Conference Papers for Security and Trust Engineering at the chair of Prof. Dr. Christoph Meinel

2019 [ nach oben ]

• Grüner, A., Mühle, A., Meinel, C.: An Integration Architecture to Enable Service Providers for Self-sovereign Identity. Proceedings of the 18th. International Symposium on Network Computing and Applications. IEEE, Boston, MA (2019).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.
  @inproceedings{gruner2019integration, abstract = {The self-sovereign identity management model emerged with the rise of blockchain technology. This paradigm focuses on user-centricity and strives to place the user in full control of the digital identity. Numerous implementations embrace the self-sovereign identity concept, leading to a fragmented landscape of solutions. At the same time, traditional identity and access management protocols are largely disregarded and facilities to issue verifiable claims as attributes are not available. Therefore, service providers barely adopt these solutions. We propose a component-based architecture for integrating selfsovereign identity solutions into web applications to foster their adoption by service providers. Furthermore, we outline a sample implementation as a gateway that enables uPort and Jolocom for authentication, via the OpenID Connect protocol, as well as the retrieval of email address attestations for these solutions.}, address = {Boston, MA}, author = {Grüner, Andreas and Mühle, Alexander and Meinel, Christoph}, booktitle = {Proceedings of the 18th. International Symposium on Network Computing and Applications}, keywords = {myown blockchain identity ssi decentralized trust}, publisher = {IEEE}, title = {An Integration Architecture to Enable Service Providers for Self-sovereign Identity}, year = 2019 }
• Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkura2019slingshot, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {myown incident-response threat-detection cloud-security security}, publisher = {IEEE}, title = {SlingShot: Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems}, type = {Publication}, year = 2019 }
• Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Comparative Analysis of Trust Requirements in Decentralized Identity Management. Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications. Springer, Matsue, Japan (2019).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
  @inproceedings{gruner2019comparative, abstract = {Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.}, address = {Matsue, Japan}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 33rd. International Conference on Advanced Information Networking and Applications}, keywords = {myown blockchain identity its decentralized requirements security trust}, publisher = {Springer}, title = {A Comparative Analysis of Trust Requirements in Decentralized Identity Management}, year = 2019 }
• Bock, B., Matysik, J.-T., Krentz, K.-F., Meinel, C.: Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
  @conference{bock2019layer, abstract = {While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things (IoT) applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We succesfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.}, address = {Limerick, Ireland}, author = {Bock, Benedikt and Matysik, Jan-Tobias and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme}, year = 2019 }
• Seidel, F., Krentz, K.-F., Meinel, C.: Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers. Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland (2019).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.
  @conference{seidel2019enroute, abstract = {Devices on the IoT are usually battery-powered and have limited resources. Hence, energy-efficient and lightweight protocols were designed for IoT devices, such as the popular CoAP. Yet, CoAP itself does not include any defenses against denial-of-sleep attacks, which are attacks that aim at depriving victim devices of entering low-power sleep modes. For example, a denial-of-sleep attack against an IoT device that runs a CoAP server is to send plenty of CoAP messages to it, thereby forcing the IoT device to expend energy for receiving and processing these CoAP messages. All current security solutions for CoAP, namely DTLS, IPsec, and OSCORE, fail to prevent such attacks. To fill this gap, Seitz et al. proposed a method for filtering out inauthentic and replayed CoAP messages "en-route" on 6LoWPAN border routers. In this paper, we expand on Seitz et al.'s proposal in two ways. First, we revise Seitz et al.'s software architecture so that 6LoWPAN border routers can not only check the authenticity and freshness of CoAP messages, but can also perform a wide range of further checks. Second, we propose a couple of such further checks, which, as compared to Seitz et al.'s original checks, more reliably protect IoT devices that run CoAP servers from remote denial-of-sleep attacks, as well as from remote exploits. We prototyped our solution and successfully tested its compatibility with Contiki-NG's CoAP implementation.}, address = {Limerick, Ireland}, author = {Seidel, Felix and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the IEEE 5th World Forum on Internet of Things (WF-IoT)}, keywords = {myown iot}, publisher = {IEEE}, title = {Deep En-Route Filtering of Constrained Application Protocol (CoAP) Messages on 6LoWPAN Border Routers}, year = 2019 }
• Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: Security Chaos Engineering for Cloud Services. The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019). IEEE (2019).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkura2019security, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {The Proceedings of 18th IEEE International Symposium on Network Computing and Applications (NCA 2019)}, keywords = {resilient-architecutures myown cloud-security its chaos-engineering security}, publisher = {IEEE}, title = {Security Chaos Engineering for Cloud Services}, year = 2019 }

2018 [ nach oben ]

• Torkura, K. .A., Sukmana, M.I.H., Cheng, F., Meinel, C.: CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era. 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018). Springer (2018).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkura2018cavas, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Cheng, Feng and Meinel, Christoph}, booktitle = {14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018)}, keywords = {myown cloud-security its microservices-security container-security}, publisher = {Springer}, title = {CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era}, year = 2018 }
• Torkura, K.A., Sukmana, M.I.H., Meinig, M., Graupner, H., Cheng, F., Meinel, C.: A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems. 16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018). IEEE/IFIP (2018).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.
  @inproceedings{a2017threat, abstract = {Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between Cloud Service Providers(CSP) and cloud users, while providing value-added services e.g. increased security, identity management and file sharing/syncing. However, CSBs face several security challenges including enlarged attack surfaces due to integration of disparate components e.g. on-premise and cloud APIs/services. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a representative, real Cloud Storage Broker (CSB) and analyze these security threats and risks. We also propose a technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs in order to cater for configuration-based vulnerabilities which are typically leveraged to compromise cloud storage systems. This effort is necessary since existing schemes do not provide sufficient security metrics, imperative for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Therefore, our approach can be employed by CSBs and CSPs to improve cloud security.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinig, Michael and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018)}, keywords = {myown cloud-storage threat-analysis cloud-security its}, publisher = {IEEE/IFIP}, series = {NOMS}, title = {A Threat Modeling Approach for Cloud Storage Brokerage and File Sharing Systems}, year = 2018 }
• Krentz, K.-F., Meinel, C., Graupner, H.: Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018). Junction, Madrid, Spain (2018).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
  @conference{krentz2018denialofsleepresilient, abstract = {Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.}, address = {Madrid, Spain}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2018)}, keywords = {myown iot}, publisher = {Junction}, title = {Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to Responsive}, year = 2018 }
• Torkura, K. .A., Sukmana, M.I.H., Meinig, M., Kayem, A., Cheng, F., Graupner, H., Meinel, C.: Securing Cloud Storage Brokerage Systems through Threat Models. The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018). IEEE (2018).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkuara2018securing, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Meinig, Michael and Kayem, Anne and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The 32nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2018)}, keywords = {myown threat-analysis its security}, publisher = {IEEE}, title = {Securing Cloud Storage Brokerage Systems through Threat Models}, year = 2018 }
• Torkura, K. .A., Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018). IEEE (2018).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkura2018csbauditor, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {The Proceedings of 17th IEEE International Symposium on Network Computing and Applications (NCA 2018)}, keywords = {myown assessments cloud-security its}, publisher = {IEEE}, title = {CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems}, year = 2018 }
• Torkura, K. .A., Sukmana, M.I.H., Kayem, A.V.D.M., Cheng, F., Meinel, C.: A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures. 32nd IEEE International Symposium on Parallel and Distributed Processing with Applications. IEEE (2018).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{noauthororeditor2018cyber, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Kayem, Anne VDM and Cheng, Feng and Meinel, Christoph}, booktitle = {32nd IEEE International Symposium on Parallel and Distributed Processing with Applications}, keywords = {myown security-risk-analysis cloud-security its security}, publisher = {IEEE}, title = {A Cyber Risk Based Moving Target Defense Mechanism for Microservice Architectures}, year = 2018 }
• Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: A Quantifiable Trust Model for Blockchain-Based Identity Management. Proceedings of the 2018 International Conference on Blockchain. IEEE, Halifax, Canada (2018).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.
  @inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel07/2018, abstract = {Removing the need for a trusted third party, blockchain technology revolutionizes the field of identity management. Service providers rely on digital identities to securely identify, authenticate and authorize users to their services. Traditionally, these digital identities are offered by a central identity provider belonging to a specific organisation. Trust in the digital identity mainly originates from the identity provider’s reputation, organizational functioning and contractual obligations. Blockchain technology enables the creation of decentralized identity management without a central identity provider as trusted third party. Therefore, the derivation of trust in digital identities within this paradigm requires a distinct approach. In this paper we propose a novel general quantifiable trust model and a specific implementation variant for blockchainbased identity management. Applying the model, trust is deduced in a decentralized manner from attestations of claims and applied to the associated digital identity. This concept replaces trust with a central identity provider by aggregated trust into attestation issuers. Thus, promoting self-sovereign identities to be fit for purpose. The calculated numerical trust metric serves as independent basis for the definition of assurance levels to simplify and automate reasoning about trust by service providers without requiring a dedicated evaluation of a trusted third party.}, address = {Halifax, Canada}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 2018 International Conference on Blockchain}, keywords = {Blockchain myown identity trust}, publisher = {IEEE}, title = {A Quantifiable Trust Model for Blockchain-Based Identity Management}, year = 2018 }
• Grüner, A., Mühle, A., Gayvoronskaya, T., Meinel, C.: Towards a Blockchain-based Identity Provider. Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies. IARIA, Venice, Italy (2018).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.
  @inproceedings{andreasgrüneralexandermühletatianagayvoronskayachristophmeinel09/2018, abstract = {The emerging technology blockchain is under way to revolutionize various fields. One significant domain to apply blockchain is identity management. In traditional identity management, a centralized identity provider, representing a trusted third party, supplies digital identities and their attributes. The identity provider controls and owns digital identities instead of the associated subjects and therefore, constitutes a single point of failure and compromise. To overcome the need for this trusted third party, blockchain enables the creation of a decentralized identity provider serving digital identities that are under full control of the associated subject. In this paper, we outline the design and implementation of a decentralized identity provider using an unpermissioned blockchain. Digital identities are partially stored on the blockchain and their attributes are modelled as verifiable claims, consisting of claims and attestations. In addition to that, the identity provider implements the OpenID Connect protocol to promote seamless integration into existing application landscapes. We provide a sample authentication workflow for a user at an online shop to show practical feasibility.}, address = {Venice, Italy}, author = {Grüner, Andreas and Mühle, Alexander and Gayvoronskaya, Tatiana and Meinel, Christoph}, booktitle = {Proceedings of the 12th. International Conference on Emerging Security Information, Systems and Technologies}, keywords = {myown blockchain identity Ethereum}, publisher = {IARIA}, title = {Towards a Blockchain-based Identity Provider}, year = 2018 }
• Torkura, K. .A., Sukmana, M.I.H., Tim, S., Cheng, F., Graupner, H., Meinel, C.: Defeating Malicious Intrusions in Multi-Cloud Storage Systems. Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018. Hasso Plattner Institute, Potsdam, Germany (2018).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{torkura2018defeating, author = {Torkura, Kennedy .A and Sukmana, Muhammad I. H and Tim, Strauss and Cheng, Feng and Graupner, Hendrik and Meinel, Christoph}, booktitle = {Proceedings of the 6th HPI Cloud Symposium “Operating the Cloud” 2018}, keywords = {risk-assessment myown cloud-security its}, publisher = {Hasso Plattner Institute, Potsdam, Germany}, series = {Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam}, title = {Defeating Malicious Intrusions in Multi-Cloud Storage Systems}, year = 2018 }

2017 [ nach oben ]

• Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Classification using Machine Learning. Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017). Springer (2017).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{gawron2017automatic, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017)}, keywords = {security}, publisher = {Springer}, title = {Automatic Vulnerability Classification using Machine Learning}, year = 2017 }
• Torkura, K.A., Sukmana, M.I.H., Meinel, C.: Integrating Continuous Security Assessments in Microservices and Cloud Native Applications. Proceedings of the10th International Conference on Utility and Cloud Computing. p. 171--180. ACM (2017).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ DOI ] [ Details ]
   
  Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.
  @inproceedings{atorkura2017integrating, abstract = {Cloud Native Applications (CNA) consists of multiple collaborating microservice instances working together towards common goals. These microservices leverage the underlying cloud infrastructure to enable several properties such as scalability and resiliency. CNA are complex distributed applications, vulnerable to several security issues affecting microservices and traditional cloud-based applications. For example, each microservice instance could be developed with different technologies e.g. programming languages and databases. This diversity of technologies increases the chances for security vulnerabilities in microservices. Moreover, the fast-paced development cycles of CNA increases the probability of insufficient security tests in the development pipelines, and consequent deployment of vulnerable microservices. Furthermore, cloud native environments are ephemeral, microservices are dynamically launched and de-registered, this factor creates a discoverability challenge for traditional security assessment techniques. Hence, security assessments in such environments require new approaches which are specifically adapted and integrated to CNA. In fact, such techniques are to be cloud native i.e. well integrated into the cloud’s fabric. In this paper, we tackle the above-mentioned challenges through the introduction of a novel Security Control concept - the Security Gateway. To support the Security Gateway concept, two other concepts are proposed: dynamic document store and security health endpoints.We have implemented these concepts using cloud native design patterns and integrated them into the CNA workflow. Our experimental evaluations validate the efficiency of our proposals, the time overhead due to the security gateway is minimal and the vulnerability detection rate surpasses that of traditional security assessment approaches. Our proposal can therefore be employed to secure CNA and microservice-based implementations.}, author = {Torkura, Kennedy A. and Sukmana, Muhammad I.H. and Meinel, Christoph}, booktitle = {Proceedings of the10th International Conference on Utility and Cloud Computing}, keywords = {myown assessments its security}, organization = {IEEE/CM}, pages = {171--180}, publisher = {ACM}, series = {UCC '17}, title = {Integrating Continuous Security Assessments in Microservices and Cloud Native Applications}, year = 2017 }
• Krentz, K.-F., Meinel, C., Graupner, H.: More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization. Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017). Springer, Nancy, France (2017).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
  @conference{krentz2017lightweight, abstract = {802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy- and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.}, address = {Nancy, France}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS 2017)}, keywords = {myown IoT}, publisher = {Springer}, title = {More Lightweight, yet Stronger 802.15.4 Security through an Intra-Layer Optimization}, year = 2017 }
• Torkura, K.A., Sukmana, M.I.H., Cheng, F., Meinel, C.: Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications. Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud). IEEE (2017).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ URL ] [ DOI ] [ Details ]
   
