Fortgeschrittene IT-Sicherheit - WS 2006-07

Driving Directions & Room description

Address of lecture hall ESA 1 W, room 221:
Edmund-Siemers-Allee 1
20146 Hamburg
More information on this lecture hall

For driving directions please consult the map on the right or use the more detailed map of Hamburg.

Schedule

Date	Speaker	Location	Title
26.10.2006	Dieter Gollmann, Joachim Posegga	ESA 1 W, room 221	Introduction
02.11.2006	Mayutan Arumaithurai	ESA 1 W, room 221	NSIS implementation on OMNET
09.11.2006	Dimiter Milushev Vladimirov	ESA 1 W, room 221	Intrusion Detection and Prevention to Enhance Security in VoIP Environments
16.11.2006	Franjo Severinac	ESA 1 W, room 221	A bridge as a representative exemplified on ISAKMP
23.11.2006	Axel Grossklaus	ESA 1 W, room 221	Policy-Based Management of distributed Network Security Components
30.11.2006	Tilmann Holst	ESA 1 W, room 221	Automatic Correlation, Rating and Analyzing of Heterogeneous Network and Incident Data
07.12.2006	Siddharth Somasundaram	ESA 1 W, room 221	Web Services Firewalls
14.12.2006	Björn Zessack   Malko Steinorth	ESA 1 W, room 221	AES on sensor nodes   Automated Penetration Tests
21.12.2006	Úlfar Erlingsson (Microsoft Research Silicon Valley)	ESA 1 W, room 221	XFI: Software Guards for System Address Spaces
28.12.2006 and 04.01.2007 - Christmas vacation
11.01.2007	Björn Engelmann	ESA 1 W, room 221	Short talk: Dynamic web application analysis for client-side XSS protection
18.01.2007	Anna Otto     Juliya Tkachenko	ESA 1 W, room 221	Entwicklung von Datenschutzrollen für das Audit Information System im SAP ERP   Probleme und Lösungsansätze zum Identity Management System in einer universitären Umgebung
25.01.2007	Iam Sathish   Zheng Lei	ESA 1 W, room 221	Analysis of Security Features in IPv6   Integrate GPS Tracking Devices into Application with XML
01.02.2007	Saverio Niccolini (NEC Europe)	ESA 1 W, room 221	SPam over Internet Telephony (SPIT) prevention: state of the art, research challenges and solutions
08.02.2007	Björn Ahne	ESA 1 W, room 221	Short talk: Dynamic Evaluation of Input Filter Functions

Please contact Henrich C. Pöhls for further questions and for scheduling your talk.

Abstracts

02.11.2006 - Mayutan Arumaithurai - NSIS implementation on OMNET (Slides )

Recently on the internet there is an increase in the number of real-time services which are time-sensitive and require consistent performance with respect to loss, delay and jitter. Best-effort delivery is not adequate to support it. Therefore to achieve predictable performance levels, a QoS signalling technique is required to reserve and manage network resources. The proposed QoS signalling protocol RSVP has not been able to scale well and therefore after a lot of efforts to improve RSVP the focus was shifted to NSIS (Next Steps in Signalling). As NSIS is a relatively new protocol, there is a lot of scope for improvement towards a successful deployment. For this purpose NSIS has to be tested on a large scale.

09.11.2006 - Dimiter Milushev Vladimirov - Intrusion Detection and Prevention to Enhance Security in VoIP Environments (Slides )

The initial hype about VoIP technology deployment, resulting mainly from the promise of great cost savings, has gradually turned into hype about VoIP securrity issues. T he solution of the se security issues is expected to be critical for further large scale deployment and development of the technology. In this talk, I explore the possibility of enhancing and utili sing an existent and deployed network security technology, namely Intrusion Detection and Prevention , in order to considerably improve the security level in a VoIP environment . I will present a SIP IDS prototype software, developed by NEC labs, Europe. Then I discuss my work, which mainly consists of evaluating and enhancing the prototype in order to counter additional VoIP-related attacks, such as REFER, re-INVITE, REGISTER-related attacks etc. The conclusion of my talk is that the theoretical foundation for the usage of IDS for VoIP is relatively sound , but very general and therefore specific implementations should be evaluated to determine how feasible the IDS approach for VoIP environments is .

16.11.2006 - Franjo Severinac - A bridge as a representative exemplified on ISAKMP (Slides )

Network traffic between any (two) interconnected hosts can be secured by the use of IPsec. But it is not always possible or economical to upgrade the software and configuration of all nodes participating in the network. One solution to this problem is the use of a bridge as a security gateway, which applies the relevant security protocols on behalf of the protected nodes. The OpenBSD Ethernet bridge is extended to adopt a hosts identity on ISO OSI network layer and data link layer, with the aim, to be totally transparent to a protected host and the destination host or gateway. ISAKMP uses this functionality to exchange key material and afterwards to encrypt totally transparent. The presentation introduces the concept of the bridge being a representative.

