }
Weitere Informationen

3.
AlSa’deh, A., Rafiee, H., Meinel, C.: Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE CS Press, Bali, Indonesia (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_ICOIN, address = {Bali, Indonesia}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE CS Press}, title = {Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses}, year = 2012 }
Weitere Informationen

4.
Takouna, I., Dawoud, W., Meinel, C.: Analysis and Simulation of HPC Applications in Virtualized Data Centers. Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012). IEEE Press, Besançon, France (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012_Takouna_GreenCom, address = {Besançon, France}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Analysis and Simulation of HPC Applications in Virtualized Data Centers}, year = 2012 }
Weitere Informationen

5.
Arulogun, T., AlSa’deh, A., Meinel, C.: IPv6 Private Networks: Security Consideration and recommendation. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH, Ogbomoso (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012a_Arulogun_ICOMeS, address = {LAUTECH, Ogbomoso}, author = {Arulogun, Tayo and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Private Networks: Security Consideration and recommendation}, volume = 4, year = 2012 }
Weitere Informationen

6.
Dawoud, W., Takouna, I., Meinel, C.: Reliable Approach to Sell the Spare Capacity in the Cloud. Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012). pp. 229–236. , Nice, France (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_IARIA, address = {Nice, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012)}, keywords = {its}, month = 7, pages = {229-236}, title = {Reliable Approach to Sell the Spare Capacity in the Cloud}, year = 2012 }
Weitere Informationen

7.
Dawoud, W., Takouna, I., Meinel, C.: Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling. Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012). , Taiwan, China (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_CloudCom, address = {Taiwan, China}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012)}, keywords = {its}, month = 12, title = {Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling}, year = 2012 }
Weitere Informationen

8.
Rafiee, H., AlSa’deh, A., Meinel, C.: Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE Press, Bali, Indonesia (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Rafiee_ICOIN, address = {Bali, Indonesia}, author = {Rafiee, Hosnieh and AlSa'deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE Press}, title = {Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems}, year = 2012 }
Weitere Informationen

9.
Arulogun, T., Meinel, C., Emuoyibofarhe, J.: IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH , Ogbomoso (2012).
[ BibTeX ] [ Details ]
 
@inproceedings{2012b_Arulogun_ICOMeS, address = {LAUTECH , Ogbomoso}, author = {Arulogun, Tayo and Meinel, Christoph and Emuoyibofarhe, Justice}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System}, year = 2012 }
Weitere Informationen

10.
Alnemr, R., Meinel, C.: Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions. The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012). IEEE (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Alnemr_TrustCol, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012)}, chapter = {TRUSTCOL}, howpublished = {In the 7th IEEE International Workshop on Trusted Collaboration}, keywords = {its}, month = 10, publisher = {IEEE}, series = {7th IEEE International Workshop on Trusted Collaboration}, title = {Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions}, year = 2012 }
Weitere Informationen

11.
AlSa’deh, A., Rafiee, H., Meinel, C.: Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches. Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12). IEEE CS Press, Chengdu, Sichuan, China (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_AlSadeh_CIT, address = {Chengdu, Sichuan, China}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12)}, keywords = {its}, month = 10, publisher = {IEEE CS Press}, title = {Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches}, year = 2012 }
Weitere Informationen

12.
Dawoud, W., Takouna, I., Meinel, C.: Increasing Spot Instances Reliability using Dynamic Scalability. IEEE Fifth International Conference on Cloud Computing (CLOUD 2012). pp. 959–961. IEEE CS Press, Honolulu, Hawaii, USA (2012).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2012_Dawoud_CLOUD, address = {Honolulu, Hawaii, USA}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {IEEE Fifth International Conference on Cloud Computing (CLOUD 2012)}, keywords = {its}, month = 6, pages = {959-961}, publisher = {IEEE CS Press}, title = {Increasing Spot Instances Reliability using Dynamic Scalability}, year = 2012 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/CLOUD.2012.58

2011 [ nach oben ]

1.
AlSa’deh, A., Cheng, F., Meinel, C.: CS-CGA: Compact and More Secure CGA. Proceedings of the 17th IEEE International Conference on Networks (ICON 2011). IEEE Press, Singapore (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_AlSadeh_ICON, address = {Singapore}, author = {AlSa'deh, Ahmad and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th IEEE International Conference on Networks (ICON 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {CS-CGA: Compact and More Secure CGA}, year = 2011 }
Weitere Informationen