  This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.
  @conference{torkura2017leveraging, abstract = {This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests.}, author = {Torkura, Kennedy A and Sukmana, Muhammad IH and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 2nd IEEE International Conference on Smart Cloud (SmartCloud)}, keywords = {myown its}, month = {23 Nov 2017}, publisher = {IEEE}, title = {Leveraging Cloud Native Design Patterns for Security-as-a-Service Applications}, year = 2017 }
• Seitz, K., Serth, S., Krentz, K.-F., Meinel, C.: Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages. 15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017). ACM, Delft, The Netherlands (2017).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.
  @conference{seitz2017abstract, abstract = {IoT devices usually are battery-powered and directly connected to the Internet. This makes them vulnerable to so-called path-based denial-of-service (PDoS) attacks. For example, in a PDoS attack an adversary sends multiple Constrained Application Protocol (CoAP) messages towards an IoT device, thereby causing each IoT device along the path to expend energy for forwarding this message. Current end-to-end security solutions, such as DTLS or IPsec, fail to prevent such attacks since they only filter out inauthentic CoAP messages at their destination. This demonstration shows an approach to allow en-route filtering where a trusted gateway has all necessary information to check the integrity, decrypt and, if necessary, drop a message before forwarding it to the constrained mote. Our approach preserves precious resources of IoT devices in the face of path-based denial-of-service attacks by remote attackers.}, address = {Delft, The Netherlands}, author = {Seitz, Klara and Serth, Sebastian and Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {15th ACM Conference on Embedded Networked Sensor Systems (SenSys 2017)}, keywords = {IoT}, publisher = {ACM}, title = {Demo: Enabling En-Route Filtering for End-to-End Encrypted CoAP Messages}, year = 2017 }
• Krentz, K.-F., Meinel, C., Graupner, H.: Secure Self-Seeding with Power-Up SRAM States. Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017). IEEE, Heraklion, Greece (2017).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.
  @inproceedings{2017_Krentz_ISCC, abstract = {Generating seeds on Internet of things (IoT) devices is challenging because these devices typically lack common entropy sources, such as user interaction or hard disks. A promising replacement is to use power-up static random-access memory (SRAM) states, which are partly random due to manufacturing deviations. Thus far, there, however, seems to be no method for extracting close-to-uniformly distributed seeds from power-up SRAM states in an information-theoretically secure and practical manner. Moreover, the min-entropy of power-up SRAM states reduces with temperature, thereby rendering this entropy source vulnerable to so-called freezing attacks. In this paper, we mainly make three contributions. First, we propose a new method for extracting uniformly distributed seeds from power-up SRAM states. Unlike current methods, ours is information-theoretically secure, practical, and freezing attack-resistant rolled into one. Second, we point out a trick that enables using power-up SRAM states not only for self-seeding at boot time, but also for reseeding at runtime. Third, we compare the energy consumption of seeding an IoT device either with radio noise or power-up SRAM states. While seeding with power-up SRAM states turned out to be more energy efficient, we argue for mixing both these entropy sources.}, address = {Heraklion, Greece}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the 22nd IEEE Symposium on Computers and Communications (ISCC 2017)}, keywords = {its}, publisher = {IEEE}, title = {Secure Self-Seeding with Power-Up SRAM States}, year = 2017 }
• Krentz, K.-F., Meinel, C., Graupner, H.: Countering Three Denial-of-Sleep Attacks on ContikiMAC. Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017). Junction, Uppsala, Sweden (2017).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2017_Krentz_EWSN, address = {Uppsala, Sweden}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Graupner, Hendrik}, booktitle = {Proceedings of the International Conference on Embedded Wireless Systems and Networks (EWSN 2017)}, keywords = {its}, publisher = {Junction}, title = {Countering Three Denial-of-Sleep Attacks on ContikiMAC}, year = 2017 }

2016 [ nach oben ]

• Amirkhanyan, A., Meinel, C.: Visualization and Analysis of Public Social Geodata to Provide Situational Awareness. Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016). IEEE, Chiang Mai, Thailand (2016).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.
  @inproceedings{2016_Amirkhanyan_ICACI, abstract = {Nowadays, social networks are an essential part of modern life. People posts everything what happens with them and what happens around them. The amount of data, producing by social networks, increases dramatically every year and users more often post geo-tagged messages. It gives us more possibilities for visualization and analysis of social data, since we can be interested not only in the content of the message but also in the location, from where this message was posted. We aimed to use public social data from location-based social networks to improve situational awareness. In the paper, we show our approach of handling in real-time geodata from Twitter and providing the advanced methods for visualization, analysis, searching and statistics, in order to improve situational awareness.}, address = {Chiang Mai, Thailand}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Advanced Computational Intelligence (ICACI2016)}, keywords = {visualization big_data its location-based_social_network geodata situational_awareness}, month = 2, publisher = {IEEE}, title = {Visualization and Analysis of Public Social Geodata to Provide Situational Awareness}, year = 2016 }
• Jaeger, D., Pelchen, C., Graupner, H., Cheng, F., Meinel, C.: Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use. Proceedings of the 11th International Conference on Passwords (PASSWORDS2016). Springer, Bochum, Germany (2016).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2016_Jaeger_PASSWORDS, address = {Bochum, Germany}, author = {Jaeger, David and Pelchen, Chris and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Passwords (PASSWORDS2016)}, keywords = {its}, month = 12, publisher = {Springer}, title = {Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use}, year = 2016 }
• Amirkhanyan, A., Meinel, C.: Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness. Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly. Springer, Swansea, Wales, UK (2016).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.
  @inproceedings{2016_Amirkhanyan_I3E, abstract = {In the era of social networks, we have a huge amount of social geotagged data that reflect the real world. These data can be used to provide or to enhance situational and public safety awareness. It can be reached by the way of analysis and visualization of geotagged data that can help to better understand the situation around and to detect local geo-spatial threats. One of the challenges in the way of reaching this goal is providing valuable statistics and advanced methods for filtering data. Therefore, in the scope of this paper, we collect sufficient amount of public social geotagged data from Twitter, build different valuable statistics and analyze them. Also, we try to find valuable parameters and propose the useful filters based on these parameters that can filter data from invaluable data and, by this way, support analysis of geotagged data from the perspective of providing situational awareness.}, address = {Swansea, Wales, UK}, author = {Amirkhanyan, Aragats and Meinel, Christoph}, booktitle = {Proceedings of the 15th IFIP Conference on e-Business, e-Services and e-Society (I3E2016) - Social Media: The Good, the Bad, and the Ugly}, keywords = {public_safety_awareness geotagged_data big_data its georeferenced_data location-based_social_networks analysis situational_awareness statistics}, month = 9, publisher = {Springer}, title = {Analysis of the Value of Public Geotagged Data from Twitter from the Perspective of Providing Situational Awareness}, year = 2016 }
• Krentz, K.-F., Meinel, C., Schnjakin, M.: POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames. Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016). IEEE, Salzburg, Austria (2016).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2016_Krentz_ARES, address = {Salzburg, Austria}, author = {Krentz, Konrad-Felix and Meinel, Christoph and Schnjakin, Maxim}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (ARES 2016)}, keywords = {its}, publisher = {IEEE}, title = {POTR: Practical On-the-fly Rejection of Injected and Replayed 802.15.4 Frames}, year = 2016 }
• Torkura, K., Meinel, C.: Towards Vulnerability Assessment as a Service in OpenStack Clouds. Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN). IEEE, Dubai, UAE (2016).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.
  @inproceedings{Kennedy2016a, abstract = {Efforts towards improving security in cloud infrastructures recommend regulatory compliance approaches such as HIPAA and PCI DSS. Similarly, vulnerability assessments are imperatives for fulfilling these regulatory compliance requirements. Nevertheless, conducting vulnerability assessments in cloud environments requires approaches different from those found in traditional computing. Factors such as multi-tenancy, elasticity, self-service and cloud-specific vulnerabilities must be considered. Furthermore, the Anything-as-a-Service model of the cloud stimulates security automation and user-intuitive services. In this paper, we tackle the challenge of efficient vulnerability assessments at the system level, in particular for core cloud applications.Within this scope, we focus on the use case of a cloud administrator. We believe the security of the underlying cloud software is crucial to the overall health of a cloud infrastructure since these are the foundations upon which other applications within the cloud function. We demonstrate our approach using OpenStack and through our experiments prove that our prototype implementation is effective at identifying “OpenStacknative” vulnerabilities. We also automate the process of identifying insecure configurations in the cloud and initiate steps for deploying Vulnerability Assessment-as-a-Service in OpenStack.}, address = {Dubai, UAE}, author = {Torkura, Kennedy and Meinel, Christoph}, booktitle = {Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN)}, keywords = {vulnerability_assessment its Cloud_Security Security_as_a_Service cloud-specific_vulnerabilities}, publisher = {IEEE}, title = {Towards Vulnerability Assessment as a Service in OpenStack Clouds}, year = 2016 }

2015 [ nach oben ]