23.11.2006 - Axel Grossklaus - Policy-Based Management of distributed Network Security Components (Slides )

Recent changes in the area of network use and network security demand moving from a central approach to a distributed one when deploying network security components in a network. This leads to an increase in costs and complexity of management and demands more methodology on how to get the best possible security benefit out of the invested resources. At the same time, policy based network management not only offers a powerful framework for central network management but outright demands control over each and every aspect of every system in a network. How can these two techniques be combined? What primary and secondary goals should be observed and how can an actual, and possibly even measurable, security gain be achieved? The talk describes a first step towards the development of a formally-founded management framework that is trustworthy and at the same time able to deal with the requirements, imperfections and general conditions of large-scale real-world networks.

30.11.2006 - Tilmann Holst - Automatic Correlation, Rating and Analyzing of Heterogeneous Network and Incident Data (Slides )

In recent years an enormous increase in IT security incidents has been noticed. The amount of directed serious attacks is almost constant, but the amount of automated unselective attacks is growing exponentially. This thesis will use a top-down approach to develop a method to effectively handle security incidents caused by mass attacks. It will start by introducing a common language for such incidents. Based on that common language different types of incidents will be described and categorized. As a last step requirements to detect these different incident types will be given and tested against information sources currently available - or needed.

7.12.2006 - Siddharth Somasundaram - Web Services Firewall (Slides )

Motivation: Network firewalls cannot detect web services threats because the ports that the web service operates, are open to HTTP traffic thereby allowing SOAP messages to flow undetected into a network. An attacker can put malicious command or data into the web service. As a normal firewall provides no message security at all, other ways of securing messages are necessary.
Solution: Web Services Firewall is an XML Application Firewall that works at the application level with in depth knowledge of web services. Web Services Firewall checks the content of the SOAP messages and thereby deciding whether the SOAP message should be delivered to the target operation of the target web service. Web services firewall cannot create secure web services but can only secure existing web services by managing the threats.

14.12.2006 - Björn Zessack - AES on sensor nodes (Slides )

The key feature of sensor nodes are their small size, their low power consumption and their ability to communicate wirelessly. Therefore, sensor nodes can be used in various application domains. This talk focuses on the monitoring of ship containers. Data monitored by the sensor nodes is sent via a base station to a data warehouse. Since the transmitting power of such sensor nodes is limited, data has to be relayed to reach the base station. For privacy reasons, the relaying nodes must not be able to understand data from other containers. For this reason, the data must be encrypted before sending.
Encryption on sensor nodes is challenging due to memory and power constraints. However, the AES algorithm can be used because of its adaptability. It was implemented on a Scatterweb ESB 430 sensor node which is distributed by the FU Berlin. The talk describes the experiences of implementing AES on the ESB 430. Also, various adjustments are discussed.

14.12.2006 - Malko Steinorth - Automated Penetration Tests (Slides )

Penetration testing is a well known method to measure the security level of a network. Nevertheless there are disadvantages like high prices and the fact that only a snapshot of the security level is shown.
By identifying sub processes of a penetration test that can be automated these drawbacks can be addressed. Due to automation penetration tests can be conducted at a more favourable price and therefore more often. Of course valuable information might get lost by automating penetration tests. Thus automated penetration tests can only be an add-on for other methods evaluating the IT security.
Based on existing penetration testing methodologies this thesis will work out penetration test tasks that can be automated. On this basis a way to aggregate and report this data will be developed. Special focus will be on the reporting of the ongoing development of the security level over time.
As this thesis follows a practical approach a prototype will be implemented and applied to example networks to assess the developed techniques.

21.12.2007 - Úlfar Erlingsson - XFI: Software Guards for System Address Spaces (Slides )

XFI is a comprehensive protection system that offers both flexible access control and fundamental integrity guarantees, at any privilege level and even for legacy code in commodity systems. For this purpose, XFI combines static analysis with inline software guards and a two-stack execution model. We have implemented XFI for Windows on the x86 architecture using binary rewriting and a simple, stand-alone verifier; the implementation's correctness depends on the verifier, but not on the rewriter. Our experiments confirm that XFI offers pervasive protection with only modest enforcement overheads. We have applied XFI to software such as device drivers and multimedia codecs; the resulting modules function safely within both kernel and user-mode address spaces. This is joint work with Martin Abadi, Michael Vrable, Mihai Budiu, and George Necula.

