The actual state of the work will be presented on a single day. Starting sharply at 10:00 with the first presentation, we suggest a tight schedule. This allows all submitted papers to be presented during one single session.

Therefore, the length of each presentation shall be about 20 Minutes. You shall not present much longer than 20 minutes, and you should also not present considerably shorter. After the presentation we have reserved 10 minutes time for questions, short discussions, and an additional 10 minutes for changing the laptop. Please let the supervisors know wether you need present using your own laptop or if you need one.

The schedule for the presentation sessions on Wednesday 11.07.2007 is as followed:

Time		Topic	Authors
10:00		Welcome - Reception
10:15	10:45	Fuzzing - Guess at large or purposeful testing?	Ö. Bagkan, C. Borgmann, T. Sossidi, F. Rinneberg
10:55	11:35	Signed Documents - Analysis of document formats with embedded signatures	F. Petersen, D. Tran, F. Pscheid
11:35		Short Coffee Break
11:50	12:20	Security Policy Modeling	C. Mein, M. Bonnesen, T. Tetzner, O. Krychevskyy
12:30	13:00	Adaptive Security in Ubiquitous Systems	M. Weseloh, M. Kulas, A. Walter
13:10		Lunch (not included)

Please submit your final papers until 30.09.2007 via email to your supervisors and cc them to Henrich C. Pöhls.

The conference management tool we used allows the management of participants, submissions and reviews. We used ConfTool Pro, it has been gratefully provided and hosted by Harald Weinreich.
 
You need to adhere to the following styleguide when submitting your extended abstract or your final paper as PDF document: Styleguide as PDF, Styleguide as Word (needs to be converted to PDF) .
If you prefer to use LaTEX you are welcome to do so. When using LaTEX try to come as close as possible to the layout described and shown in the PDF styleguide above, but following this LaTEX file might help.

1. Fuzzing - Guess at large or purposeful testing?
   Advisor: Bastian Braun
   Participants: Özgür Bagkan, Christian Borgmann, Tobias Sossidi, Folke Rinneberg
   
   Abstract: In the context of this topic, different approaches of fuzzing are analysed. The generation of test cases, the detection but also the evaluation of input mishandling are considered. Finally, some fuzzing tools are tested.
   
   
2. Signed Documents - Analysis of document formats with embedded signatures
   Advisor: Henrich C. Pöhls
   Participants: Finn Petersen, Dong Tran, Frederic Pscheid
   
   Abstract: Several document standards allow to embed a digital signature generated over that document. Among others standards like PDF, especially the newer XML based document standards of Microsoft Word (docx - OpenXML) and OpenOffice (odf - OASIS Open Document Format for Office Applications) shall be analysed. The work shall provide answers to questions like: What parts of the document are signed? How is the digital signature embedded? How is the verification process visualzed (in the standard GUIs)?
   
   
3. Suitable and unsuitable document formats for digitally signed documents
   Advisor: Henrich C. Pöhls
   Participants: Lei Da
   
   Abstract: If a document at whole is fed into a digital signature generation process the user must assume that what he sees is what he signs, the same holds true for the verification process. But several document standards are not "so suitable" for being digitally signed (example Postscript and MD5 weakness). This work shall look at other document standards, especially PDF/A (used for archiving) or the newer XML based document standards of Microsoft Word (OpenXML) and OpenOffice (Open Document Format) and explore if they show the same weakness.
   
   
4. Security Policy Modeling
   Advisor: Christopher Alm
   Participants: Christian Mein, Matthias Bonnesen, Thaddäus Tetzner, Oleksanck Krychevskyy
   
   Keywords: security policy, authorization, organizational control.
   Abstract: In order to achieve their primary business objectives, organizations also need to control their processes in order to protect their resources and assets. Therefore an organization has to ensure that its IT system adheres to a security policy, which is a written document whose goal is to encompass the security requirements of an organization as close as possible. If a security policy is readable by both humans and computers, it can be directly interpreted to be enforced by the underlying IT-system. For this purpose, there are dedicated security policy specification languages.
   
