Logo des Repositoriums

P323 - Sicherheit 2022 - Sicherheit, Schutz und Zuverlässigkeit

https://dl.gi.de/handle/20.500.12116/40129
Auflistung nach:

Auflistung P323 - Sicherheit 2022 - Sicherheit, Schutz und Zuverlässigkeit nach Erscheinungsdatum

Zu einem Punkt im Index springen:
1 - 10 von 22
  • Textdokument
    Your website has been hijacked: Raising awareness for an invisible problem
    (GI SICHERHEIT 2022, 2022) Hennig, Anne
    Running a business without having a website is nearly impossible nowadays. Content management systems (CMS) provide features which make it easy for laypersons to create sophisticated websites. But those can pose security risks and provide vulnerabilities for manipulations. With vulnerability notifications, website owners are notified about security risks. The work of this doctoral thesis is divided into two main parts: At first it is necessary to identify common themes with respect to vulnerability notifications and provide more information on how to improve future vulnerability notifications. The second main part is to develop and evaluate suitable awareness materials.
  • Textdokument
    Analyzing the Software Patch Discipline Across Different Industries and Countries
    (GI SICHERHEIT 2022, 2022) Müller, Robin; Ruppert, Julius; Will, Katharina; Wüsteney, Lukas; Heer, Tobias
    In view of recent cyberattacks and new regulatory requirements, companies in different industries and countries are forced to implement additional IT security measures. Nevertheless, a large number of services with vulnerable or outdated software can be found on the Internet. In this work, we investigate whether industry-specific differences exist in the maintenance and use of outdated Internet-facing software. For this purpose, we combine results from Internet-wide port scans with product and version information as well as information of companies listed at stock markets in different countries. We show that different industries have more or less up-to-date software for different services like remote access tools, databases, webservers and file servers. With this approach, we discovered surprising amounts of outdated and even unsupported software in use across many industries and countries.
  • Textdokument
    Automated Monitoring of Operational Technology Security and Compliance for Power Grids
    (GI SICHERHEIT 2022, 2022) Fraune, Bastian
    IT security standards can increase trust in a system or component if compliance to the standard can be proven to third parties. Those standards usually specify requirements for security features, which then lead to a certain configuration of an industrial control system. Continuous monitoring of IT security configurations on intelligent electronic devices is difficult because there is no standardised way to query the security configurations of those devices. The objective of this PhD project is to enable automatic querying of security settings from industrial control system in the use case of the power grid infrastructure for remote monitoring. This opens up the possibility of automatically comparing the actual security state on the device against the defined IT security standard configurations. In such cases, industrial control systems that do not comply with defined security standards can thus be identified directly by monitoring systems in the control centre.
  • Textdokument
    Reinforcement Learning-Controlled Mitigation of Volumetric DDoS Attacks
    (GI SICHERHEIT 2022, 2022) Heseding, Hauke
    This work introduces a novel approach to combine hierarchical heavy hitter algorithms with reinforcement learning to mitigate evolving volumetric distributed denial of service attacks. The goal is to alleviate the strain on the network infrastructure through early ingress filtering based on compact filter rule sets that are evaluated by fast ternary content-addressable memory. The reinforcement learning agents task is to maintain effectiveness of established filter rules even in dynamic traffic scenarios while preserving limited memory resources. Preliminary results based on synthesized traffic scenarios modelling dynamic attack patterns indicate the feasibility of our approach.
  • Textdokument
    Sicherheit medizintechnischer Protokolle im Krankenhaus
    (GI SICHERHEIT 2022, 2022) Saatjohann, Christoph; Ising, Fabian; Gierlings, Matthias; Noss, Dominik; Schimmler, Sascha; Klemm, Alexander; Grundmann, Leif; Frosch, Tilman; Schinzel, Sebastian
    Medizinische Einrichtungen waren in den letzten Jahren immer wieder von Cyber-Angriffen betroffen. Auch wenn sich diese Angriffe derzeit auf die Office-IT-Infrastruktur der Einrichtungen konzentrieren, existiert mit medizinischen Systemen und Kommunikationsprotokollen eine weitere wenig beachtete Angriffsoberfläche. In diesem Beitrag analysieren wir die weit verbreiteten medizintechnischen Kommunikations-Protokolle DICOM und HL7 sowie Protokoll-Implementierungen auf ihre IT-Sicherheit. Dafür präsentieren wir die Ergebnisse der Sicherheitsanalyse der DICOM-und HL7-Standards, einen Fuzzer “MedFUZZ” für diese Protokolle sowie einen Schwachstellenscanner “MedVAS”, der Schwachstellen in medizintechnischen Produktivumgebungen auffinden kann.
  • Textdokument
    Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors
    (GI SICHERHEIT 2022, 2022) Ohm, Marc; Kempf, Lukas; Boes, Felix; Meier, Michael