Speaker's BIO:
Úlfar Erlingsson is a researcher at Microsoft Research's Silicon Valley Center. He did his graduate work in the mid-to-late 90's at Cornell University's Information Assurance Institute on specifying and enforcing security properties using program rewriting techniques. Later, he was director of privacy protection for deCODE Genetics, where he oversaw the security design of a centralized healthcare database. After this, he co-founded and was CTO of Green Border Technologies, a Silicon Valley security software company. Recently, Úlfar's research has focused on low-level security mitigation and dependability techniques (e.g., involving hypervisors, hardware devices, and the precise syntax and semantics of x86 opcodes) in the Gleipnir project (http://research.microsoft.com/research/sv/gleipnir/).

11.01.2007 - Björn Engelmann - Dynamic web application analysis for client-side XSS protection (Slides )

One of the main reasons for the recently observed rapid increase of disclosed XSS vulnerabilities is the classical "misplaced incentives" situation: While the problem is caused by defective web applications, the ones jeopardised are their users. This fact, along with coverage considerations clearly demands a client-side defense mechanism, be it only as a last line of defense. This talk will describe the initial steps towards a formal framework for script-focussed structural website analysis able to distinguish an XSS attack from a change in the application. Primary objective is a tool using data-mining techniques to derive security-relevant information from observed user interactions.

18.01.2007 - Anna Otto - Entwicklung von Datenschutzrollen für das Audit Information System im SAP ERP

Unter dem Stichwort "Compliance" werden im Wirtschaftsrecht diejenigen Ge- und Verbotsvorschriften zusammengefasst, die bei der täglichen Arbeit zu beachten sind und eine entsprechende Kenntnis sowie organisatorische Voraussetzungen erfordern. Nachdem in den letzten Jahren einige Konzerne in Europa und und den USA wegen Bilanzmanipulation in die Schlagzeilen geraten sind, sollen die stetig steigenden Anforderungen der Gesetzgeber die Sicherheit und das Risiko eines Unternehmens optimieren. Bei Nichtbeachtung dieser Regelungen, können betroffene Mitarbeiter bzw. die Unternehmensleitung mit hohen Bußgeldern oder sogar strafrechtlichen Sanktionen belangt werden. Zunehmend von Bedeutung für die "Compliance" sind auch die Informationssicherheit und der Datenschutz. Die Auditierung von IT-Systemen ist ein Werkzeug um die Erfüllung der Regulierungsanforderungen sicherzustellen. In diesem Zusammenhang hat die SAP AG unter anderem das Audit Information System entwickelt. Dieser Vortrag erläutert die Entwicklung von Datenschutzrollen für das Audit Information System im SAP ERP.

18.01.2007 - Juliya Tkachenko - Probleme und Lösungsansätze zum Identity Management System in einer universitären Umgebung

In den letzten Jahren wurde eine große Anzahl verschiedener neuer Anwendungen und Systeme in das IT-Umfeld vieler großer Organisationen, Unternehmen und Behörden eingeführt. Dementsprechend stieg der Aufwand, der von solchen Organisationen für die Verwaltung der Benutzerdaten auf verschiedenen Systemen gefordert wird, immer weiter an. Jedes System in einer so heterogenen Landschaft hat meistens eine eigene Benutzerverwaltung und eigene Administratoren, sodass hier oft neue „Silos“ von Identitätsinformationen erzeugt werden. Somit kann die Komplexität der Benutzerdatenverwaltung, die proportional zu der steigenden Anzahl der Identitätsinformationen in einer Organisation immer größer wird, irgendwann zum Verlust der Kontrolle über Organisationsdaten und -prozesse führen. Ein Identity Management System soll diese Probleme lösen, indem die Verwaltungsaufgaben für digitale Identitäten über alle Systeme einer Organisation integriert und automatisiert werden. Dabei werden verschiedene Daten miteinander verknüpft, welche zu einer Person in verschiedenen Systemen einer Organisation gespeichert sind. So entstehen einheitliche digitale Identitäten, die man zentral verwalten kann. Dadurch lassen sich Kosteneinsparungen realisieren, Bearbeitungszeiten reduzieren und Fehlerquellen minimieren.

25.01.2007 - Iam Sathish - Analysis of Security Features in IPv6

This project aims at studying and analyzing the security features in Internet Protocol version 6 (IPv6). The various limitations in IPv4 has enabled the researchers to migrate from IPv4 to IPv6. With the growing popularity in the Internet and number of users increasing day by day, IPv6 has gained significant importance with various new features and enhancements which weren't found in IPv4. There are various new capabilities implemented in IPv6 such as Addressing and routing enhancements, simplification of Header format, new QOS capabilities and more importantly Authentication and Privacy capabilities.

