Lehre

• WiSe 2010
• SoSe 2010/2011
• Bisherige Veranstaltungen

Für Studenten

• Diplom
• Bachelor
• Master
• Schriftliche Arbeiten:
  • Themenvorschläge
  • Praktische Hinweise

Arbeitsbereich

• Menschen
  • CInsects
• Labor
• Historie
• Archiv

Ehemalige Projekte

• VTC
• Das DFN-CERT:
  • Notfallteam
  • PKI

Publikationen und Vorträge

---

Publikationen

---

2008

• Martin Johns, Björn Engelmann, Joachim Posegga: XSSDS: Server-side Detection of Cross-site Scripting Attacks, In ACSAC, 2008. [PDF]
• Henrich C. Pöhls: ConCert: Content Revocation using Certificates, In Sicherheit 2008, Saarbrücken, Germany, GI, GI-Edition LNI, April 2008.
• Bastian Braun: SAVE: static analysis on versioning entities, In SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems, Leipzig, Germany, ACM, pp. 25--32, 2008.
• Thomas Meyer, Daniel Schreckling, Christian Tschudin, Lidia Yamamoto: Robustness to Code and Data Deletion in Autocatalytic Quines, In Transactions on Computational Systems Biology, 2008 (to appear)
• Martin Johns, Moritz Jodeit, Wolfgang Koeppl, and Martin Wimmer: Scanstud - Evaluating static analysis tools, In OWASP AppSec 2008, Ghent, Belgium, May 22nd, 2008.
• Daniel Schreckling: Security in Autonomic Systems: Mission Impossible?, In SAC-Fire Workshop 2008, Turin, Italy, March 4-5th 2008.
• Paolo Dini, Daniel Schreckling: Notes on Abstract Algebra and Logic: Towards Their Application to Cell Biology and Security, In 2nd IEEE Internation Conference on Digital Ecosystems and Technologies (DEST 2008), Phitsanulok, Thailand, February 26-29, 2008.
• Malko Steinorth, Martin Johns: Zeitverläufe bei automatisierten Penetrationstests, In 15. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2008. [PDF]
• Henrich C. Pöhls, Lars Westphal: Die "Untiefen" der neuen XML-basierten Dokumentenformate, In 15. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2008.

---

2007

• Martin Johns, Daniel Schreckling: Automatisierter Code-Audit - Sicherheitsanalyse von Source Code in Theorie und Praxis, In Datenschutz und Datensicherheit (DuD), Volume 31, Number 12, Vieweg Verlag, pp. 888--893, December 2007.
• Martin Johns: On JavaScript Malware and related threats - Web page based attacks revisited, In Journal in Computer Virology, Springer Paris, December 2007. [PDF]
• Lidia Yamamoto, Daniel Schreckling, Thomas Meyer: Self-Replicating and Self-Modifying Programs in Fraglets, In 2nd International Conference on Bio-Inspired Models of Network, Information, and Computing Systems (BIONETICS 2007), Budapest, Hungary, December 10-13, 2007.
• Dennis Bliefernicht, Daniel Schreckling: Highly Adaptive Cryptographic Suites for Autonomic WSNs, In International Workshop on Technologies for Situated and Autonomic Communications (SAC 2007), Budapest, Hungary, in conjunction with BIONETICS'07, December 10-13, 2007.
• Paolo Dini, Daniel Schreckling: More note on abstract algebra and logic: Towards their application to cell biology and security, In Proceedings of 1st OPAALS Workshop, Rome, Italy, November 26-28, 2007.
• Martin Johns: The three faces of CSRF, In DeepSec2007, Vienna, Austria, 23. November 2007. [PDF der Folien]
• Hannah K. Lee : Unraveling decentralized authorization for multi-domain collaborations, In International Conference on Collaborative Computing: Networking, Applications and Worksharing - CollaborateCom 2007, 12-15. November 2007, pp.33-40. [PDF]
• Hannah K. Lee, Heiko Luedemann: A Lightweight Decentralized Authorization Model for Inter-domain Collaborations, In 2007 ACM Workshop on Secure Web-Services (SWS'07), Fairfax, Virginia, USA, November 2007. [PDF]
• Martin Johns: Exploiting the Intranet with a Webpage, In HITBSecConf2007, Kuala Lumpur, Malaysia, 3-6. September 2007 (to appear).
• Martin Johns, Justus Winter: Protecting the Intranet Against "JavaScript Malware" and Related Attacks, In Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2007), B. M. Hämmerli and R. Sommer (ed.), Springer, LNCS 4579, pp. 40-59, July 2007. [PDF]
• Josep Domingo-Ferrer, Joachim Posegga, Francesc Sebe, and Vicenc Torra (Eds.). COMPUTER NETWORKS, Special Issue on Advances in Smart Cards. Elsevier, Volume 51, June 2007.
• Martin Johns: Towards vulnerability prevention in web applications via data/code separation, In Fraunhofer First Kolloqium, Berlin, Germany, 20. Juni 2007.
• Martin Johns: Cross Site Scripting (XSS) und Session Riding (CSRF): Angriffe auf Web-Session Management - Ursachen, Konsequenzen, Gegenmaßnahmen, In IICO-Congress, Berlin, Germany, 9-11. Mai 2007 (to appear).
• Martin Johns: Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level, Technical Report, Number 279-07, University of Hamburg, Mai 2007. [PDF]
• Christopher Holm, Christopher Schwardt: Verwundbarkeiten von Web-Anwendungen, In Informatiktage 2007, Köllen Druck+Verlag, LNI, März 2007. [PDF]
• Martin Johns, Christian Beyerlein: SMask: Preventing Injection Attacks in Web Applications by Approximating Automatic Data/Code Separation, In 22nd ACM Symposium on Applied Computing (SAC 2007), Security Track, Seoul, Korea, März 2007. [PDF]
• Daniel Schreckling, Martin Johns, et al.: CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess, In 14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2007. [PDF]
• Henrich C. Pöhls: Authenticity and Revocation of Web Content using Signed Microformats and PKI. Technical Report, Number 276-07, University of Hamburg, February 2007. [PDF]
• Bastian Braun: FCPre: Extending the Arora-Kulkarni Method of Automatic Addition of Fault-Tolerance, In The Second International Conference on Availability, Reliability and Security (ARES'07), pp. 967-974, 2007. ([PDF]