    Trojanized software packages used in software supply chain attacks constitute an emerging threat. Unfortunately, there is still a lack of scalable approaches that allow automated and timely detection of malicious software packages and thus most detections are based on manual labor and expertise. However, it has been observed that most attack campaigns comprise multiple packages that share the same or similar malicious code. We leverage that fact to automatically reproduce manually identified clusters of known malicious packages that have been used in real world attacks, thus, reducing the need for expert knowledge and manual inspection. Our approach, AST Clustering using MCL to mimic Expertise (ACME), yields promising results with a F1 score of 0.99. Signatures are automatically generated based on characteristic code fragments from clusters and are subsequently used to scan the whole npm registry for unreported malicious packages. We are able to identify and report six malicious packages that have been removed from npm consequentially. Therefore, our approach can support the detection by reducing manual labor and hence may be employed by maintainers of package repositories to detect possible software supply chain attacks through trojanized software packages.
  • Textdokument
    SMT-Based Verification of Concurrent Critical System
    (GI SICHERHEIT 2022, 2022) Güdemann, Matthias
    Petri nets are a widely used formalism to describe and analyze critical systems. It is in particular well suited for systems with concurrency like cache coherence protocols, fault-tolerant distributed systems or security critical protocols. The verification approaches for Petri nets are most often based on enumerative approaches which allow for analyzing complex, often temporal, properties. Dataflow languages are widely used in safety critical systems. There are several state-of-the-art model-checkers for these languages. While the properties that can be verified are generally limited to invariants, it is possible to encode some interesting properties of Petri nets as invariants which makes them accessible for powerful analysis methods based on modern SMT and SAT solvers. The SpiNat approach transforms Petri net into synchronous dataflow language models. This allows for using predicate abstraction and the theory of unbounded integers allows to analyze the potentially unbounded markings of Petri nets using model-checking tools for languages like Lustre. The presented approach is orthogonal to enumeration based approaches for Petri net analysis and allows benefiting from any increase in efficiency of industrial strength SMT-based model-checkers like kind2 and Jkind
  • Textdokument
    Cyber-Defense “Gemessen, Bewertet und Ausgerichtet” - Ein Praxisbericht
    (GI SICHERHEIT 2022, 2022) Lochmann, Fabian; Schmerl, Sebastian
    Bei dem hier vorgestellten Cyber-Defense-Maturity-Assessment handelt es sich um eine Methodik zur Erfassung und Bestimmung der Cyber-MITRE ATT&CKTM Framework. Es wird gezeigt, wie sich effizient und praxisorientiert die aktuelle Bedrohungslage für ein Unternehmen inklusive des Branchen-und Geo-Fokus von Abwehr-Fähigkeiten eines Unternehmens. Die Methodik basiert dabei auf dem freien und weltweit anerkannten Angreifer-Gruppen mit Hilfe präventiver sowie auf Erkennung gestützte Security-Controls erfasst und das erforderliche Schutzniveau bestimmen lässt.
  • Textdokument
    Hardening the Security of Server-Aided MPC Using Remotely Unhackable Hardware Modules
    (GI SICHERHEIT 2022, 2022) Doerner, Dominik; Mechler, Jeremias; Müller-Quade, Jörn
    Garbling schemes are useful building blocks for enabling secure multi-party computation (MPC), but require considerable computational resources both for the garbler and the evaluator. Thus, they cannot be easily used in a resource-restricted setting, e.g. on mobile devices. To circumvent this problem, server-aided MPC can be used, where circuit garbling and evaluation are performed by one or more servers. However, such a setting introduces additional points of failure: The servers, being accessible over the network, are susceptible to remote hacks. By hacking the servers, an adversary may learn all secrets, even if the parties participating in the MPC are honest. In this work, we investigate how the susceptibility for such remote hacks in the server-aided setting can be reduced. To this end, we modularize the servers performing the computationally intensive tasks. By using data diodes, air-gap switches and other simple remotely unhackable hardware modules, we can isolate individual components during large parts of the protocol execution, making remote hacks impossible at these times. Interestingly, this reduction of the attack surface comes without a loss of efficiency.
  • Textdokument
    Short Paper: Untersuchung des Gender-gaps bei Cybersecurity-Publikationen
    (GI SICHERHEIT 2022, 2022) Mayer, Nico; Wendzel, Steffen; Keller, Jörg
    Im Bereich der Informatik konnte bereits aufgezeigt werden, dass es eine geringere Anzahl an weiblichen Autoren von wissenschaftlichen Publikationen gibt. Wir untersuchen die Frage, ob es ein ähnliches Verhältnis bei Publikationen im Teilbereich Cybersecurity gibt, ob Frauen seltener zitiert werden als Männer und ob ein Trend in den letzten 10 Jahren erkannt werden kann. Zur Beantwortung der Frage untersuchen wir ausgewählte Journale und Tagungen auf deren Zitierungsanzahl und die Geschlechtsverteilung der Autor:innen. Wir stellen keinen Gender-gap in Form einer Benachteiligung in der Zitierungsanzahl fest, allerdings liegt ein Gender-gap bei der Publikationszahl vor, der jedoch erwartbar ist und zudem in Cybersecurity weniger ausgeprägt ist als in der Informatik als Ganzes.