• Torkura, K.A., Cheng, F., Meinel, C.: Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment. Journal of Internet Technology and Secured Transactions. 4, (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time
  @article{Kennedy2015a, abstract = {The current increase in software vulnerabilities necessitates concerted research in vulnerability lifecycles and how effective mitigative approaches could be implemented. This is especially imperative in cloud infrastructures considering the novel attack vectors introduced by this emerging computing paradigm. By conducting a quantitative security assessment of OpenStack’s vulnerability lifecycle, we discovered severe risk levels resulting from prolonged gap between vulnerability discovery and patch release. We also observed an additional time lag between patch release and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actors to develop zero-days exploits and other types of malicious software. Mitigating these concerns requires systems with current knowledge on events within the vulnerability lifecycle. However, current threat mitigation systems like vulnerability scanners are designed to depend on information from public vulnerability repositories which mostly do not retain comprehensive information on vulnerabilities. Accordingly, we propose a framework that would mitigate the afore-mentioned risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories, Bug Tracking Systems and other channels. These information is thereafter used to automatically generate plugins armed with current information about possible zeroday exploits and other unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks, Scanner Patch Time and Scanner Patch Discovery Time}, author = {Torkura, Kennedy A. and Cheng, Feng and Meinel, Christoph}, journal = {Journal of Internet Technology and Secured Transactions}, keywords = {its}, organization = {infonomics Society}, title = {Aggregating Vulnerability Information for Proactive Cloud Vulnerability Assessment}, volume = 4, year = 2015 }
• Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143 - 148. IEEE Press, Lodz, Poland (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
  @inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {its}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
• Sianipar, J.H., Meinel, C.: A verification mechanism for cloud brokerage system. Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015). pp. 143 - 148. IEEE Press, Lodz, Poland (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).
  @inproceedings{2015_Sianipar_CSCESM, abstract = {In the existing cloud brokerage system, the client does not have the ability to verify the result of the cloud service selection. There are possibilities that the cloud broker can be biased in selecting the best Cloud Service Provider (CSP) for a client. A compromised or dishonest cloud broker can unfairly select a CSP for its own advantage by cooperating with the selected CSP. To address this problem, we propose a mechanism to verify the CSP selection result of the cloud broker. In this verification mechanism, properties of every CSP will also be verified. It uses a trusted third party to gather clustering result from the cloud broker. This trusted third party is also used as a base station to collect CSP properties in a multi-agents system. Software Agents are installed and running on every CSP. The CSP is monitored by agents as the representative of the customer inside the cloud. These multi-agents give reports to a third party that must be trusted by CSPs, customers and the Cloud Broker. The third party provides transparency by publishing reports to the authorized parties (CSPs and Customers).}, address = {Lodz, Poland}, author = {Sianipar, Johannes Harungguan and Meinel, Christoph}, booktitle = {Proceedings of the Second International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2015)}, keywords = {cloud trust}, month = 9, pages = {143 - 148}, publisher = {IEEE Press}, title = {A verification mechanism for cloud brokerage system}, year = 2015 }
• Cheng, F., Sapegin, A., Gawron, M., Meinel, C.: Analyzing Boundary Device Logs on the In-Memory Platform. Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15). IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.
  @inproceedings{Feng2015a, abstract = {The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact that a huge amount of data might be generated for being analyzed in very short time. In this paper, we address this challenge by applying complex analytics and modern in-memory database technology on the large amount of log data. Logs from different kinds of devices are collected, normalized, and stored in the In-Memory database. Machine learning approaches are then implemented to analyze the centralized big data to identify attacks and anomalies which are not easy to be detected from the individual log event. The proposed method is implemented on the In-Memory platform, i.e., SAP HANA Platform, and the experimental results show that it has the expected capabilities as well as the high performance.}, author = {Cheng, Feng and Sapegin, Andrey and Gawron, Marian and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity‘15)}, keywords = {its}, publisher = {IEEE}, title = {Analyzing Boundary Device Logs on the In-Memory Platform}, year = 2015 }
• Elsaid, M.E., Meinel, C.: Friendship based Storage Allocation for Online Social Networks Cloud Computing. Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015). IEEE Press, Marrakesh, Morrocco (2015).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2015_Esam_CloudTech, address = {Marrakesh, Morrocco}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference of Cloud Computing Technologies and Applications (CloudTech 2015)}, keywords = {its}, month = 6, publisher = {IEEE Press}, title = {Friendship based Storage Allocation for Online Social Networks Cloud Computing}, year = 2015 }
• Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Passive Network Monitoring using REAMS. Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015). pp. 205-215. Sprinter, Pattaya, Thailand (2015).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2015_ICISA_AZODI, address = {Pattaya, Thailand}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Information Science and Applications (ICISA 2015)}, keywords = {its}, month = 2, pages = {205-215}, publisher = {Sprinter}, series = {LNEE}, title = {Passive Network Monitoring using REAMS}, volume = 339, year = 2015 }
• Amirkhanyan, A., Cheng, F., Meinel, C.: Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis. Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015). IEEE, Dubai, UAE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.
  @inproceedings{2015_Amirkhanyan_IIT, abstract = {Nowadays, we have a lot of data produced by social media services, but more and more often these data contain information about a location that gives us the wide range of possibilities to analyze them. Since we can be interested not only in the content, but also in the location where this content was produced. For good analyzing geo-spatial data, we need to find the best approaches for geo clustering. And the best approach means real-time clustering of massive geodata with high accuracy. In this paper, we present a new approach of clustering geodata for online maps, such as Google Maps, OpenStreetMap and others. Clustered geodata based on their location improve visual analysis of them and improve situational awareness. Our approach is the server-side online algorithm that does not need the entire data to start clustering. Also, this approach works in real-time and could be used for clustering of massive geodata for online maps in reasonable time. We implemented the proposed approach to prove the concept, and also, we provided experiments and evaluation of our approach.}, address = {Dubai, UAE}, author = {Amirkhanyan, Aragats and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Innovations in Information Technology (IIT2015)}, keywords = {geo_clustering real-time online_maps geohash its density-based_clustering}, month = 11, publisher = {IEEE}, title = {Real-Time Clustering of Massive Geodata for Online Maps to Improve Visual Analysis}, year = 2015 }
• Sapegin, A., Amirkhanyan, A., Gawron, M., Cheng, F., Meinel, C.: Poisson-based Anomaly Detection for Identifying Malicious User Behaviour. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15). Springer (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.
  @inproceedings{Andrey2015b, abstract = {Nowadays, malicious user behaviour that does not trigger access violation or alert of data leak is difficult to be detected. Using the stolen login credentials the intruder doing espionage will first try to stay undetected: silently collect data from the company network and use only resources he is authorised to access. To deal with such cases, a Poisson-based anomaly detection algorithm is proposed in this paper. Two extra measures make it possible to achieve high detection rates and meanwhile reduce number of false positive alerts: (1) checking probability first for the group, and then for single users and (2) selecting threshold automatically. To prove the proposed approach, we developed a special simulation testbed that emulates user behaviour in the virtual network environment. The proof-of-concept implementation has been integrated into our prototype of a SIEM system — Real-time Event Analysis and Monitoring System, where the emulated Active Directory logs from Microsoft Windows domain are extracted and normalised into Object Log Format for further processing and anomaly detection. The experimental results show that our algorithm was able to detect all events related to malicious activity and produced zero false positive results. Forethought as the module for our self-developed SIEM system based on the SAP HANA in-memory database, our solution is capable of processing high volumes of data and shows high efficiency on experimental dataset.}, author = {Sapegin, Andrey and Amirkhanyan, Aragats and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {authentication intrusion_detection its user_behaviour anomaly_detection}, publisher = {Springer}, title = {Poisson-based Anomaly Detection for Identifying Malicious User Behaviour}, year = 2015 }
• Torkura, K.A., Meinel, C.: Towards Cloud-Aware Vulnerability Assessments. Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015). IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.
  @inproceedings{2015_Torkura_SITIS, abstract = {Vulnerability assessments are best practices for computer security and requirements for regulatory compliance. Potential and existing security holes can be identified during vulnerability assessments and security breaches could be averted. However, the unique nature of cloud computing environments requires more dynamic assessment techniques. The proliferation of cloud services and cloud-aware applications introduce more cloud vulnerabilities. But, current measures for identification, mitigation and prevention of cloud vulnerabilities do not suffice. Our investigations indicate a possible reason for this inefficiency to lapses in availability of precise, cloud vulnerability information. We observed also that most research efforts in the context of cloud vulnerability concentrate on IaaS, leaving other cloud models largely unattended. Similarly, most cloud assessment efforts tackle general cloud vulnerabilities rather than cloud specific vulnerabilities. Yet, mitigating cloud specific vulnerabilities is important for cloud security. Hence, this paper proposes a new approach that addresses the mentioned issues by monitoring, acquiring and adapting publicly available cloud vulnerability information for effective vulnerability assessments. We correlate vulnerability information from public vulnerability databases and develop Network Vulnerability Tests for specific cloud vulnerabilities. We have implemented, evaluated and verified the suitability of our approach.}, author = {Torkura, Kennedy A and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS2015)}, keywords = {its}, publisher = {IEEE}, title = {Towards Cloud-Aware Vulnerability Assessments}, year = 2015 }
• Gawron, M., Cheng, F., Meinel, C.: Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 229-236. ACM Press (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.
  @inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {Vulnerability_Analysis Security_Analytics its Attack_Graph Network_Security Vulnerability_Detection}, pages = {229-236}, publisher = {ACM Press}, title = {Automatic Vulnerability Detection for Weakness Visualization and Advisory Creation}, year = 2015 }
• Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP'15). pp. 237-248. Springer Internation Publishing (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
  @inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, pages = {237-248}, publisher = {Springer Internation Publishing}, series = {Lecture Notes in Computer Science}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, volume = 9311, year = 2015 }
• Amirkhanyan, A., Sapegin, A., Cheng, F., Meinel, C.: Simulation User Behavior on A Security Testbed Using User Behavior States Graph. Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15). pp. 217-223. ACM Press (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.
  @inproceedings{2015_Amirkhanyan_SIN, abstract = {For testing new methods of network security or new algorithms of security analytics, we need the experimental environments as well as the testing data which are much as possible similar to the real-world data. Therefore, the researchers are always trying to find the best approaches and recommendations of creating and simulating testbeds, because the issue of automation of the testbed creation is a crucial goal to accelerate research progress. One of the ways to generate data is simulate the user behavior on the virtual machines, but the challenge is how to describe what we want to simulate. In this paper, we present a new approach of describing user behavior for the simulation tool. This approach meets requirements of simplicity and extensibility. And it could be used for generating user behavior scenarios to simulate them on Windows-family virtual machines. The proposed approached is applied to our developed simulation tool that we use for solving a problem of the lack of data for research in network security and security analytics areas by generating log dataset that could be used for testing new methods of network security and new algorithms of security analytics.}, author = {Amirkhanyan, Aragats and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)}, keywords = {its simulation_tool data user_behavior testbed security_analytics network_security}, pages = {217-223}, publisher = {ACM Press}, title = {Simulation User Behavior on A Security Testbed Using User Behavior States Graph}, year = 2015 }
• Azodi, A., Gawron, M., Sapegin, A., Cheng, F., Meinel., C.: Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes. Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15). Springer (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.
  @inproceedings{Amir2015a, abstract = {Modern machine learning techniques have been applied to many aspects of network analytics in order to discover patterns that can clarify or better demonstrate the behavior of users and systems within a given network. Often the information to be processed has to be converted to a different type in order for machine learning algorithms to be able to process them. To accurately process the information generated by systems within a network, the true intention and meaning behind the information must be observed. In this paper we propose different approaches for mapping network information such as IP addresses to integer values that attempts to keep the relation present in the original format of the information intact. With one exception, all of the proposed mappings result in (at most) 64 bit long outputs in order to allow atomic operations using CPUs with 64 bit registers. The mapping output size is restricted in the interest of performance. Additionally we demonstrate the benefits of the new mappings for one specific machine learning algorithm (k-means) and compare the algorithm's results for datasets with and without the proposed transformations.}, author = {Azodi, Amir and Gawron, Marian and Sapegin, Andrey and Cheng, Feng and Meinel., Christoph}, booktitle = {Proceedings of the International Conference on Mobile, Secure and Programmable Networking (MSPN'15)}, keywords = {Traffic_Classification Machine_Learning its Event_Normalization Network_Monitoring}, publisher = {Springer}, title = {Leveraging Event Structure for Adaptive Machine Learning on Big Data Landscapes.}, year = 2015 }
• Torkura, K.A., Cheng, F., Meinel, C.: Application of Quantitative Security Metrics In Cloud Computing. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.
  @inproceedings{2015_Torkura_ICITST, abstract = {Security issues are still prevalent in cloud computing particularly public cloud. Efforts by Cloud Service Providers to secure out-sourced resources are not sufficient to gain trust from customers. Service Level Agreements (SLAs) are currently used to guarantee security and privacy, however research into SLAs monitoring suggests levels of dissatisfaction from cloud users. Accordingly, enterprises favor private clouds such as OpenStack as they offer more control and security visibility. However, private clouds do not provide absolute security, they share some security challenges with public clouds and eliminate other challenges. Security metrics based approaches such as quantitative security assessments could be adopted to quantify security value of private and public clouds. Software quantitative security assessments provide extensive visibility into security postures and help assess whether or not security has improved or deteriorated. In this paper we focus on private cloud security using OpenStack as a case study, we conduct a quantitative assessment of OpenStack based on empirical data. Our analysis is multi-faceted, covering OpenStack major releases and services. We employ security metrics to determine the vulnerability density, vulnerability severity metrics and patching behavior. We show that OpenStack’s security has improved since inception, however concerted efforts are imperative for secure deployments, particularly in production environments.}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {Application of Quantitative Security Metrics In Cloud Computing}, year = 2015 }
• Sapegin, A., Gawron, M., Jaeger, D., Cheng, F., Meinel, C.: High-speed Security Analytics Powered by In-memory Machine Learning Engine. Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015). pp. 74 - 81. IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.
  @inproceedings{Andrey2015a, abstract = {Modern Security Information and Event Management systems should be capable to store and process high amount of events or log messages in different formats and from different sources. This requirement often prevents such systems from usage of computational-heavy algorithms for security analysis. To deal with this issue, we built our system based on an in-memory data base with an integrated machine learning library, namely SAP HANA. Three approaches, i.e. (1) deep normalisation of log messages (2) storing data in the main memory and (3) running data analysis directly in the database, allow us to increase processing speed in such a way, that machine learning analysis of security events becomes possible nearly in real-time. To prove our concepts, we measured the processing speed for the developed system on the data generated using Active Directory tested and showed the efficiency of our approach for high-speed analysis of security events.}, author = {Sapegin, Andrey and Gawron, Marian and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 14th International Symposium on Parallel and Distributed Computing (ISPDC 2015)}, keywords = {its}, pages = {74 - 81}, publisher = {IEEE}, title = {High-speed Security Analytics Powered by In-memory Machine Learning Engine}, year = 2015 }
• Jaeger, D., Azodi, A., Cheng, F., Meinel, C.: Normalizing Security Events with a Hierarchical Knowledge Base. Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP'15) (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.
  @inproceedings{David2015a, abstract = {An important technique for attack detection in complex company networks is the analysis of log data from various network components. As networks are growing, the number of produced log events increases dramatically, sometimes even to multiple billion events per day. The analysis of such big data highly relies on a full normalization of the log data in realtime. Until now, the important issue of full normalization of a large number of log events is only insufficiently handled by many software solutions and not well covered in existing research work. In this paper, we propose and evaluate multiple approaches for handling the normalization of a large number of typical logs better and more efficient. The main idea is to organize the normalization in multiple levels by using a hierarchical knowledge base (KB) of normalization rules. In the end, we achieve a performance gain of about 1000x with our presented approaches, in comparison to a naive approach typically used in existing normalization solutions. Considering this improvement, big log data can now be handled much faster and can be used to find and mitigate attacks in realtime.}, author = {Jaeger, David and Azodi, Amir and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th WISTP International Conference on Information Security Theory and Practice (WISTP'15)}, keywords = {normalization its knowledge_base event_logs network_security}, title = {Normalizing Security Events with a Hierarchical Knowledge Base}, year = 2015 }
• Gawron, M., Cheng, F., Meinel, C.: Automatic Detection of Vulnerabilities for Advanced Security Analytics. Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15). pp. 471-474. IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.
  @inproceedings{Marian2015a, abstract = {The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each vulnerability. Thus an automated analytical function could detect security leaks on a target system based on this logical format. With this method it is possible to scan a system without much expertise, since the automated or computer-aided vulnerability detection does not require special knowledge about the target system. The gathered information is used to provide security advisories and enhanced diagnostics which could also detect attacks that exploit multiple vulnerabilities of the system.}, author = {Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS’15)}, keywords = {its}, pages = {471-474}, publisher = {IEEE}, title = {Automatic Detection of Vulnerabilities for Advanced Security Analytics}, year = 2015 }
• Torkura, K.A., Cheng, F., Meinel, C.: A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments. Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015). IEEE (2015).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks
  @inproceedings{2015_Torkura_ICITST, abstract = {Vulnerability scanners are deployed in computer networks and software to timely identify security flaws and misconfigurations. However, cloud computing has introduced new attack vectors that requires commensurate change of vulnerability assessment strategies. To investigate the effectiveness of these scanners in cloud environments, we first conduct a quantitative security assessment of OpenStack’s vulnerability lifecycle and discover severe risk levels resulting from prolonged patch release duration. More specifically, there are long time lags between OpenStack patch releases and patch inclusion in vulnerability scanning engines. This scenario introduces sufficient time for malicious actions and creation of exploits such as zero-days. Mitigating these concern requires systems with current knowledge on events within the vulnerability lifecycle. However, current vulnerability scanners are designed to depend on information about publicly announced vulnerabilities which mostly includes only vulnerability disclosure dates. Accordingly, we propose a framework that would mitigate these risks by gathering and correlating information from several security information sources including exploit databases, malware signature repositories and Bug Tracking Systems. The information is thereafter used to automatically generate plugins armed with current information about zero-day exploits and unknown vulnerabilities. We have characterized two new security metrics to describe the discovered risks}, author = {Torkura, Kennedy A and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST2015)}, keywords = {its}, publisher = {IEEE}, title = {A Proposed Framework For Proactive Vulnerability Assessments in Cloud Deployments}, year = 2015 }
• Ussath, M., Cheng, F., Meinel, C.: Concept for a Security Investigation Framework. Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15) (2015).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{Martin2015a, author = {Ussath, Martin and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th IFIP International Conference on New Technologies, Mobility, and Security (NTMS’15)}, keywords = {its}, title = {Concept for a Security Investigation Framework}, year = 2015 }
• Krentz, K.-F., Meinel, C.: Handling Reboots and Mobility in 802.15.4 Security. Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015). ACM, Los Angeles, CA, USA (2015).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2015_Krentz_ACSAC, address = {Los Angeles, CA, USA}, author = {Krentz, Konrad-Felix and Meinel, Christoph}, booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015)}, keywords = {its}, publisher = {ACM}, title = {Handling Reboots and Mobility in 802.15.4 Security}, year = 2015 }

2014 [ nach oben ]

• Fleischhacker, N., Manulis, M., Azodi, A.: A Framework for Multi-Factor Authentication and Key Exchange. In Proceedings of the the 1st International Conference on Research in Security Standardisation (SSR 2014). Springer, London, UK (2014).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2014_AZODI_SSR, address = {London, UK}, author = {Fleischhacker, Nils and Manulis, Mark and Azodi, Amir}, booktitle = {In Proceedings of the the 1st International Conference on Research in Security Standardisation (SSR 2014)}, keywords = {its}, month = 12, publisher = {Springer}, series = {Lecture Notes in Computer Science (LNCS)}, title = {A Framework for Multi-Factor Authentication and Key Exchange}, year = 2014 }
• Jaeger, D., Graupner, H., Sapegin, A., Cheng, F., Meinel, C.: Gathering and Analyzing Identity Leaks for Security Awareness. Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014). Springer, Trondheim, Norway (2014).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.
  @inproceedings{2014_Jaeger_PASSWORDS, abstract = {The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are a�ected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.}, address = {Trondheim, Norway}, author = {Jaeger, David and Graupner, Hendrik and Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Passwords (PASSWORDS 2014)}, institution = {Hasso-Plattner-Institute}, keywords = {identity_leak password its data_breach security_awareness}, month = 12, publisher = {Springer}, series = {Lecture Notes for Computer Science (LNCS)}, title = {Gathering and Analyzing Identity Leaks for Security Awareness}, year = 2014 }
• Elsaid, M.E., Meinel, C.: Live Migration Impact on Virtual Datacenter Performance. Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014). pp. 216 - 221. IEEE Press, Barcelona, Spain (2014).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2014_Esam_FiCloud, address = {Barcelona, Spain}, author = {Elsaid, Mohamed Esam and Meinel, Christoph}, booktitle = {Proceedings of the 2nd International Conference on Future Internet of Things and Cloud (FiCloud 2014)}, keywords = {its}, month = 8, pages = {216 - 221}, publisher = {IEEE Press}, title = {Live Migration Impact on Virtual Datacenter Performance}, year = 2014 }
• Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines. In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014). IEEE Press, Beijing, China (2014).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2014_AZODI_ICITCS, address = {Beijing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {In Proceedings of the 4rd IEEE International Conference on IT Convergence and Security (ICITCS 2014)}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Runtime Updatable and Dynamic Event Processing using Embedded ECMAScript Engines}, year = 2014 }
• Sianipar, J., Saleh, E., Meinel, C.: Construction of Agent-Based Trust in Cloud Infrastructure. Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014. p. 941--946. IEEE Computer Society, London, United Kingdom (2014).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.
  @inproceedings{2014_Sianipar_UCC, abstract = {By design, the cloud system does not allow a cloud administrator to access the customer data in a virtual machine (VM) without customer's knowledge. However, a cloud administrator is able to modify the software/hardware configuration in a way that allow unauthorized access to the customer data. This is because the cloud administrator has full control of the cloud infrastructure. He is a super user in the cloud system and has physical access on the cloud infrastructure. We introduce the ABTiCI (Agent-Based Trust in Cloud Infrastructure) system to detect unauthorized access by verifying and monitoring the Integrity of cloud infrastructure security relevant parts. ABTiCI performs integrity verification at boot-time and at run-time. ABTiCI uses trusted boot with TPM (Trusted Platform Module) to perform integrity verification at boot-time. ABTiCI also monitors access to security relevant parts, such as hardware/software configuration, to be able to detect any changes at run-time. ABTiCI uses agents to do the integrity verification and to communicate between entities in the cloud infrastructure. ABTiCI informs the Certifier about the Dom0 address of the customer VMs (Virtual Machines) to be able to verify whether an integrity verification agent is installed and running in every Dom0.}, address = {London, United Kingdom}, author = {Sianipar, Johannes and Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 7th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2014, London, United Kingdom, December 8-11, 2014}, keywords = {its}, month = 12, pages = {941--946}, publisher = {IEEE Computer Society}, title = {Construction of Agent-Based Trust in Cloud Infrastructure}, year = 2014 }
• Saleh, E., Sianipar, J., Takouna, I., Meinel, C.: SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments. 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014. pp. 596-602. IEEE Computer Society, Bali, Indonesia (2014).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.
  @inproceedings{2014_Saleh_UIC-ATC-ScalCom, abstract = {Software-as-a-Service (SaaS) is emerging as a new software delivery model, where the application and its associated data are hosted in the cloud. Due to the nature of SaaS and the cloud in general, where the data and the computation are beyond the control of the user, data privacy and security becomes a vital factor in this new paradigm. In multi-tenant SaaS applications, the tenants (i.e., companies) become concerned about the confidentiality of their data since several tenants are consolidated onto a shared infrastructure (i.e., databases). Consequently, two main questions raise. First, how to prohibit a tenant from accessing other’s data? Second, how to avoid the security threats from co-located competing tenants? In this paper, we address the second question. We present SecPlace, a resource allocation model designed to increase the level of security for tenants sharing the same infrastructure. SecPlace avoids hosting competing companies on the same database instance. We minimize the risk of co-resident tenants by preventing any two tenants of the same business type to be hosted on the same database server. SecPlace utilizes the usage of tenant subscription data, such as business type and tenant size and place the tenant accordingly. We conduct extensive experiments to validate our approach. The results show that our approach is practical, achieves its goal, and have a moderate complexity.}, address = {Bali, Indonesia}, author = {Saleh, Eyad and Sianipar, Johannes and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, December 9-12, 2014}, keywords = {its}, month = 12, pages = {596-602}, publisher = {IEEE Computer Society}, title = {SecPlace: Security-Aware Placement Model for Multi-tenant SaaS Environments}, year = 2014 }