---

2006

• Martin Johns, Justus Winter: CSRF, the Intranet and You, In 23C3, Berlin, Germany, 27-30 Dezember 2006.
• Bastian Braun: FCPre: Extending the Arora-Kulkarni Method of Automatic Addition of Fault-Tolerance. Technical Report, Number 275-06, University of Hamburg, December 2006. [PDF]
• Daniel Schreckling, Jan Seedorf: Secure and Decentralized Session Establishment, In Third Annual CREATE-NET Workshop, Cavalese, Italy, December 2006.
• Daniel Schreckling, Henrich C. Pöhls: Data Driven and Data Centric Security, In Third Annual CREATE-NET Workshop, Cavalese, Italy, December 2006.
• Jan Seedorf: SIP Security - Status Quo and Future Issues, In Proceedings of 23rd Chaos Communication Congress,, Berlin, Germany, December 2006.
• Martin Johns: On CSRF and why you should care, In PacSec 2006, Tokio, Japan, 27-30 November 2006. [PDF der Folien]
• Daniel Schreckling: Security in BIONETS, In European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS),, Hamburg, Germany, September 20-21, 2006
• Jan Seedorf: Security Challenges for P2P-SIP, Special Issue on Securing Voice over IP, IEEE Network, Volume 20, Number 5, September 2006, pp. 38 - 45
• Martin Johns: SessionSafe: Implementing XSS Immune Session Handling, In European Symposium on Research in Computer Security (ESORICS 2006), Gollmann, D.; Meier, J. & Sabelfeld, A. (ed.), Springer, LNCS 4189, pp. 444-460, September 2006. [PDF, PDF der Folien]
• Jan Seedorf: Using Cryptographically Generated SIP-URIs to protect the Integrity of Content in P2P-SIP, In Third Annual VoIP Security Workshop, Berlin, Germany, June 2006. [PDF]
• Martin Johns, Justus Winter: RequestRodeo: Client Side Protection against Session Riding, In Proceedings of the OWASP Europe 2006 Conference, Piessens, F. (ed.), Report CW448, Departement Computerwetenschappen, Katholieke Universiteit Leuven, Belgium, May 2006. [PDF, PDF der Folien]
• Martin Johns: Using the same-origin policy to disarm XSS vulnerabilities, In ph-neutral 0x7d6, Berlin, Germany, 27 Mai 2006. [PDF der Folien]
• Daniel Schreckling: Securing BIONETS: 'How can Security Infrastructures Match Autonomically Evolving Networks and Services?', In DISTTRUST Workshop, Barcelona, Spain, April 28, 2006.
• Martin Johns, Joachim Posegga: Softwaresicherheit - Eine Forschungsperspektive, In Frühjahrstreffen der GI-Fachgruppe Datenbanken, Harburg, 6. April 2006.
• Josep Domingo-Ferrer, Joachim Posegga, and Daniel Schreckling (Eds.). Proc. 7th Intern. Conf. on Smart Card Research and Applications, Tarragona, Spain, Springer LNCS 3928, 2006.
• Henrich C. Pöhls, Joachim Posegga: Smartcard Firewalls Revisited, In 7th Intern. Conf. on Smart Card Research and Applications, Tarragona, Spain, Springer Verlag, LCNS, April 19-21, 2006. [PDF]

---

2005

• Martin Johns: Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches, In 22C3, Berlin, Germany, 27. Dezember 2005. [PDF der Folien]
• Joachim Posegga, Jan Seedorf: Voice Over IP: Unsafe at any Bandwidth?, In Proc. EURESCOM Summit 2005: Ubiquitous Services and Applications, Heidelberg, Germany, VDE Verlag, April 27--29 2005. [PDF]

---

2004

• Heiko Fangmeier, Michel Messerschmidt, Fabian Müller, Jan Seedorf: Risiken der Nichterkennung von Malware in komprimierter Form, In Detections of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004), Flegel, U.; Meier, M. (Ed.), Springer Verlag, Lecture Notes in Informatics, P-46, S. 201--211

---

2003 (VTC)

• Bodo Eggert, Michael Messerschmidt, Jan Seedorf: Klassifikation von bösartiger Software und aktuelle Testergebnisse des Virus Test Centers von AntiMalware-Software unter Linux, In Linuxtag 2003, Karlsruhe, 10.-13. Juli 2003