   The goal of this seminar topic is twofold. On the one hand you have to create a set of security requirements of a potential organization where you acquaint yourself with methods of eliciting security requirements. On the other hand, you have to implement your set of requirements by using the policy specification language Ponder. Thereby you learn how to model security requirements by means of a dedicated security policy language and experience the limitations of such a language.
   
   
5. Adaptive Security in Ubiquitous Systems
   Advisor: Daniel Schreckling
   Participants: Marcus Weseloh, Martin Kulas, Andre Walter
   
   Keywords: adaptive security, ubiquitous computing.
   Abstract: Ubiquitous systems are often subject to strict resource constraints. Thus, applicable security mechanisms have to allow for various memory constraints, the computational power of the devices and battery consumption of security relevant operations. On the other hand, ubiquitous systems are and will be highly heterogeneous. To adhere the possibility for secure interaction, also flexible security mechanisms are required.
   In this work you investigate already deployed as well as new security mechanisms which are flexible and adaptive enough to be feasible for ubiquitous (and situated) systems.
   
   

Please use STiNE, in case of problems you can also show up at the first meeting. Please do check the list of topics, once available, and do prepare to ask questions and to choose one of them in the first meeting.

We will try to give you some additional insight in academic conferences. Therefore this semester's seminar will be held in a conference style:

This is interestingly different from "normal" seminars in several ways:

• You will work in groups and write up an extended abstract (2-5 pages). You can choose your topic from several interesting research topics. Each of the topics or topic areas is advised by one supervisor, who's research interest is centered in this area.
   
• You will learn how a real conference works behind the scenes: For example your extended abstract needs to be submitted using a conference tool.
  It will give the program committee (Prof. Dr. Posegga [Program Chair], Christopher Alm, Bastian Braun, Martin Johns, Hannah Lee, Daniel Schreckling, Henrich C. Pöhls) an overview and the chance to check the progress of your work (your goals, your methods, your sources, etc.).
   
• Additionally the extended abstract is reviewed in a blinded review process. Blinded means your paper is reviewed by an unknown reviewer, but the reviewer knows that you are the paper's author. You will participate in the review process as reviewers.
  During the review process you get familiar with the other group's work, while reading their extended abstracts. You will rate other group's submissions and provide the authors and the program committee with valueable comments and helpful hints. Again, comments to the program committee as well as the rating will not be given to the authors. So you will get feedback from other participants.
   
• Another benefit of the conference style: You all present your work on the "conference day". Each of you presents a part of your group's work in your group's presentation (about 45 minutes). So you will have one single "event" at the end of the semester (final date will be decided on during the course). This allows you to solely concentrate on interesting, in-depth presentations, rather than listening to two presentations each and every week.
   
• And you have less regular meetings, as the preliminary time-table below shows.

One difference to a regular conference: Normally you would have to work in the comments and suggestions in your camera ready version, which normally needs to be submitted before the presentation. In this seminar the camera-ready version needs to be handed in at the end of this semester.

Eventhough it sounds like more work to all parties (participants & program committee members),
we hope this conference-style seminar will be a good preparation and a lot of fun, too.
Ask your fellow students that already took part in previous conference style seminars for their impressions.

Date	Scheduled Task
04.04.	1st Meeting: Preperation, Group-Building, Questions, ... (face2face)
11.04.	work on topic
18.04.
25.04.
02.05.
09.05.
16.05.
23.05.	Deadline: Extendend Abstract-Submission to Conference Tool
30.05.	Vacation - Pfingstferien
06.06.	work on review
11.06.	Deadline: Review Submission to Conference Tool
13.06.	2nd Meeting: Guidance & Feedback (face2face)
20.06.	work on presentation
27.06.
04.07
11.07.	Conference - Presentations - Day 10am -14am (face2face)
	work on final submission
30.09.	Deadline: Camera Ready Paper Submission

For more information please contact Henrich C. Pöhls.