2013 [ nach oben ]

• Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Security Event Correlation Supported by Multi-Core Architecture. Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013). pp. 1-5. IEEE CS, Macau, China (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Cheng_ICITCS, address = {Macau, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE International Conference on IT Convergence and Security (ICITCS 2013)}, keywords = {its}, month = 12, pages = {1-5}, publisher = {IEEE CS}, title = {Security Event Correlation Supported by Multi-Core Architecture}, year = 2013 }
• Sapegin, A., Cheng, F., Meinel, C.: Catch the Spike: on the Locality of Individual BGP Update Bursts. Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013). pp. 78-83. IEEE CS, Dalian, China (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Sapegin_MSN, address = {Dalian, China}, author = {Sapegin, Andrey and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013)}, keywords = {its}, month = 12, pages = {78-83}, publisher = {IEEE CS}, title = {Catch the Spike: on the Locality of Individual BGP Update Bursts}, year = 2013 }
• Cheng, F., Azodi, A., Jaeger, D., Meinel, C.: Multi-Core Supported High Performance Security Analytics. Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013). IEEE CS, Chengdu, China (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Cheng_ScalCom, address = {Chengdu, China}, author = {Cheng, Feng and Azodi, Amir and Jaeger, David and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE International Conference on Scalable Computing and Communication (ScalCom 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Multi-Core Supported High Performance Security Analytics}, year = 2013 }
• Takouna, I., Dawoud, W., Sachs, K., Meinel, C.: A Robust Optimization for Proactive Energy Management in Virtualized Data Centers. Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013). pp. 323-326. ACM Press, Prague, Czech Republic (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Takouna_ICPE, address = {Prague, Czech Republic}, author = {Takouna, Ibrahim and Dawoud, Wesam and Sachs, Kai and Meinel, Christoph}, booktitle = {Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering(ICPE2013)}, keywords = {its}, month = 4, pages = {323-326}, publisher = {ACM Press}, title = {A Robust Optimization for Proactive Energy Management in Virtualized Data Centers}, year = 2013 }
• Schnjakin, M., Meinel, C.: The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds. Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013) (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Schnjakin_Sicherheit, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 13. Deutscher IT-Sicherheitskongress (Sicherheit2013)}, keywords = {its}, month = 5, title = {The State of Public Cloud Storage and Cloud-RAID: a Secure and Reliable Storage above the Clouds}, year = 2013 }
• Schnjakin, M., Korsch, D., Schoenberg, M., Meinel, C.: Implementation of a Secure and Reliable Storage Above the Untrusted Clouds. Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013). pp. 347 - 353. IEEE, Colombo (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Schnjakin_ICCSE, address = {Colombo}, author = {Schnjakin, Maxim and Korsch, Dimitri and Schoenberg, Martin and Meinel, Christoph}, booktitle = {Proceedings of 8th International Conference on Computer Science and Education (ICCSE 2013)}, keywords = {its}, month = 4, pages = {347 - 353}, publisher = {IEEE}, title = {Implementation of a Secure and Reliable Storage Above the Untrusted Clouds}, year = 2013 }
• Schnjakin, M., Meinel, C.: Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013). pp. 1-9. IEEE, Nassau, Bahamas (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Schnjakin_ICCCN, address = {Nassau, Bahamas}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 22nd International Conference on Computer Communications and Networks (ICCCN2013)}, keywords = {its}, month = 8, pages = {1-9}, publisher = {IEEE}, title = {Evaluation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, year = 2013 }
• Rafiee, H., Meinel, C.: A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration. Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013). pp. 165 - 172. IEEE Press, MA, USA (2013).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.
  @inproceedings{2013_Rafiee_NCA, abstract = {The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction SIGnature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the StateLess Address AutoConfiguration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.}, address = {MA, USA}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Symposium on Network Computing and Applications (NCA2013)}, keywords = {IPv6_autoconfiguration DNS_update Resolver_authentication its NDP CGA-TSIG DNS TSIG CGA}, month = 8, pages = {165 - 172}, publisher = {IEEE Press}, title = {A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration}, year = 2013 }
• Schnjakin, M., Metzke, T., Meinel, C.: Applying Erasure Codes for Fault Tolerance in Cloud-RAID. Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013). IEEE, Sydney, Australia (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Schnjakin_CSE, address = {Sydney, Australia}, author = {Schnjakin, Maxim and Metzke, Tobias and Meinel, Christoph}, booktitle = {Proceedings of 16th IEEE International Conference on Computational Science and Engineering (CSE2013)}, keywords = {its}, month = 12, publisher = {IEEE}, title = {Applying Erasure Codes for Fault Tolerance in Cloud-RAID}, year = 2013 }
• Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems. Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013). IEEE CS, Chengdu, China (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Azodi_DASC, address = {Chengdu, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {A New Approach to Building a Multi-Tier Direct Access Knowledgebase For IDS/SIEM Systems}, year = 2013 }
• Rafiee, H., Meinel, C.: Privacy and Security in IPv6 Networks: Challenges and Possible Solutions. ACM. ACM press, Aksaray, Turkey (2013).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.
  @inproceedings{2013_Rafiee_SIN_1, abstract = {Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some de�ciencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deciencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, journal = {ACM}, keywords = {IID_generation lifetime_of_IID its privacy Privacy_model_in_network_layer}, month = 11, publisher = {ACM press}, title = {Privacy and Security in IPv6 Networks: Challenges and Possible Solutions}, year = 2013 }
• Krentz, K.-F., Rafiee, H., Meinel, C.: 6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer. Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013). ACM, Zurich, Switzerland (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Krentz_ASPI, address = {Zurich, Switzerland}, author = {Krentz, Konrad-Felix and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 1st ACM International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013)}, keywords = {its}, month = 9, publisher = {ACM}, title = {6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer}, year = 2013 }
• Azodi, A., Jaeger, D., Cheng, F., Meinel, C.: Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems. Proceedings of the 1st International Conference on Advanced Cloud and Big Data. IEEE CS, Nanjing, China (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Azodi_CBD, address = {Nanjing, China}, author = {Azodi, Amir and Jaeger, David and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Conference on Advanced Cloud and Big Data}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems}, year = 2013 }
• Saleh, E., Takouna, I., Meinel, C.: SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments. Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013). pp. 213 - 218. IEEE Press, Mysore, India (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Saleh_ICACCI, address = {Mysore, India}, author = {Saleh, Eyad and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI2013)}, keywords = {its}, month = 8, pages = {213 - 218}, publisher = {IEEE Press}, title = {SignedQuery: Protecting Users Data in Multi-tenant SaaS Environments}, year = 2013 }
• Rafiee, H., von Löwis, M., Meinel, C.: DNS Update Extension to IPv6 Secure Addressing. Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013). pp. 896-902. IEEE CS, Barcelona, Spain (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Rafiee_FINA, address = {Barcelona, Spain}, author = {Rafiee, Hosnieh and von Löwis, Martin and Meinel, Christoph}, booktitle = {Proceedings of the Ninth International Symposium on Frontiers of Information Systems and Network Applications (FINA2013)}, keywords = {SEND_extension SEND DNS_update its DNS_authentication}, month = 3, pages = {896-902}, publisher = {IEEE CS}, title = {DNS Update Extension to IPv6 Secure Addressing}, year = 2013 }
• Saleh, E., Meinel, C.: HPISecure: Towards Data Confidentiality in Cloud Applications. Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013). pp. 605-609. IEEE CS, Delft, Netherlands (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Saleh_CCGrid, address = {Delft, Netherlands}, author = {Saleh, Eyad and Meinel, Christoph}, booktitle = {Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid2013)}, keywords = {its}, month = 5, pages = {605-609}, publisher = {IEEE CS}, title = {HPISecure: Towards Data Confidentiality in Cloud Applications}, year = 2013 }
• Schnjakin, M., Meinel, C.: Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds. Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013). pp. 91-102. Springer, Seoul, Korea (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2013_Schnjakin_GPC, address = {Seoul, Korea}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 8th International Conference on Grid and Pervasive Computing (GPC2013)}, keywords = {its}, month = 5, pages = {91-102}, publisher = {Springer}, series = {LNCS}, title = {Implementation of Cloud-RAID: A Secure and Reliable Storage above the Clouds}, volume = 7861, year = 2013 }
• Sapegin, A., Jaeger, D., Azodi, A., Gawron, M., Cheng, F., Meinel, C.: Hierarchical Object Log Format for Normalisation of Security Events. Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). IEEE CS, Tunis, Tunisia (2013).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2013_Sapegin_IAS, address = {Tunis, Tunisia}, author = {Sapegin, Andrey and Jaeger, David and Azodi, Amir and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013)}, keywords = {its}, month = 12, publisher = {IEEE CS}, title = {Hierarchical Object Log Format for Normalisation of Security Events}, year = 2013 }
• Rafiee, H., Mueller, C., Niemeier, L., Streek, J., Sterz, C., Meinel, C.: A Flexible Framework For Detecting IPv6 Vulnerabilities. Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013). ACM Press, Aksaray, Turkey (2013).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ Details ]
   
  Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.
  @inproceedings{2013_Rafiee_SIN_2, abstract = {Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which con�dential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will �nd the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [5], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.}, address = {Aksaray, Turkey}, author = {Rafiee, Hosnieh and Mueller, Christoph and Niemeier, Lukas and Streek, Jannik and Sterz, Christoph and Meinel, Christoph}, booktitle = {Proceedings of The 6th International Conference on Security of Information and Networks (SIN 2013)}, keywords = {Penetration_test Security IPv6 its DNSSEC Fuzzier_approach Attacks NSEC3 Privacy Zone_walking}, month = 11, publisher = {ACM Press}, title = {A Flexible Framework For Detecting IPv6 Vulnerabilities}, year = 2013 }

2012 [ nach oben ]

• Takouna, I., Dawoud, W., Meinel, C.: Analysis and Simulation of HPC Applications in Virtualized Data Centers. Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012). IEEE Press, Besançon, France (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Takouna_GreenCom, address = {Besançon, France}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom 2012)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Analysis and Simulation of HPC Applications in Virtualized Data Centers}, year = 2012 }
• Alnemr, R., Meinel, C.: Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions. The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012). IEEE (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Alnemr_TrustCol, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {The 7th IEEE International Workshop on Trusted Collaboration (TrustCol 2012)}, chapter = {TRUSTCOL}, howpublished = {In the 7th IEEE International Workshop on Trusted Collaboration}, keywords = {its}, month = 10, publisher = {IEEE}, series = {7th IEEE International Workshop on Trusted Collaboration}, title = {Reputation Objects for Interoperable Reputation Exchange: Implementation and Design Decisions}, year = 2012 }
• Neuhaus, C., Alnemr, R., Kessler, L., Schlegel, F., Polze, A.: InstantLab 2.0- A Platform for Operating System Experiments on Public Cloud Infrastructure. Presented at the (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Neuhaus_CloudFuture, author = {Neuhaus, Christian and Alnemr, Rehab and Kessler, Lysann and Schlegel, Frank and Polze, Andreas}, howpublished = {In the CloudFuture Workshop, Berkeley, US.}, keywords = {its}, month = 5, title = {InstantLab 2.0- A Platform for Operating System Experiments on Public Cloud Infrastructure}, year = 2012 }
• AlSa’deh, A., Rafiee, H., Meinel, C.: Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches. Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12). IEEE CS Press, Chengdu, Sichuan, China (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_AlSadeh_CIT, address = {Chengdu, Sichuan, China}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12)}, keywords = {its}, month = 10, publisher = {IEEE CS Press}, title = {Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches}, year = 2012 }
• Arulogun, T., Meinel, C., Emuoyibofarhe, J.: IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH , Ogbomoso (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012b_Arulogun_ICOMeS, address = {LAUTECH , Ogbomoso}, author = {Arulogun, Tayo and Meinel, Christoph and Emuoyibofarhe, Justice}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System}, year = 2012 }
• Willems, C., Meinel, C.: Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab. Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012). IEEE Press, Marrakesh, Morocco (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Willems_EDUCON, address = {Marrakesh, Morocco}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 3rd IEEE Global Engineering Education Conference (EDUCON 2012)}, keywords = {its}, publisher = {IEEE Press}, title = {Online Assessment for Hands-On Cybersecurity Training in a Virtual Lab}, year = 2012 }
• AlSa’deh, A., Rafiee, H., Meinel, C.: Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE CS Press, Bali, Indonesia (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_AlSadeh_ICOIN, address = {Bali, Indonesia}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE CS Press}, title = {Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses}, year = 2012 }
• Dawoud, W., Takouna, I., Meinel, C.: Increasing Spot Instances Reliability using Dynamic Scalability. IEEE Fifth International Conference on Cloud Computing (CLOUD 2012). pp. 959-961. IEEE CS Press, Honolulu, Hawaii, USA (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2012_Dawoud_CLOUD, address = {Honolulu, Hawaii, USA}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {IEEE Fifth International Conference on Cloud Computing (CLOUD 2012)}, keywords = {its}, month = 6, pages = {959-961}, publisher = {IEEE CS Press}, title = {Increasing Spot Instances Reliability using Dynamic Scalability}, year = 2012 }
• Dawoud, W., Takouna, I., Meinel, C.: Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling. Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012). , Taiwan, China (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Dawoud_CloudCom, address = {Taiwan, China}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012)}, keywords = {its}, month = 12, title = {Dynamic Scalability and Contention Prediction in Public Infrastructure using Internet Application Profiling}, year = 2012 }
• AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability. Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012). Springer, Montreal, QC, Canada (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_AlSadeh_FPS, address = {Montreal, QC, Canada}, author = {AlSa’deh, Ahmad and Rafiee, Hosnieh and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Symposium on Foundations & Practice of Security (FPS 2012)}, keywords = {its}, month = 10, publisher = {Springer}, series = {Lecture Notes in Computer Science (LNCS)}, title = {IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability.}, year = 2012 }
• Arulogun, T., AlSa’deh, A., Meinel, C.: IPv6 Private Networks: Security Consideration and recommendation. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS). , LAUTECH, Ogbomoso (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012a_Arulogun_ICOMeS, address = {LAUTECH, Ogbomoso}, author = {Arulogun, Tayo and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS)}, keywords = {its}, month = 10, title = {IPv6 Private Networks: Security Consideration and recommendation}, volume = 4, year = 2012 }
• Dawoud, W., Takouna, I., Meinel, C.: Reliable Approach to Sell the Spare Capacity in the Cloud. Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012). pp. 229-236. , Nice, France (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Dawoud_IARIA, address = {Nice, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012)}, keywords = {its}, month = 7, pages = {229-236}, title = {Reliable Approach to Sell the Spare Capacity in the Cloud}, year = 2012 }
• Rafiee, H., AlSa'deh, A., Meinel, C.: Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems. Proceedings of the 26th International Conference on Information Networking (ICOIN 2012). IEEE Press, Bali, Indonesia (2012).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2012_Rafiee_ICOIN, address = {Bali, Indonesia}, author = {Rafiee, Hosnieh and AlSa'deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 26th International Conference on Information Networking (ICOIN 2012)}, keywords = {its}, month = 2, publisher = {IEEE Press}, title = {Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems}, year = 2012 }