2.
Thomas, I., Meinel, C.: An Attribute Assurance Framework to Define and Match Trust in Identity Attributes. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 580–587. IEEE Computer Society, Washington DC, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Thomas_ICWS, address = {Washington DC, USA}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {580-587}, publisher = {IEEE Computer Society}, title = {An Attribute Assurance Framework to Define and Match Trust in Identity Attributes}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICWS.2011.80

3.
Roschke, S., Cheng, F., Meinel, C.: BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes. Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011). pp. 399–406. IEEE Press, Dublin, Ireland (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Roschke_IM, address = {Dublin, Ireland}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011)}, keywords = {its}, month = 5, pages = {399-406}, publisher = {IEEE Press}, title = {BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/INM.2011.5990539

4.
Alnemr, R., Meinel, C.: From Reputation Models and Systems to Reputation Ontologies. Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011). pp. 98–116. Springer, Copenhagen, Denmark (2011).
[ BibTeX ] [ Details ]
 
@inproceedings{2011_Alnemr_IFIPTM, address = {Copenhagen, Denmark}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011)}, keywords = {its}, month = 7, pages = {98-116}, publisher = {Springer}, series = {IFIP}, title = {From Reputation Models and Systems to Reputation Ontologies}, volume = 358, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-22200-9_10

5.
Schnjakin, M., Meinel, C.: Platform for a Secure Storage-Infrastructure in the Cloud. Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011). , Bonn, Germany (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Schnjakin_Sicherheit, address = {Bonn, Germany}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011)}, keywords = {its}, month = 5, title = {Platform for a Secure Storage-Infrastructure in the Cloud}, year = 2011 }
Weitere Informationen

6.
Thomas, I., Warschofsky, R., Meinel, C.: Whom to trust? – Generating WS-Security Policies based on Assurance Information. Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011). pp. 65–72. IEEE Computer Society, Lugano, Switzerland (2011).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.
@inproceedings{2011_Thomas_ECOWS, abstract = {As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.}, address = {Lugano, Switzerland}, author = {Thomas, Ivonne and Warschofsky, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011)}, keywords = {its}, month = 9, pages = {65-72}, publisher = {IEEE Computer Society}, title = {Whom to trust? – Generating WS-Security Policies based on Assurance Information}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ECOWS.2011.29
AbstractAs input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.

7.
Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Cloud Resources Provisioning Optimization. Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011). pp. 431–445. Springer, Kochi, India (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_ACC, address = {Kochi, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011)}, keywords = {its}, month = 7, pages = {431-445}, publisher = {Springer}, series = {CCIS}, title = {Elastic VM for Cloud Resources Provisioning Optimization}, volume = 190, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-22709-7_43

8.
AlSa’deh, A., Cheng, F., Roschke, S., Meinel, C.: IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security. Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011). pp. 1–6. IEEE Press, Paris, France (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_AISadeh_NTMS, address = {Paris, France}, author = {AlSa'deh, Ahmad and Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011)}, keywords = {its}, month = 2, pages = {1-6}, publisher = {IEEE Press}, title = {IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/NTMS.2011.5721076

9.
Roschke, S., Cheng, F., Meinel, C.: A New Correlation Algorithm based on Attack Graph. Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011). pp. 58–67. Springer, Torremolinos, Spain (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Roschke_CISIS, address = {Torremolinos, Spain}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011)}, keywords = {its}, month = 6, pages = {58-67}, publisher = {Springer}, series = {LNCS}, title = {A New Correlation Algorithm based on Attack Graph}, volume = 6694, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-21323-6_8

10.
Rafiee, H., AlSa’deh, A., Meinel, C.: WinSEND: Windows SEcure Neighbor Discovery. Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011). pp. 243–246. ACM Press, Sydney, Australia (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Rafiee_SIN, address = {Sydney, Australia}, author = {Rafiee, Hosnieh and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011)}, howpublished = {Short Paper}, keywords = {its}, month = 11, pages = {243-246}, publisher = {ACM Press}, title = {WinSEND: Windows SEcure Neighbor Discovery}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2070425.2070469

11.
Alnemr, R., Schnjakin, M., Meinel, C.: Towards Context-aware Service-oriented Semantic Reputation Framework. Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011). IEEE Press (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011-Alnemr-TrustCom, author = {Alnemr, Rehab and Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Towards Context-aware Service-oriented Semantic Reputation Framework}, year = 2011 }
Weitere Informationen

12.
Cheng, F., Roschke, S., Meinel, C.: An Integrated Network Scanning Tool for Attack Graph Construction. Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011). pp. 138–147. Springer, Oulu, Finland (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Cheng_GPC, address = {Oulu, Finland}, author = {Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011)}, keywords = {its}, month = 5, number = 6646, pages = {138-147}, publisher = {Springer}, series = {LNCS}, title = {An Integrated Network Scanning Tool for Attack Graph Construction}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1007/978-3-642-20754-9_15