The GOOD news is that security in IPv6 is very much like security in IPv4 but the BAD news is that security in IPv6 is very much like security in IPv4. This project deals with the study of why we go for the new version of the protocol IPv6, what are the flaws in IPv6, security framework implemented in IPv6 analysing in detail the various header formats and structures, the various IPv6 core protocols and their security considerations, information about what are the issues involved in the implementation of Firewall in IPv6, a detailed description of various IPsec Policy Modeling concepts, how the researchers have taken care of the transitions from version four to version six, the various threats and defences in IPv6 and steps taken care for the development of IPv6.

25.01.2007 - Zheng Lei - Integrate GPS Tracking Devices into Application with XML (Slides )

GPS Tracking devices are used to track, monitor and report on time and vehicle/person activity, including real time information on operational status (i.e. loading / unloading, in transit, waiting, return to base, current environment temperature, person motional status etc).

Devices talk with Servers with plaintext communication protocol. The project task is to use XML technology to build a dynamic GUI generation framework to integrate GPS tracking devices of different wireless communication technology and communication protocol.

01.02.2007 - Saverio Niccolini - SPam over Internet Telephony (SPIT) prevention: state of the art, research challenges and solutions

Spam is defined as the transmission of unsolicited mails; it is considered to be one of the biggest problems the Internet has ever faced. Today, more spam emails than regular emails are transmitted in the public Internet. Among other reasons, the spam problem became so widespread because there were no solutions developed ubiquitously before the problem arose. Nowadays there are available methods able to counter this problem with different approaches, but none of these methods constitutes a definitive solution.
With the increasing deployment of Internet telephony solutions, it is commonly expected that a similar form of spam will show up in this area. This threat is commonly referred to as SPIT (SPam over Internet Telephony) or Voice over IP (VoIP) spam. SPIT is defined as the transmission of unsolicited call over Internet telephony.
This talk analyzes the requirements for SPIT prevention, provides a thorough classification of currently known SPIT prevention methods, and introduces a generic SPIT prevention system architecture. As an instance of the generic architecture we designed and implemented an advanced SPIT prevention system composed of methods that avoid unnecessary callee interaction and fulfill the requirements of being less intrusive as possible from an end-user point of view while remaining adaptive in order to be customized for different scenarios.

Speaker's BIO:

Dr. Saverio Niccolini is currently a Senior Research Staff Member at NEC Europe Ltd., Network Laboratories in Heidelberg, Germany. He received his Ph.D. in Information Engineering in 2004 from University of Pisa with a thesis on "Voice over IP: Traffic Control, Resource Allocation and Measurements Techniques in Next Generation Networks". He authored two books (“IP Telephony Cookbook” and “Guide to Network Resource Tools”) and about 20 papers published in international conferences and magazines. His research interests include Voice over IP, Next Generation Networks architectures, security management and measurement techniques. He has been TPC co-chair of the VoIP Management and Security workshop collocated with IEEE NOMS in Vancouver in April 2006 and currently active in a number of other TPCs.

08.02.2007 - Björn Ahne - Dynamic Evaluation of Input Filter Functions

Web-applications have become exposed to a constantly growing palette of attack options. Cross Site Scripting, SQL Injection, Path Traversal and many more. Many of this attacks are only possible if user inputs aren't filtered carefully enough. But writing filters that check inputs for the whole bandwidth of attacks in all their variations isn't an easy task as it may seem at first glance. Exceptions to restrictions, failure tolerance of browsers and different kind of encodings make it really a complex task with many chances of failure.
This short talk presents a little introduction into a diploma thesis which aim it is, to help developers write proper input filters through an automated evaluation process. The talk will start by describing the problem motivating this work and continues with announcing the goals and presenting the structure (of the software) used to archive them.

Sicherheitsrelevante Themen von Informatiksystemen werden anhand von aktuellen Projekt-, Baccalaureats- und Diplomarbeiten und Dissertationsvorhaben vorgestellt und intensiv diskutiert. Das Seminar wird gemeinsam vom Arbeitsbereich SVA der Technischen Universität Hamburg-Harburg und dem Arbeitsbereich SVS des Fachbereichs Informatik der Universität Hamburg angeboten und soll auch dem Austausch der aktuellen Forschungsergebnisse zwischen den beiden Arbeitsbereichen dienen und die Zusammenarbeit vertiefen.

Das Oberseminar soll Studierenden und Promovierenden, die sich im Fachgebiet IT- Sicherheit vertiefen, eine Plattform bieten, um aktuelle Probleme und Forschungsarbeiten im Bereich IT-Sicherheit vorzustellen und zu diskutieren. Gastvorträge sind im Programm ebenfalls vorgesehen.

Most Presentations are made available for download in PDF format, to view them you need the Acrobat Reader version 5 or higher.