2011 [ nach oben ]

• Streibel, O., Alnemr, R.: Trend-based and Reputation-Versed Personalized News Network. Proceedings of the 3rd International Workshop on Search and Mining User-generated Contents (SMUC 2011), in conjunction with 20th ACM Conference on Information and Knowledge Management (CIKM 2011). ACM Press, Glasgow, UK (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Alnemr_SMUC, address = {Glasgow, UK}, author = {Streibel, Olga and Alnemr, Rehab}, booktitle = {Proceedings of the 3rd International Workshop on Search and Mining User-generated Contents (SMUC 2011), in conjunction with 20th ACM Conference on Information and Knowledge Management (CIKM 2011)}, keywords = {its}, month = 10, publisher = {ACM Press}, title = {Trend-based and Reputation-Versed Personalized News Network}, year = 2011 }
• Takouna, I., Dawoud, W., Meinel, C.: Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning. Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011). p. 4:1--4:6. , Lisboa, Portugal (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Takouna_GCM, address = {Lisboa, Portugal}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of 2nd International Workshop on Green Computing Middleware (GCM 2011) In conjunction with the 12th ACM/IFIP/USENIX International Middleware Conference (Middleware 2011)}, keywords = {its}, month = 12, pages = {4:1--4:6}, title = {Dynamic Configuration of Virtual Machine for Power-proportional Resource Provisioning}, year = 2011 }
• Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Cloud Resources Provisioning Optimization. Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011). pp. 431-445. Springer, Kochi, India (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Dawoud_ACC, address = {Kochi, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the First International Conference on Advances in Computing and Communications (ACC 2011)}, keywords = {its}, month = 7, pages = {431-445}, publisher = {Springer}, series = {CCIS}, title = {Elastic VM for Cloud Resources Provisioning Optimization}, volume = 190, year = 2011 }
• Roschke, S., Cheng, F., Meinel, C.: BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes. Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011). pp. 399-406. IEEE Press, Dublin, Ireland (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Roschke_IM, address = {Dublin, Ireland}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011)}, keywords = {its}, month = 5, pages = {399-406}, publisher = {IEEE Press}, title = {BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes}, year = 2011 }
• Dawoud, W., Takouna, I., Meinel, C.: Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning. Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011). Springer, Tamil Nadu, India (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Dawoud_Obcom, address = {Tamil Nadu, India}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Recent Trends of Computing, Communication & Information Technologies (ObCom 2011)}, keywords = {its}, month = 12, number = {0269}, publisher = {Springer}, series = {CCIS}, title = {Elastic Virtual Machine for Fine-grained Cloud Resource Provisioning}, year = 2011 }
• Thomas, I., Meinel, C.: An Attribute Assurance Framework to Define and Match Trust in Identity Attributes. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 580-587. IEEE Computer Society, Washington DC, USA (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Thomas_ICWS, address = {Washington DC, USA}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {580-587}, publisher = {IEEE Computer Society}, title = {An Attribute Assurance Framework to Define and Match Trust in Identity Attributes}, year = 2011 }
• Willems, C., Meinel, C.: Practical Network Security Teaching in an Online Virtual Laboratory. Proceedings of the 2011 International Conference on Security & Management (SAM 2011). CSREA Press, Las Vegas, Nevada, USA (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Willems_SAM, address = {Las Vegas, Nevada, USA}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Security & Management (SAM 2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Practical Network Security Teaching in an Online Virtual Laboratory}, year = 2011 }
• Cheng, F., Roschke, S., Meinel, C.: An Integrated Network Scanning Tool for Attack Graph Construction. Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011). pp. 138-147. Springer, Oulu, Finland (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Cheng_GPC, address = {Oulu, Finland}, author = {Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Advances in Grid and Pervasive Computing (GPC 2011)}, keywords = {its}, month = 5, number = 6646, pages = {138-147}, publisher = {Springer}, series = {LNCS}, title = {An Integrated Network Scanning Tool for Attack Graph Construction}, year = 2011 }
• AlSa'deh, A., Cheng, F., Roschke, S., Meinel, C.: IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security. Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011). pp. 1-6. IEEE Press, Paris, France (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_AISadeh_NTMS, address = {Paris, France}, author = {AlSa'deh, Ahmad and Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Seurity (NTMS 2011)}, keywords = {its}, month = 2, pages = {1-6}, publisher = {IEEE Press}, title = {IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security}, year = 2011 }
• Roschke, S., Cheng, F., Meinel, C.: A New Correlation Algorithm based on Attack Graph. Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011). pp. 58-67. Springer, Torremolinos, Spain (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Roschke_CISIS, address = {Torremolinos, Spain}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2011)}, keywords = {its}, month = 6, pages = {58-67}, publisher = {Springer}, series = {LNCS}, title = {A New Correlation Algorithm based on Attack Graph}, volume = 6694, year = 2011 }
• Dawoud, W., Takouna, I., Meinel, C.: Elastic VM for Rapid and Optimum Virtualized Resources Allocation. Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011). pp. 1-4. IEEE Press, Paris, France (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Dawoud_SVM, address = {Paris, France}, author = {Dawoud, Wesam and Takouna, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 5th International DMTF Academic Alliance Workshop On Systems and Virtualization Management (SVM 2011)}, keywords = {its}, month = 10, pages = {1-4}, publisher = {IEEE Press}, title = {Elastic VM for Rapid and Optimum Virtualized Resources Allocation}, year = 2011 }
• Thomas, I., Warschofsky, R., Meinel, C.: Whom to trust? – Generating WS-Security Policies based on Assurance Information. Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011). pp. 65-72. IEEE Computer Society, Lugano, Switzerland (2011).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.
  @inproceedings{2011_Thomas_ECOWS, abstract = {As input for authorization decisions as well as to offer personalized services, service providers often require information about their users' identity attributes. In open identity management systems, these identity attributes are not necessarily managed by the service providers themselves, but independent identity providers. Users might be required to aggregate identity attributes from multiple identity providers in order to meet a service's needs. On the other hand service providers might also have certain requirements concerning the confidence into these attributes and face the problem of choosing one among multiple identity providers that can possibly assert the same attributes, but with different trust qualities. In this paper, we present an architecture to generate service policies using assurance information about available identity providers. Our logic-based attribute assurance library, called IdentityTrust, allows the configuration of a knowledge base reflecting a service provider's knowledge about remote identity providers. Service providers can state their trust requirements concerning technical and organizational details of identity providers and their ability to assert identity attributes. A reasoning engine finds suitable (combinations of) identity providers, which serve as input for our policy framework that generates corresponding policies using the WS-Security policy format.}, address = {Lugano, Switzerland}, author = {Thomas, Ivonne and Warschofsky, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 9th IEEE European Conference on Web Services (ECOWS 2011)}, keywords = {its}, month = 9, pages = {65-72}, publisher = {IEEE Computer Society}, title = {Whom to trust? – Generating WS-Security Policies based on Assurance Information}, year = 2011 }
• Alnemr, R., Meinel, C.: From Reputation Models and Systems to Reputation Ontologies. Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011). pp. 98-116. Springer, Copenhagen, Denmark (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Alnemr_IFIPTM, address = {Copenhagen, Denmark}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 5th IFIP International Conference on Trust Management(IFIPTM 2011)}, keywords = {its}, month = 7, pages = {98-116}, publisher = {Springer}, series = {IFIP}, title = {From Reputation Models and Systems to Reputation Ontologies}, volume = 358, year = 2011 }
• Takouna, I., Dawoud, W., Meinel, C.: Accurate Multicore Processor Power Models for Power-Aware Resource Management. Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011). pp. 419-426. IEEE Press, Sydney, Australia (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Takouna_CGC, address = {Sydney, Australia}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the 2011 International Conference on Cloud and Green Computing (CGC 2011)}, keywords = {its}, month = 12, pages = {419-426}, publisher = {IEEE Press}, title = {Accurate Multicore Processor Power Models for Power-Aware Resource Management}, year = 2011 }
• Alnemr, R., Schnjakin, M., Meinel, C.: Towards Context-aware Service-oriented Semantic Reputation Framework. Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011). IEEE Press (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011-Alnemr-TrustCom, author = {Alnemr, Rehab and Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011)}, keywords = {its}, month = 11, publisher = {IEEE Press}, title = {Towards Context-aware Service-oriented Semantic Reputation Framework}, year = 2011 }
• Takouna, I., Dawoud, W., Meinel, C.: Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems. Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011). CSREA Press, Las Vegas, Nevada, USA (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Takouna_PDPTA, address = {Las Vegas, Nevada, USA}, author = {Takouna, Ibrahim and Dawoud, Wesam and Meinel, Christoph}, booktitle = {Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA2011)}, keywords = {its}, month = 7, publisher = {CSREA Press}, title = {Efficient Virtual Machine Scheduling-policy for Virtualized heterogeneous Multicore Systems}, year = 2011 }
• Warschofsky, R., Menzel, M., Meinel, C.: Automated Security Service Orchestration for the Identity Management in Web Service based Systems. Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011). pp. 596-603. IEEE Computer Science, Washington DC, USA (2011).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.
  @inproceedings{2011_Warschofsky_ICWS, abstract = {Today, there is a huge amount of security services that can be used to implement different security requirements in Web Service based systems. For example, identity management services are required for authentication and authorization whereas message logging services are necessary to achieve non-repudiation. However, the deployment and configuration of these security services usually requires expert knowledge about the systems and expert knowledge about security requirements and implementations which a person can only learn by experience. Furthermore, today's Web Service based systems become increasingly complex. Thus, implementing security requirements is a complex and error prone task, even for experts. For this paper, we analysed several service-based implementations for identity management and their differences in the service orchestration. We present an approach to derive the needed security services, their configuration, and their connections to the functional services, based on defined security requirements for a Web Service based system. Therefore, we evaluate the UML use case model of the system and apply service security pattern derived during the analysis of the identity management implementations.}, address = {Washington DC, USA}, author = {Warschofsky, Robert and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011)}, howpublished = {Industry Track Paper}, keywords = {its}, month = 7, pages = {596-603}, publisher = {IEEE Computer Science}, title = {Automated Security Service Orchestration for the Identity Management in Web Service based Systems}, year = 2011 }
• Willems, C., Klingbeil, T., Radvilavicius, L., Cenys, A., Meinel, C.: A Distributed Virtual Laboratory Architecture for Cybersecurity Training. Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011). IEEE Press, Abu Dhabi, UAE (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Willems_ICITST, address = {Abu Dhabi, UAE}, author = {Willems, Christian and Klingbeil, Thomas and Radvilavicius, Lukas and Cenys, Antanas and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {A Distributed Virtual Laboratory Architecture for Cybersecurity Training}, year = 2011 }
• AlSa'deh, A., Cheng, F., Meinel, C.: CS-CGA: Compact and More Secure CGA. Proceedings of the 17th IEEE International Conference on Networks (ICON 2011). IEEE Press, Singapore (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_AlSadeh_ICON, address = {Singapore}, author = {AlSa'deh, Ahmad and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 17th IEEE International Conference on Networks (ICON 2011)}, keywords = {its}, month = 12, publisher = {IEEE Press}, title = {CS-CGA: Compact and More Secure CGA}, year = 2011 }
• Alnemr, R., Meinel, C.: Why Rating is not Enough: A Study on Online Reputation Systems. Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011). IEEE Press, Orlando, Florida, USA (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Alnemr_CCSocialComp, address = {Orlando, Florida, USA}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 2011, Collaborative Communities for Social Computing Workshop (CCSocialComp 2011), in conjunction with the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011)}, howpublished = {Workshop Paper}, keywords = {its}, month = 10, publisher = {IEEE Press}, title = {Why Rating is not Enough: A Study on Online Reputation Systems}, year = 2011 }
• Schnjakin, M., Meinel, C.: Platform for a Secure Storage-Infrastructure in the Cloud. Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011). , Bonn, Germany (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2011_Schnjakin_Sicherheit, address = {Bonn, Germany}, author = {Schnjakin, Maxim and Meinel, Christoph}, booktitle = {Proceedings of the 12th Deutscher IT-Sicherheitskongress (Sicherheit 2011)}, keywords = {its}, month = 5, title = {Platform for a Secure Storage-Infrastructure in the Cloud}, year = 2011 }
• Rafiee, H., AlSa’deh, A., Meinel, C.: WinSEND: Windows SEcure Neighbor Discovery. Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011). pp. 243-246. ACM Press, Sydney, Australia (2011).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2011_Rafiee_SIN, address = {Sydney, Australia}, author = {Rafiee, Hosnieh and AlSa’deh, Ahmad and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Security of Information and Networks (SIN 2011)}, howpublished = {Short Paper}, keywords = {its}, month = 11, pages = {243-246}, publisher = {ACM Press}, title = {WinSEND: Windows SEcure Neighbor Discovery}, year = 2011 }

2010 [ nach oben ]