13.
Alnemr, R., Meinel, C.: Why Rating is not Enough: A Study on Online Reputation Systems. Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011). IEEE Press, Orlando, Florida, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Alnemr_CCSocialComp, address = {Orlando, Florida, USA}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011)}, howpublished = {Workshop Paper}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Why Rating is not Enough: A Study on Online Reputation Systems}, year = 2011 }
Weitere Informationen

14.
Warschofsky, R., Menzel, M., Meinel, C.: Automated Security Service Orchestration for the Identity Management in Web Service based Systems. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 596–603. IEEE Computer Science, Washington DC, USA (2011).
[ Abstract ] [ BibTeX ] [ Download ] [ Details ]
 
Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.
@inproceedings{2011_Warschofsky_ICWS, abstract = {Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.}, address = {Washington DC, USA}, author = {Warschofsky, Robert and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {596-603}, publisher = {IEEE Computer Science}, title = {Automated Security Service Orchestration for the Identity Management in Web Service based Systems}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/ICWS.2011.41
AbstractToday, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.

15.
Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Rapid and Optimum Virtualized Resources Allocation. Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011). pp. 1–4. IEEE Press, Paris, France (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_SVM, address = {Paris, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011)}, keywords = {its}, month = 10, pages = {1-4}, publisher = {IEEE Press}, title = {Elastic VM for Rapid and Optimum Virtualized Resources Allocation}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/SVM.2011.6096465

16.
Takouna, I., Dawoud, W., Meinel, C.: Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems. Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011). CSREA Press, Las Vegas, Nevada, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_PDPTA, address = {Las Vegas, Nevada, USA}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems}, year = 2011 }
Weitere Informationen

17.
Willems, C., Meinel, C.: Practical Network Security Teaching in an Online Virtual Laboratory. Proceedings of the 2011 International Conference on Security & Management (SAM 2011). CSREA Press, Las Vegas, Nevada, USA (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Willems_SAM, address = {Las Vegas, Nevada, USA}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Security & Management (SAM 2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Practical Network Security Teaching in an Online Virtual Laboratory}, year = 2011 }
Weitere Informationen

18.
Takouna, I., Dawoud, W., Meinel, C.: Accurate Multicore Processor Power Models for Power-Aware Resource Management. Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011). pp. 419–426. IEEE Press, Sydney, Australia (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_CGC, address = {Sydney, Australia}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011)}, keywords = {its}, month = 12, pages = {419-426}, publisher = {IEEE Press}, title = {Accurate Multicore Processor Power Models for Power-Aware Resource Management}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1109/DASC.2011.85

19.
Takouna, I., Dawoud, W., Meinel, C.: Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning. Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011). pp. 4:1–4:6. , Lisboa, Portugal (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Takouna_GCM, address = {Lisboa, Portugal}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011)}, keywords = {its}, month = 12, pages = {4:1–4:6}, title = {Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning}, year = 2011 }
Weitere Informationen
URNhttp://dx.doi.org/10.1145/2088996.2089000

20.
Willems, C., Klingbeil, T., Radvilavicius, L., Cenys, A., Meinel, C.: A Distributed Virtual Laboratory Architecture for Cybersecurity Training. Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011). IEEE Press, Abu Dhabi, UAE (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Willems_ICITST, address = {Abu Dhabi, UAE}, author = {Willems, Christian and Klingbeil, Thomas and Radvilavicius, Lukas and Cenys, Antanas and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {A Distributed Virtual Laboratory Architecture for Cybersecurity Training}, year = 2011 }
Weitere Informationen

21.
Dawoud, W., Takouna, I., Meinel, C.: Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning. Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011). Springer, Tamil Nadu, India (2011).
[ BibTeX ] [ Download ] [ Details ]
 
@inproceedings{2011_Dawoud_Obcom, address = {Tamil Nadu, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011)}, keywords = {its}, month = 12, number = {0269}, publisher = {Springer}, series = {CCIS}, title = {Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning}, year = 2011 }
Weitere Informationen

2010 [ nach oben ]

1.
Alnemr, R., Paschke, A., Meinel, C.: Enabling Reputation Interoperability through Semantic Technologies. Proceedings of the 7th International Conference on Semantic Systems (I-Semantics 2010). p. No.13. ACM Press, Graz, Austria (2010).
[ BibTeX ] [ Download ] [ Details ]