• Menzel, M., Warschofsky, R., Meinel, C.: A Pattern-driven Generation of Security Policies for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010). pp. 243-250. IEEE Computer Society, Miami, Florida, USA (2010).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.
  @inproceedings{2010_Menzel_ICWS, abstract = {Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-SecurityPolicy) that enable the negotiation of these requirements between clients and services. However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intentions to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Warschofsky, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010)}, keywords = {its}, month = 7, pages = {243-250}, publisher = {IEEE Computer Society}, title = {A Pattern-driven Generation of Security Policies for Service-oriented Architectures}, year = 2010 }
• Menzel, M., Meinel, C.: SecureSOA - Modelling Security Requirements for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010). pp. 146-153. IEEE Computer Society, Miami, Florida, USA (2010).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to realize this paradigm and support a variety of different security mechanisms and approaches. Security requirements are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the modelling of security requirements in system design models. This paper introduces our security design language SecureSOA that enables the definition of these security requirements. We present the abstract syntax and notion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the integration of SecureSOA in Fundamental Modelling Concept (FMC) Block Diagrams.
  @inproceedings{2010_Menzel_SCC, abstract = {Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to realize this paradigm and support a variety of different security mechanisms and approaches. Security requirements are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the modelling of security requirements in system design models. This paper introduces our security design language SecureSOA that enables the definition of these security requirements. We present the abstract syntax and notion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the integration of SecureSOA in Fundamental Modelling Concept (FMC) Block Diagrams.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010)}, keywords = {its}, month = 7, pages = {146-153}, publisher = {IEEE Computer Society}, title = {SecureSOA - Modelling Security Requirements for Service-oriented Architectures}, year = 2010 }
• Roschke, S., Willems, C., Meinel, C.: A Security Laboratory for CTF Scenarios and Teaching IDS. Proceedings of the 2nd IEEE International Conference on in: Education Technology and Computer (ICETC 2010). pp. 433-437. IEEE Press, Shanghai, China (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Roschke_ICETC, address = {Shanghai, China}, author = {Roschke, Sebastian and Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2nd IEEE International Conference on in: Education Technology and Computer (ICETC 2010)}, keywords = {its}, month = 6, pages = {433-437}, publisher = {IEEE Press}, title = {A Security Laboratory for CTF Scenarios and Teaching IDS}, year = 2010 }
• Dawoud, W., Takounah, I., Meinel, C.: Infrastructure as a Service Security: Challenges and Solutions. Proceedings of the 7th International Conference on Informatics and Systems (INFOS 2010). pp. 1-8. IEEE Press, Cairo, Egypt (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2010_Dawoud_INFOS, address = {Cairo, Egypt}, author = {Dawoud, Wesam and Takounah, Ibrahim and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Informatics and Systems (INFOS 2010)}, keywords = {its}, month = 3, pages = {1-8}, publisher = {IEEE Press}, title = {Infrastructure as a Service Security: Challenges and Solutions}, year = 2010 }
• Cheng, F., Tran, T.-D., Roschke, S., Meinel, C.: A Specialized Tool for Simulating Lock-Keeper Data Transfer. Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010). pp. 182-189. IEEE Press, Perth, Australia (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Cheng_AINA, address = {Perth, Australia}, author = {Cheng, Feng and Tran, Thanh-Dien and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010)}, keywords = {its}, month = 4, pages = {182-189}, publisher = {IEEE Press}, title = {A Specialized Tool for Simulating Lock-Keeper Data Transfer}, year = 2010 }
• Thomas, I., Meinel, C.: An Identity Provider to manage Reliable Digital Identities for SOA and the Web. Proceedings of the 9th Symposium on Identity and Trust on the Internet (IDTrust 2010). pp. 26-36. ACM Press, Gaithersburg, MD, USA (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Thomas_IDTrust, address = {Gaithersburg, MD, USA}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 9th Symposium on Identity and Trust on the Internet (IDTrust 2010)}, keywords = {its}, month = 4, pages = {26-36}, publisher = {ACM Press}, title = {An Identity Provider to manage Reliable Digital Identities for SOA and the Web}, year = 2010 }
• Roschke, S., Cheng, F., Meinel, C.: Using Vulnerability Information and Attack Graphs for Intrusion Detection. Proceedings of the 6th International Conference on Information Assurance and Security (IAS 2010). pp. 104-109. IEEE Press, Atlanta, USA (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Roschke_IAS, address = {Atlanta, USA}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 6th International Conference on Information Assurance and Security (IAS 2010)}, keywords = {its}, month = 8, pages = {104-109}, publisher = {IEEE Press}, title = {Using Vulnerability Information and Attack Graphs for Intrusion Detection}, year = 2010 }
• Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based Cloud Architecture. Proceedings of the 2nd international workshop (in conjunction with CIKM 2010) on Cloud data management (CloudDB 2011). ACM Press, Toronto, Canada (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Schnjakin_CloudDB, address = {Toronto, Canada}, author = {Schnjakin, Maxim and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 2nd international workshop (in conjunction with CIKM 2010) on Cloud data management (CloudDB 2011)}, keywords = {its}, month = 10, publisher = {ACM Press}, title = {Contract-based Cloud Architecture}, year = 2010 }
• Roschke, S., Cheng, F., Meinel, C.: A Flexible and Efficient Alert Correlation Platform for Distributed IDS. Proceedings of the 4th International Conference on Network and System Security (NSS 2010). pp. 24-31. IEEE Press, Melbourne, Australia (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Roschke_NSS, address = {Melbourne, Australia}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Network and System Security (NSS 2010)}, keywords = {its}, month = 9, pages = {24-31}, publisher = {IEEE Press}, title = {A Flexible and Efficient Alert Correlation Platform for Distributed IDS}, year = 2010 }
• Schnjakin, M., Alnemr, R., Meinel, C.: A Security and High-Availability Layer for Cloud Storage. Proceedings of the 1st International Workshop (In conjunction with WISE 2010) on Cloud Information System Engineering (CISE 2010). pp. 449-462. Springer, Hong Kong, China (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Schnjakin_CISE, address = {Hong Kong, China}, author = {Schnjakin, Maxim and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Workshop (In conjunction with WISE 2010) on Cloud Information System Engineering (CISE 2010)}, keywords = {its}, month = 12, number = {6724/2011}, pages = {449-462}, publisher = {Springer}, series = {LNCS}, title = {A Security and High-Availability Layer for Cloud Storage}, year = 2010 }
• Alnemr, R., Paschke, A., Meinel, C.: Enabling Reputation Interoperability through Semantic Technologies. Proceedings of the 7th International Conference on Semantic Systems (I-Semantics 2010). p. No.13. ACM Press, Graz, Austria (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2010_Alnemr_I-Semantics, address = {Graz, Austria}, author = {Alnemr, Rehab and Paschke, Adrian and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Semantic Systems (I-Semantics 2010)}, keywords = {its}, month = 9, pages = {No.13}, publisher = {ACM Press}, title = {Enabling Reputation Interoperability through Semantic Technologies}, year = 2010 }
• Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud. Proceedings of the 6th IEEE World Congress on Services (SERVICES 2010). pp. 115-122. IEEE Computer Society, Miami, Florida, USA (2010).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.
  @inproceedings{2010_Menzel_SERVICES, abstract = {Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.}, address = {Miami, Florida, USA}, author = {Menzel, Michael and Warschofsky, Robert and Thomas, Ivonne and Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 6th IEEE World Congress on Services (SERVICES 2010)}, keywords = {Web_Services its Cloud_Security SOA_Security Web_Service_Security}, month = 7, pages = {115-122}, publisher = {IEEE Computer Society}, title = {The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud}, year = 2010 }
• Paschke, A., Alnemr, R., Meinel, C.: Rule Responder Distributed Reputation Management System for the Semantic Web. Proceedings of the 4th International Rule Challenges (RuleML 2010). , Washington, DC, USA (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2010_Paschke_RuleML, address = {Washington, DC, USA}, author = {Paschke, Adrian and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Rule Challenges (RuleML 2010)}, keywords = {its}, month = 10, series = {CEUR Workshop Proceedings}, title = {Rule Responder Distributed Reputation Management System for the Semantic Web}, volume = 649, year = 2010 }
• Warschofsky, R., Menzel, M., Meinel, C.: Transformation and Aggregation of Web Service Security Requirements. Proceedings of the 8th IEEE European Conference on Web Services (ECOWS 2010). pp. 43-50. IEEE Computer Society, Ayia Napa, Cyprus (2010).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm and provide mechanisms to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-Security Policy) that enable the negotiation of these requirements between clients and services. However, the concept of policy negotiation has not been applicable in the scope of service compositions so far. Since each orchestrated Web Service in a service composition might demand the provision of specific user information and requires a particular security mechanism, the security policy of a service composition depends on the aggregated requirements of the orchestrated services. Current Web Service frameworks are not capable of resolving such policy dependencies. In this paper we present our solution to enable an automated creation of security policies from orchestrated services. Therefore, we present a policy model that is capable of capturing Web Service security requirements. Based on this model, we introduce an algorithm that performs the aggregation of security requirements stated by the orchestrated services and mappings to transform WS-Security Policy instances and the security model instances into each other.
  @inproceedings{2010_Warschofsky_ECOWS, abstract = {Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm and provide mechanisms to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WS-Security Policy) that enable the negotiation of these requirements between clients and services. However, the concept of policy negotiation has not been applicable in the scope of service compositions so far. Since each orchestrated Web Service in a service composition might demand the provision of specific user information and requires a particular security mechanism, the security policy of a service composition depends on the aggregated requirements of the orchestrated services. Current Web Service frameworks are not capable of resolving such policy dependencies. In this paper we present our solution to enable an automated creation of security policies from orchestrated services. Therefore, we present a policy model that is capable of capturing Web Service security requirements. Based on this model, we introduce an algorithm that performs the aggregation of security requirements stated by the orchestrated services and mappings to transform WS-Security Policy instances and the security model instances into each other.}, address = {Ayia Napa, Cyprus}, author = {Warschofsky, Robert and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 8th IEEE European Conference on Web Services (ECOWS 2010)}, keywords = {its}, month = 12, pages = {43-50}, publisher = {IEEE Computer Society}, title = {Transformation and Aggregation of Web Service Security Requirements}, year = 2010 }
• Roschke, S., Ibraimi, L., Cheng, F., Meinel, C.: Secure Communication Using Identity Based Encryption. Proceedings of the 11th IFIP Conference on Communications and Multimedia Security (CMS 2010). pp. 256-267. Springer, Linz, Austria (2010).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2010_Roschke_CMS, address = {Linz, Austria}, author = {Roschke, Sebastian and Ibraimi, Luan and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th IFIP Conference on Communications and Multimedia Security (CMS 2010)}, keywords = {its}, month = 5, pages = {256-267}, publisher = {Springer}, series = {LNCS 6109}, title = {Secure Communication Using Identity Based Encryption}, year = 2010 }

2009 [ nach oben ]

• Thomas, I., Meinel, C.: Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 243-250. IEEE Press, Bangalore, India (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Thomas_SCC, address = {Bangalore, India}, author = {Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its}, month = 9, pages = {243-250}, publisher = {IEEE Press}, title = {Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims}, year = 2009 }
• Alnemr, R., Bross, J., Meinel, C.: Constructing a Context-aware Service-Oriented Reputation Model using Attention Allocation Points. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 451-457. IEEE Press, Bangalore, India (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Alnemr_SCC, address = {Bangalore, India}, author = {Alnemr, Rehab and Bross, Justus and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its}, month = 9, pages = {451-457}, publisher = {IEEE Press}, title = {Constructing a Context-aware Service-Oriented Reputation Model using Attention Allocation Points}, year = 2009 }
• Menzel, M., Thomas, I., Meinel, C.: Security Requirements Specification in Service-oriented Business Process Management. Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009). pp. 41-48. IEEE Computer Science, Fukuoka, Japan (2009).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially. However, security requirements are usually defined on a technical level, rather than on an organisational level that would provide a comprehensive view on the participants, the assets and their relationships regarding security. In this paper, we propose an approach to describe security requirements at the business process layer and their translation to concrete security configuration for service-based systems. We introduce security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level. Our aim is to facilitate the generation of security configurations based on the modelled requirements. For this purpose, we foster a model-driven approach: Information at the modelling layer is gathered and translated to a domain-independent security model. Concrete protocols and security mechanisms are resolved based on a security pattern system that is introduced in the course of this paper.
  @inproceedings{2009_Menzel_ARES, abstract = {Service-oriented Architectures deliver a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. In the scope of organisational workflows, SOA provides a suitable foundation to execute business processes as an orchestration of multiple independent services. Along with the increased connectivity, the corresponding security risks rise exponentially. However, security requirements are usually defined on a technical level, rather than on an organisational level that would provide a comprehensive view on the participants, the assets and their relationships regarding security. In this paper, we propose an approach to describe security requirements at the business process layer and their translation to concrete security configuration for service-based systems. We introduce security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level. Our aim is to facilitate the generation of security configurations based on the modelled requirements. For this purpose, we foster a model-driven approach: Information at the modelling layer is gathered and translated to a domain-independent security model. Concrete protocols and security mechanisms are resolved based on a security pattern system that is introduced in the course of this paper.}, address = {Fukuoka, Japan}, author = {Menzel, Michael and Thomas, Ivonne and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009)}, keywords = {its}, month = 6, pages = {41-48}, publisher = {IEEE Computer Science}, title = {Security Requirements Specification in Service-oriented Business Process Management}, year = 2009 }
• Schnjakin, M., Menzel, M., Meinel, C.: A Pattern-driven Security Advisor for Service-oriented Architectures. Proceedings of the 6th SWS workshop (in conjunction with 16th ACM CCS) on Secure web services (SWS 2009). pp. 13-20. ACM Press, Chicago, USA (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Schnjakin_SWS, address = {Chicago, USA}, author = {Schnjakin, Maxim and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 6th SWS workshop (in conjunction with 16th ACM CCS) on Secure web services (SWS 2009)}, keywords = {its}, month = 11, pages = {13-20}, publisher = {ACM Press}, title = {A Pattern-driven Security Advisor for Service-oriented Architectures}, year = 2009 }
• Roschke, S., Cheng, F., Meinel, C.: Intrusion Detection in the Cloud. Proceedings of the 2009 SCC workshop (in conjunction with 8th PICom) on Services Computing (SCC 2009). pp. 729-734. IEEE Press, Chengdu, China (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Roschke_SCC, address = {Chengdu, China}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 2009 SCC workshop (in conjunction with 8th PICom) on Services Computing (SCC 2009)}, keywords = {its}, month = 12, pages = {729-734}, publisher = {IEEE Press}, title = {Intrusion Detection in the Cloud}, year = 2009 }
• Hebig, R.N., Meinel, C., Menzel, M., Thomas, I., Warschofsky, R.: A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control. Proceedings of the 2009 IEEE International Conference on Web Services (ICWS 2009), Application and Industry Track. p. 551--558. IEEE Computer Society, Los Alamitos, CA, USA (2009).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.
  @inproceedings{2009_Hebig_ICWS, abstract = {The loosely coupled nature of Service-oriented Architectures raises the question how information for access control can be managed in an efficient way. Several specifications for Web Services exist to describe security requirements and to facilitate a provision of identity information. However, the integration of different standards regarding the expression of identity information in policies, claims and assertions comes along with an increased complexity. In order to identify and address the problems occurring with the combined use of standards as XACML, SAML and WS-Trust, we designed and implemented an architecture for identity- and attribute-based access control in decentralized environments. Our implementation provides an automated generation of access control policies in a format called XACML, a way to communicate required user attributes as claims across different domains based on the standards WS-Trust and WS-Policy, and a consistent mapping of retrieved attribute assertions to the XACML attributes in the access control policy.}, address = {Los Alamitos, CA, USA}, author = {Hebig, Regina N. and Meinel, Christoph and Menzel, Michael and Thomas, Ivonne and Warschofsky, Robert}, booktitle = {Proceedings of the 2009 IEEE International Conference on Web Services (ICWS 2009), Application and Industry Track}, keywords = {Web_Services Access_Control its SAML XACML}, month = 7, pages = {551--558}, publisher = {IEEE Computer Society}, title = {A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control}, year = 2009 }
• Wolf, M., Thomas, I., Menzel, M., Meinel, C.: A Message Meta Model for Federated Authentication in Service-oriented Architectures. Proceedings of IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2009). pp. 1 - 8. IEEE Press, Taiwan, China (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Wolf_SOCA, address = {Taiwan, China}, author = {Wolf, Martin and Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2009)}, keywords = {its}, month = 12, pages = {1 - 8}, publisher = {IEEE Press}, title = {A Message Meta Model for Federated Authentication in Service-oriented Architectures}, year = 2009 }
• Wolter, C., Weiß, C., Meinel, C.: An XACML Extension for Business Process-Centric Access Control Policies. Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2009). pp. 166-169. IEEE Press, London, UK (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Wolter_Policy, address = {London, UK}, author = {Wolter, Christian and Weiß, Christian and Meinel, Christoph}, booktitle = {Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2009)}, keywords = {its}, month = 7, pages = {166-169}, publisher = {IEEE Press}, title = {An XACML Extension for Business Process-Centric Access Control Policies}, year = 2009 }
• Cheng, F., Roschke, S., Meinel, C.: Implementing IDS Management on Lock-Keeper. Proceedings of the 5th International Conference on Information Security Practice and Experience (ISPEC 2009). pp. 360-371. Springer Press, Xi'an, China (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Cheng_ISPEC, address = {Xi'an, China}, author = {Cheng, Feng and Roschke, Sebastian and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Information Security Practice and Experience (ISPEC 2009)}, keywords = {its}, month = 4, pages = {360-371}, publisher = {Springer Press}, series = {LNCS}, title = {Implementing IDS Management on Lock-Keeper}, volume = 5451, year = 2009 }
• Cheng, F., Roschke, S., Schuppenies, R., Meinel, C.: Remodeling Vulnerability Information. Proceedings of the 10th International Conference on Information Security and Cryptology (Inscrypt 2009). pp. 324-336. Springer, Beijing, China (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Cheng_Inscrypt, address = {Beijing, China}, author = {Cheng, Feng and Roschke, Sebastian and Schuppenies, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference on Information Security and Cryptology (Inscrypt 2009)}, keywords = {its}, month = 12, pages = {324-336}, publisher = {Springer}, series = {LNCS 6151}, title = {Remodeling Vulnerability Information}, year = 2009 }
• Willems, C., Dawoud, W., Klingbeil, T., Meinel, C.: Security in Tele-Lab – Protecting an Online Virtual Lab for Security Training. Proceedings of the 2009 ELS workshop (in conjunction with 4th ICITST) on E-Learning Security (ELS 2009). pp. 1-7. IEEE Press, London, UK (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2009_Willems_ELS, address = {London, UK}, author = {Willems, Christian and Dawoud, Wesam and Klingbeil, Thomas and Meinel, Christoph}, booktitle = {Proceedings of the 2009 ELS workshop (in conjunction with 4th ICITST) on E-Learning Security (ELS 2009)}, keywords = {its}, month = 11, pages = {1-7}, publisher = {IEEE Press}, title = {Security in Tele-Lab – Protecting an Online Virtual Lab for Security Training}, year = 2009 }
• Cheng, F., Meinel, C.: Design of Lock-Keeper Federated Authentication Gateway. Proceedings of the 11th International Conference on Advanced Communication Technology (ICACT 2009). pp. 1041-1046. IEEE Press, Phoenix Park, Korea (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2009_Cheng_ICACT, address = {Phoenix Park, Korea}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Advanced Communication Technology (ICACT 2009)}, keywords = {its}, month = 2, pages = {1041-1046}, publisher = {IEEE Press}, title = {Design of Lock-Keeper Federated Authentication Gateway}, year = 2009 }
• Roschke, S., Cheng, F., Meinel, C.: An Extensible and Virtualization-Compatible IDS Management Architecture. Proceedings of the 5th International Conference on Information Assurance and Security (IAS 2009). pp. 130-134. IEEE Press, Xi'an, China (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Roschke_IAS, address = {Xi'an, China}, author = {Roschke, Sebastian and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Information Assurance and Security (IAS 2009)}, keywords = {its}, month = 8, pages = {130-134}, publisher = {IEEE Press}, title = {An Extensible and Virtualization-Compatible IDS Management Architecture}, year = 2009 }
• Haq, I.U., Alnemr, R., Paschke, A., Schikuta, E., Boley, H., Meinel, C.: Distributed Trust Management for Validating SLA Choreographies. Proceedings of Workshop SLAs in Grids (in conjunction with Grid'09) on SERVICE LEVEL AGREEMENTS (SLAs 2009). Springer, Banff, Canada (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2009_Haq_SLAs, address = {Banff, Canada}, author = {Haq, Irfan Ul and Alnemr, Rehab and Paschke, Adrian and Schikuta, Erich and Boley, Harold and Meinel, Christoph}, booktitle = {Proceedings of Workshop SLAs in Grids (in conjunction with Grid'09) on SERVICE LEVEL AGREEMENTS (SLAs 2009)}, keywords = {its}, month = 10, publisher = {Springer}, series = {CoreGRID}, title = {Distributed Trust Management for Validating SLA Choreographies}, year = 2009 }
• Wolter, C., Miseldine, P., Meinel, C.: Verification of Business Process Entailment Constraints Using SPIN. Proceedings of the 1st International Symposium on Engineering Secure Software and Systems (ESSoS 2009). pp. 1-15. Springer Press, Leuven, Belgium (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Wolter_ESSoS, address = {Leuven, Belgium}, author = {Wolter, Christian and Miseldine, Philip and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Symposium on Engineering Secure Software and Systems (ESSoS 2009)}, keywords = {its}, month = 2, pages = {1-15}, publisher = {Springer Press}, series = {LNCS}, title = {Verification of Business Process Entailment Constraints Using SPIN}, volume = 5429, year = 2009 }
• Kylau, U., Thomas, I., Menzel, M., Meinel, C.: Trust Requirements in Identity Federation Topologies. Proceedings of the 23rd International Conference on Advanced Information Networking and Applications (AINA 2009). pp. 137-145. IEEE Computer Society, Bradford, UK (2009).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Federated Identity Management describes a model to enable users to use their digital identities in collaborating companies regardless of organizational borders. The essential pre-requisite to share the user authentication across different security domains is the establishment of trust between the collaborating partners. Usually, this is done by setting up complex contracts, that describe common policies, obligations and procedures to be followed by each collaboration member. The result is a federation, or Circle of Trust, in which each member is willing to trust on assertions made by someone else. Naturally, federations are no isolated structures and members of one federation might also be part of another one - a constellation possible with current federation technologies. However, whether and how the trust relationships of federations can be used to allow access even across multiple federations is a question which has not been answered yet. In this paper, we investigate trust requirements for identity federation topologies. Starting from the classical structure of a Circle of Trust, we go beyond this and identify more complex patterns such as overlapping federations. For each pattern, we identify risks for identity and service providers as well as the necessary trust requirements that must be met to allow such constellations.
  @inproceedings{2009_Kylau_AINA, abstract = {Federated Identity Management describes a model to enable users to use their digital identities in collaborating companies regardless of organizational borders. The essential pre-requisite to share the user authentication across different security domains is the establishment of trust between the collaborating partners. Usually, this is done by setting up complex contracts, that describe common policies, obligations and procedures to be followed by each collaboration member. The result is a federation, or Circle of Trust, in which each member is willing to trust on assertions made by someone else. Naturally, federations are no isolated structures and members of one federation might also be part of another one - a constellation possible with current federation technologies. However, whether and how the trust relationships of federations can be used to allow access even across multiple federations is a question which has not been answered yet. In this paper, we investigate trust requirements for identity federation topologies. Starting from the classical structure of a Circle of Trust, we go beyond this and identify more complex patterns such as overlapping federations. For each pattern, we identify risks for identity and service providers as well as the necessary trust requirements that must be met to allow such constellations.}, address = {Bradford, UK}, author = {Kylau, Uwe and Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 23rd International Conference on Advanced Information Networking and Applications (AINA 2009)}, keywords = {its Federated_Identity_Management}, month = 5, pages = {137-145}, publisher = {IEEE Computer Society}, title = {Trust Requirements in Identity Federation Topologies}, year = 2009 }
• Roschke, S., Cheng, F., Tran, T.-D., Meinel, C.: A Theoretical Model of Lock-Keeper Data Exchange and its Practical Verification. Proceedings of the 6th IFIP International Conference on Network and Parallel Computing (NPC 2009). pp. 190-196. IEEE Press, Gold Coast, Australia (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Roschke_NPC, address = {Gold Coast, Australia}, author = {Roschke, Sebastian and Cheng, Feng and Tran, Thanh-Dien and Meinel, Christoph}, booktitle = {Proceedings of the 6th IFIP International Conference on Network and Parallel Computing (NPC 2009)}, keywords = {its}, month = 10, pages = {190-196}, publisher = {IEEE Press}, title = {A Theoretical Model of Lock-Keeper Data Exchange and its Practical Verification}, year = 2009 }
• Teymourian, K., Streibel, O., Paschke, A., Alnemr, R., Meinel, C.: Towards Semantic Event-driven Systems. Proceedings of the 3th International Conference on New Technologies, Mobility and Security (NTMS 2009). pp. 1-6. IEEE Press, Cairo, Egypt (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Teymourian_NTMS, address = {Cairo, Egypt}, author = {Teymourian, Kia and Streibel, Olga and Paschke, Adrian and Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 3th International Conference on New Technologies, Mobility and Security (NTMS 2009)}, keywords = {its}, month = 12, pages = {1-6}, publisher = {IEEE Press}, title = {Towards Semantic Event-driven Systems}, year = 2009 }
• Menzel, M., Meinel, C.: A Security Meta-Model for Service-oriented Architectures. Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009). pp. 251-259. IEEE Computer Society, Bangalore, India (2009).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in Service-oriented Architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.
  @inproceedings{2009_Menzel_SCC, abstract = {Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Several approaches have been described to generate executable description of service orchestrations based on visual business process models. These models describe workflows and related information on an abstract level supporting business analysts to state and verify business requirements. In previous work, we have adopted this approach to simplify the security engineering in Service-oriented Architectures. We foster a model-driven approach based on the integration of security annotations in visual modelling notation. These annotations are gathered and translated to a domain-independent security model that facilitates the generation of enforceable security configurations (e.g. WSSecurityPolicy). In this paper, we introduce our security meta-model for SOA that constitutes the foundation for our model-driven approach. Based on a model for service interactions that describes the exchange of information in a service-based system, we define a model to express security requirements and policies, and introduce a mapping to WS-Policy and WS-SecurityPolicy.}, address = {Bangalore, India}, author = {Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 2009 IEEE International Conference on Services Computing (SCC 2009)}, keywords = {its SOA_Security Model-driven_Security Web_Service_Security Security_Meta_Model WS-SecurityPolicy}, month = 9, pages = {251-259}, publisher = {IEEE Computer Society}, title = {A Security Meta-Model for Service-oriented Architectures}, year = 2009 }
• Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards Unifying Vulnerability Information for Attack Graph Construction. Proceedings of the 12th International Conference on Information Security (ISC 2009). pp. 218-233. Springer, Pisa, Italy (2009).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2009_Roschke_ISC, address = {Pisa, Italy}, author = {Roschke, Sebastian and Cheng, Feng and Schuppenies, Robert and Meinel, Christoph}, booktitle = {Proceedings of the 12th International Conference on Information Security (ISC 2009)}, keywords = {its}, month = 9, pages = {218-233}, publisher = {Springer}, series = {LNCS 5735}, title = {Towards Unifying Vulnerability Information for Attack Graph Construction}, year = 2009 }

2008 [ nach oben ]

• Zhang, G., Cheng, F., Meinel, C.: Towards Secure Mobile Payment Based on SIP. Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2008). pp. 96 - 104. IEEE Press, Belfast, Northern Ireland, UK (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Zhang_ECBS, address = {Belfast, Northern Ireland, UK}, author = {Zhang, Ge and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2008)}, keywords = {its}, month = 3, pages = {96 - 104}, publisher = {IEEE Press}, title = {Towards Secure Mobile Payment Based on SIP}, year = 2008 }
• Thomas, I., Michael, M., Meinel, C.: Quantified Trust Levels for Authentication. Proceedings of the 2008 ACM workshop on Secure web services (ISSE 2008). pp. 71-80. ACM Press, Madrid, Spain (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Thomas_ISSE, address = {Madrid, Spain}, author = {Thomas, Ivonne and Michael, Menzel and Meinel, Christoph}, booktitle = {Proceedings of the 2008 ACM workshop on Secure web services (ISSE 2008)}, keywords = {its}, month = 10, pages = {71-80}, publisher = {ACM Press}, title = {Quantified Trust Levels for Authentication}, year = 2008 }
• Alnemr, R., Meinel, C.: Getting more from Reputation Systems: A Context–aware Reputation Framework based on Trust Centers and Agent Lists. Proceedings of the 3rd International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008). pp. 137 - 142. IEEE Press, Athens, Greece (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Alnemr_ICCGI, address = {Athens, Greece}, author = {Alnemr, Rehab and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Multi-Conference on Computing in the Global Information Technology (ICCGI 2008)}, keywords = {its}, month = 7, pages = {137 - 142}, publisher = {IEEE Press}, title = {Getting more from Reputation Systems: A Context–aware Reputation Framework based on Trust Centers and Agent Lists}, year = 2008 }
• Wolter, C., Schaad, A., Meinel, C.: Task-Based Entailment Constraints For Basic Workflow Patterns. Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT 2008). pp. 51 - 60. ACM Press, Colorado, USA (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Wolter_SACMAT, address = {Colorado, USA}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT 2008)}, keywords = {its}, month = 6, pages = {51 - 60}, publisher = {ACM Press}, title = {Task-Based Entailment Constraints For Basic Workflow Patterns}, year = 2008 }
• Willems, C.: Tele-Lab IT-Security: an architecture for an online virtual IT security lab. Proceedings of 2nd International Workshop on E-Learning and Virtual and Remote Laboratories 2008 (VIRTUAL-LAB). Universitätsverlag Potsdam, Potsdam, Germany (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2008_Willems_VIRTUAL-LAB, address = {Potsdam, Germany}, author = {Willems, Christian}, booktitle = {Proceedings of 2nd International Workshop on E-Learning and Virtual and Remote Laboratories 2008 (VIRTUAL-LAB)}, keywords = {its}, publisher = {Universitätsverlag Potsdam}, title = {Tele-Lab IT-Security: an architecture for an online virtual IT security lab}, year = 2008 }
• Willems, C., Meinel, C.: Awareness Creation mit Tele-Lab IT-Security: praktisches IT-Sicherheitstraining am Beispiel Trojanischer Pferde. Proceedings of GI 2008 International Conference on Sicherheit (Sicherheit 2008). pp. 513 - 532. GI Press, Saarbrücken, Germany (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2008_Willems_Sicherheit, address = {Saarbrücken, Germany}, author = {Willems, Christian and Meinel, Christoph}, booktitle = {Proceedings of GI 2008 International Conference on Sicherheit (Sicherheit 2008)}, keywords = {its}, month = 4, pages = {513 - 532}, publisher = {GI Press}, series = {LNI}, title = {Awareness Creation mit Tele-Lab IT-Security: praktisches IT-Sicherheitstraining am Beispiel Trojanischer Pferde}, volume = 128, year = 2008 }
• Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. Proceedings of GI 2008 International Conference on Modellierung (Modellierung 2008). pp. 197 - 212. GI Press, Berlin, Germany (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2008_Wolter_Modellierung, address = {Berlin, Germany}, author = {Wolter, Christian and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of GI 2008 International Conference on Modellierung (Modellierung 2008)}, keywords = {its}, month = 3, pages = {197 - 212}, publisher = {GI Press}, series = {LNI}, title = {Modelling Security Goals in Business Processes}, volume = 127, year = 2008 }
• Zhang, G., Cheng, F., Meinel, C.: SIMPA: A SIP-based Mobile Payment Architecture. Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2008). pp. 287 - 292. IEEE Press, Portland, Oregon (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Zhang_ICIS, address = {Portland, Oregon}, author = {Zhang, Ge and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2008)}, keywords = {its}, month = 5, pages = {287 - 292}, publisher = {IEEE Press}, title = {SIMPA: A SIP-based Mobile Payment Architecture}, year = 2008 }
• Menzel, M., Wolter, C., Meinel, C.: Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions. Proceedings of the 11th International Conference on Business Information Systems (BIS 2008). p. 297--308. Springer, Innsbruck, Austria (2008).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organizational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organizations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as polices that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organizational service compositions.
  @inproceedings{2008_Menzel_BIS, abstract = {The seamless composition of independent services is one of the success factors of Service-oriented Architectures (SOA). Services are orchestrated to service compositions across organizational boundaries to enable a faster reaction to changing business needs. Each orchestrated service might demand the provision of specific user information and requires particular security mechanisms. To enable a dynamic selection of services provided by foreign organizations, a central management of static security policies is not appropriate. Instead, each service should express its own security requirements as polices that stipulate explicitly the requirements of the composition. In this paper we address the problem of aggregating security requirements from orchestrated services. Such an aggregation is not just the combination of all security requirements, since dependencies and conflicts between these requirements might exist. We provide a classification of these dependencies and introduce a conceptional security model enabling a classification of security requirements to reveal conflicts. Finally, we propose an approach to determine an aggregation of security requirements in cross organizational service compositions.}, address = {Innsbruck, Austria}, author = {Menzel, Michael and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 11th International Conference on Business Information Systems (BIS 2008)}, keywords = {Security SOA its Service_Composition Security_Policy}, month = 5, pages = {297--308}, publisher = {Springer}, series = {LNBIP}, title = {Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions}, volume = 7, year = 2008 }
• Zhou, W., Meinel, C.: Enforcing Information Flow Constraints in RBAC Environments. Proceedings of the 1st International Symposium on Electronic Commerce and Security (ISECS 2008). pp. 153 - 158. IEEE Press, Guangzhou, China (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Zhou_ISECS, address = {Guangzhou, China}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 1st International Symposium on Electronic Commerce and Security (ISECS 2008)}, keywords = {its}, month = 8, pages = {153 - 158}, publisher = {IEEE Press}, title = {Enforcing Information Flow Constraints in RBAC Environments}, year = 2008 }
• Thomas, I., Menzel, M., Meinel, C.: Using Quantified Trust Level to Describe Authentication Requirements in Federated Identity Management. Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2008), in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008). pp. 71-80. ACM Press, Alexandria, VA, USA (2008).
  [ BibSonomy-Post ] [ Abstract ] [ BibTeX ] [ DOI ] [ Details ]
   
  Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.
  @inproceedings{2008_Thomas_SWS, abstract = {Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider's domain, but can be performed in the user's local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods.}, address = {Alexandria, VA, USA}, author = {Thomas, Ivonne and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2008), in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008)}, keywords = {its}, pages = {71-80}, publisher = {ACM Press}, title = {Using Quantified Trust Level to Describe Authentication Requirements in Federated Identity Management}, year = 2008 }
• Cheng, F., Meinel, C.: Strong Authentication over Lock-Keeper. Proceedings of the 34th conference on Current trends in theory and practice of computer science (SOFSEM 2008). pp. 572 - 584. Springer, High Tatras, Slovakia (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2008_Cheng_SOFSEM, address = {High Tatras, Slovakia}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 34th conference on Current trends in theory and practice of computer science (SOFSEM 2008)}, keywords = {its}, month = 1, pages = {572 - 584}, publisher = {Springer}, series = {LNCS}, title = {Strong Authentication over Lock-Keeper}, volume = 4910, year = 2008 }
• Wolter, C., Schaad, A., Meinel, C.: A Transformation Approach for Security Enhanced Business Processes. Proceedings of the IASTED International Conference on Software Engineering (SE 2008). pp. 14-19. ACTA Press, Innsbruck, Austria (2008).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2008_Wolter_SE, address = {Innsbruck, Austria}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of the IASTED International Conference on Software Engineering (SE 2008)}, keywords = {its}, month = 2, pages = {14-19}, publisher = {ACTA Press}, title = {A Transformation Approach for Security Enhanced Business Processes}, year = 2008 }

2007 [ nach oben ]

• Zhou, W., Meinel, C.: Function-Based Authorization Constraints Specification and Enforcement. Proceedings of the 3rd International Symposium on Information Assurance and Security (IAS 2007). pp. 119-124. IEEE Press, Manchester, United Kingdom (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2007_Zhou_IAS, address = {Manchester, United Kingdom}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Symposium on Information Assurance and Security (IAS 2007)}, keywords = {its}, month = 8, pages = {119-124}, publisher = {IEEE Press}, title = {Function-Based Authorization Constraints Specification and Enforcement}, year = 2007 }
• Zhou, W., Meinel, C.: A Policy Language for Integrating Heterogeneous Authorization Policies. Proceedings of the 4th International Conference on Grid Service Engineering and Management (GSEM 2007). pp. 9 - 23. , Leipzig, Germany (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2007_Zhou_GSEM, address = {Leipzig, Germany}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 4th International Conference on Grid Service Engineering and Management (GSEM 2007)}, keywords = {its}, month = 9, pages = {9 - 23}, title = {A Policy Language for Integrating Heterogeneous Authorization Policies}, year = 2007 }
• Menzel, M., Wolter, C., Meinel, C.: Access Control for Cross-Organisational Web Service Composition. Information Assurance and Security 2 (2007) 155–160. pp. 701 - 711 (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2007_Menzel_SIS, author = {Menzel, Michael and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 2nd International Workshop on Secure Information Systems (SIS 2007)}, journal = {Information Assurance and Security 2 (2007) 155–160}, keywords = {its}, month = 10, pages = {701 - 711}, title = {Access Control for Cross-Organisational Web Service Composition}, year = 2007 }
• Zhou, W., Meinel, C.: Team and Task Based RBAC Access Control Model. Proceedings of the 5th International Conference on Network Operations and Management Symposium (LANOMS 2007). pp. 84 - 94. IEEE Press, Petrópolis, Brazil (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2007_Zhou_LANOMS, address = {Petrópolis, Brazil}, author = {Zhou, Wei and Meinel, Christoph}, booktitle = {Proceedings of the 5th International Conference on Network Operations and Management Symposium (LANOMS 2007)}, keywords = {its}, month = 9, pages = {84 - 94}, publisher = {IEEE Press}, title = {Team and Task Based RBAC Access Control Model}, year = 2007 }
• Menzel, M., Cheng, F., Meinel, C.: Providing Secure Web Services Using Physical Separation. Proceedings of the 9th International Conference on Information and Communications Security (ICICS 2007). Springer, Zhengzhou, China (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2007_Menzel_ICICS, address = {Zhengzhou, China}, author = {Menzel, Michael and Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 9th International Conference on Information and Communications Security (ICICS 2007)}, keywords = {its}, month = 12, publisher = {Springer}, title = {Providing Secure Web Services Using Physical Separation}, year = 2007 }
• Cheng, F., Menzel, M., Meinel, C.: A Secure Web Services Providing Framework based on Lock-Keeper. Proceedings of the 10th International Conference on Managing Next Generation Networks and Services (APNOMS 2007). pp. 375 - 384. Springer, Sapporo, Japan (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2007_Cheng_APNOMS, address = {Sapporo, Japan}, author = {Cheng, Feng and Menzel, Michael and Meinel, Christoph}, booktitle = {Proceedings of the 10th International Conference on Managing Next Generation Networks and Services (APNOMS 2007)}, keywords = {its}, month = 10, pages = {375 - 384}, publisher = {Springer}, series = {LNCS}, title = {A Secure Web Services Providing Framework based on Lock-Keeper}, volume = 4773, year = 2007 }
• Cheng, F., Wolter, C., Meinel, C.: A Simple, Smart and Extensible Framework for Network Security Measurement. Proceedings of the 3rd International Conference on Information Security and Cryptology (Inscrypt 2007). pp. 517 - 531. Springer, Xining, China (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2007_Cheng_Inscrypt, address = {Xining, China}, author = {Cheng, Feng and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the 3rd International Conference on Information Security and Cryptology (Inscrypt 2007)}, keywords = {its}, month = 8, pages = {517 - 531}, publisher = {Springer}, series = {LNCS}, title = {A Simple, Smart and Extensible Framework for Network Security Measurement}, volume = 4990, year = 2007 }
• Menzel, M., Thomas, I., Wolter, C., Meinel, C.: SOA Security - Secure Cross-Organizational Service Composition. Proceedings of the Stuttgarter Softwaretechnik Forum 2007 (SSF 2007). pp. 41 - 53. Fraunhofer IRB-Verlag, Stuttgart, Germany (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2007_Menzel_SSF, address = {Stuttgart, Germany}, author = {Menzel, Michael and Thomas, Ivonne and Wolter, Christian and Meinel, Christoph}, booktitle = {Proceedings of the Stuttgarter Softwaretechnik Forum 2007 (SSF 2007)}, keywords = {its}, pages = {41 - 53}, publisher = {Fraunhofer IRB-Verlag}, title = {SOA Security - Secure Cross-Organizational Service Composition}, year = 2007 }
• Wolter, C., Schaad, A., Meinel, C.: Deriving XACML Policies from Business Process Models. Proceedings of International Workshops on Web Information Systems Engineering (WISE 2007). pp. 142 - 153. Springer, Nancy, France (2007).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2007_Wolter_WISE, address = {Nancy, France}, author = {Wolter, Christian and Schaad, Andreas and Meinel, Christoph}, booktitle = {Proceedings of International Workshops on Web Information Systems Engineering (WISE 2007)}, keywords = {its}, month = 12, pages = {142 - 153}, publisher = {Springer}, series = {LNCS}, title = {Deriving XACML Policies from Business Process Models}, volume = 4832, year = 2007 }

2006 [ nach oben ]

• Cheng, F., Meinel, C.: Deployment of Virtual Machines in Lock-Keeper. Proceedings of the 7th International Conference on Information Security Applications (WISA 2006). pp. 339-351. Springer, Jeju Island, South Korea (2006).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2006_Cheng_WISA, address = {Jeju Island, South Korea}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Conference on Information Security Applications (WISA 2006)}, keywords = {its}, month = 8, pages = {339-351}, publisher = {Springer}, series = {LNCS}, title = {Deployment of Virtual Machines in Lock-Keeper}, volume = 4298, year = 2006 }
• Hu, J., Cordel, D., Meinel, C.: New Media for Teaching Applied Cryptography and Network Security. Proceedings of the 1st European Conference on Technology Enhanced Learning (EC-TEL 2006). pp. 488-493. Springer, Crete, Greece (2006).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2006_Hu_EC-TEL, address = {Crete, Greece}, author = {Hu, J. and Cordel, D. and Meinel, Christoph}, booktitle = {Proceedings of the 1st European Conference on Technology Enhanced Learning (EC-TEL 2006)}, keywords = {its}, month = 10, pages = {488-493}, publisher = {Springer}, series = {LNCS}, title = {New Media for Teaching Applied Cryptography and Network Security}, volume = 4227, year = 2006 }
• Zhou, W., Raja, V.H., Meinel, C., Ahmad, M.: Label-Based Access Control Policy Enforcement and Management. Proceedings of the 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2006). pp. 395-400. IEEE Press, Las Vegas, Nevada (2006).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2006_Zhou_SNPD, address = {Las Vegas, Nevada}, author = {Zhou, Wei and Raja, Vinesh H. and Meinel, Christoph and Ahmad, Munir}, booktitle = {Proceedings of the 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2006)}, keywords = {its}, month = 6, pages = {395-400}, publisher = {IEEE Press}, title = {Label-Based Access Control Policy Enforcement and Management}, year = 2006 }
• Cheng, F., Meinel, C.: Lock-Keeper: A New Implementation of Physical Separation Technology. Proceedings of International Conference on Securing Electronic Busines Processes (ISSE 2006). pp. 275-286. Springer, Rome, Italy (2006).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2006_Cheng_ISSE, address = {Rome, Italy}, author = {Cheng, Feng and Meinel, Christoph}, booktitle = {Proceedings of International Conference on Securing Electronic Busines Processes (ISSE 2006)}, keywords = {its}, month = 10, pages = {275-286}, publisher = {Springer}, title = {Lock-Keeper: A New Implementation of Physical Separation Technology}, year = 2006 }

2005 [ nach oben ]

• Ghasemzadeh, M., Klotz, V., Meinel, C.: Splitting Versus Unfolding. Proceedings of the 7th International Symposium on Representations and Methodology of Future Computing Technology (RM 2005). pp. 30-34 (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2005_Ghasemzadeh_RM, author = {Ghasemzadeh, M. and Klotz, V. and Meinel, Christoph}, booktitle = {Proceedings of the 7th International Symposium on Representations and Methodology of Future Computing Technology (RM 2005)}, keywords = {its}, month = 9, pages = {30-34}, title = {Splitting Versus Unfolding}, year = 2005 }
• Cordel, D., Hu, J., Meinel, C.: Tele-Lab IT-Security - IT Sicherheitstraining im Internet. Proceedings of International Symposium one-Lecturing und tele-TASK: Grenzenloses elektronisches Lernen für alle (D-A-C-H Security 2005). syssec Verlag, Darmstadt, Germany (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2005_Cordel_D-A-C-H_Security, address = {Darmstadt, Germany}, author = {Cordel, D. and Hu, J. and Meinel, Christoph}, booktitle = {Proceedings of International Symposium one-Lecturing und tele-TASK: Grenzenloses elektronisches Lernen für alle (D-A-C-H Security 2005)}, keywords = {its}, month = 1, publisher = {syssec Verlag}, title = {Tele-Lab IT-Security - IT Sicherheitstraining im Internet}, year = 2005 }
• Zhou, W., Raja, V.H., Meinel, C.: An Authentication and Authorization System for Virtual Organizations. Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2005). pp. 150-155. INT INST INFORMATICS & SYSTEMICS, Florida, USA (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ Details ]
   
  @inproceedings{2005_Zhou_WMSCI, address = {Florida, USA}, author = {Zhou, W. and Raja, V. H. and Meinel, Christoph}, booktitle = {Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2005)}, keywords = {its}, month = 7, pages = {150-155}, publisher = {INT INST INFORMATICS & SYSTEMICS}, title = {An Authentication and Authorization System for Virtual Organizations}, volume = 7, year = 2005 }
• Zhang, X., Jiang, C., Huang, W., Meinel, C.: A XML Format Secure Protocal - OpenSST. Proceedings of the 3rd ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2005). p. 89. IEEE Press, Cairo, Egypt (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2005_Zhang_AICCSA, address = {Cairo, Egypt}, author = {Zhang, X. and Jiang, C. and Huang, W. and Meinel, Christoph}, booktitle = {Proceedings of the 3rd ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2005)}, keywords = {its}, month = 1, pages = 89, publisher = {IEEE Press}, title = {A XML Format Secure Protocal - OpenSST}, year = 2005 }
• Zhou, W., Meinel, C., Raja, V.H.: A Framework for Supporting Distributed Access Control Policies. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005). pp. 442- 447. IEEE Press, Cartagena, Spain (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]
   
  @inproceedings{2005_Zhou_ISCC, address = {Cartagena, Spain}, author = {Zhou, W. and Meinel, Christoph and Raja, V. H.}, booktitle = {Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005)}, keywords = {its}, month = 6, pages = {442- 447}, publisher = {IEEE Press}, title = {A Framework for Supporting Distributed Access Control Policies}, year = 2005 }
• Hu, J., Cordel, D., Meinel, C.: Virtual Machine Management for Tele-Lab "IT-Security" Server. Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005). pp. 448- 453. IEEE Press, Cartagena, Spain (2005).
  [ BibSonomy-Post ] [ BibTeX ] [ DOI ] [ Details ]