P323 - Sicherheit 2022 - Sicherheit, Schutz und Zuverlässigkeit
Auflistung P323 - Sicherheit 2022 - Sicherheit, Schutz und Zuverlässigkeit nach Autor:in "Christian Wressnegger, Delphine Reinhardt"
1 - 10 von 22
Treffer pro Seite
Sortieroptionen
- TextdokumentAnalyzing the Software Patch Discipline Across Different Industries and Countries(GI SICHERHEIT 2022, 2022) Müller, Robin; Ruppert, Julius; Will, Katharina; Wüsteney, Lukas; Heer, TobiasIn view of recent cyberattacks and new regulatory requirements, companies in different industries and countries are forced to implement additional IT security measures. Nevertheless, a large number of services with vulnerable or outdated software can be found on the Internet. In this work, we investigate whether industry-specific differences exist in the maintenance and use of outdated Internet-facing software. For this purpose, we combine results from Internet-wide port scans with product and version information as well as information of companies listed at stock markets in different countries. We show that different industries have more or less up-to-date software for different services like remote access tools, databases, webservers and file servers. With this approach, we discovered surprising amounts of outdated and even unsupported software in use across many industries and countries.
- TextdokumentAutomated Monitoring of Operational Technology Security and Compliance for Power Grids(GI SICHERHEIT 2022, 2022) Fraune, BastianIT security standards can increase trust in a system or component if compliance to the standard can be proven to third parties. Those standards usually specify requirements for security features, which then lead to a certain configuration of an industrial control system. Continuous monitoring of IT security configurations on intelligent electronic devices is difficult because there is no standardised way to query the security configurations of those devices. The objective of this PhD project is to enable automatic querying of security settings from industrial control system in the use case of the power grid infrastructure for remote monitoring. This opens up the possibility of automatically comparing the actual security state on the device against the defined IT security standard configurations. In such cases, industrial control systems that do not comply with defined security standards can thus be identified directly by monitoring systems in the control centre.
- TextdokumentCyber-Defense “Gemessen, Bewertet und Ausgerichtet” - Ein Praxisbericht(GI SICHERHEIT 2022, 2022) Lochmann, Fabian; Schmerl, SebastianBei dem hier vorgestellten Cyber-Defense-Maturity-Assessment handelt es sich um eine Methodik zur Erfassung und Bestimmung der Cyber-MITRE ATT&CKTM Framework. Es wird gezeigt, wie sich effizient und praxisorientiert die aktuelle Bedrohungslage für ein Unternehmen inklusive des Branchen-und Geo-Fokus von Abwehr-Fähigkeiten eines Unternehmens. Die Methodik basiert dabei auf dem freien und weltweit anerkannten Angreifer-Gruppen mit Hilfe präventiver sowie auf Erkennung gestützte Security-Controls erfasst und das erforderliche Schutzniveau bestimmen lässt.
- TextdokumentDifferential Testing: How to find differences between programs that mostly behave identically?(GI SICHERHEIT 2022, 2022) Möller, JonasDifferences between programs based on the same specification might lead to vulnerabilities that can not be detected by conventional testing. Differential testing is able to find these discrepancies by executing multiple programs on the same input and comparing their output. In this work, we discuss the fundamentals of differential testing and outline a general scheme for differential testing methods which is used to categorize and analyze current research approaches. Based on this, we formulate our own research questions which focus on how machine learning can aid differential testing
- TextdokumentFighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulator(GI SICHERHEIT 2022, 2022) Gruber, Jan; Freiling, Felix C.Sandboxes are an indispensable tool in dynamic malware analysis today. However, modern malware often employs sandbox-detection methods to exhibit non-malicious behavior within sandboxes and therefore evade automatic analysis. One category of sandbox-detection techniques are reverse Turing tests (RTTs) to determine the presence of a human operator. In order to pass these RTTs, we propose a novel approach which builds upon virtual machine introspection (VMI) to automatically reconstruct the graphical user interface, determine clickable buttons and inject human interface device events via direct control of virtualized human interface devices in a stealthy way. We extend the VMI-based open-source sandbox DRAKVUF with our approach and show that it successfully passes RTTs commonly employed by malware in the wild to detect sandboxes
- TextdokumentHardening the Security of Server-Aided MPC Using Remotely Unhackable Hardware Modules(GI SICHERHEIT 2022, 2022) Doerner, Dominik; Mechler, Jeremias; Müller-Quade, JörnGarbling schemes are useful building blocks for enabling secure multi-party computation (MPC), but require considerable computational resources both for the garbler and the evaluator. Thus, they cannot be easily used in a resource-restricted setting, e.g. on mobile devices. To circumvent this problem, server-aided MPC can be used, where circuit garbling and evaluation are performed by one or more servers. However, such a setting introduces additional points of failure: The servers, being accessible over the network, are susceptible to remote hacks. By hacking the servers, an adversary may learn all secrets, even if the parties participating in the MPC are honest. In this work, we investigate how the susceptibility for such remote hacks in the server-aided setting can be reduced. To this end, we modularize the servers performing the computationally intensive tasks. By using data diodes, air-gap switches and other simple remotely unhackable hardware modules, we can isolate individual components during large parts of the protocol execution, making remote hacks impossible at these times. Interestingly, this reduction of the attack surface comes without a loss of efficiency.
- TextdokumentOn CRDTs in Byzantine Environments(GI SICHERHEIT 2022, 2022) Jacob, Florian; Bayreuther, Saskia; Hartenstein, HannesConflict-free Replicated Data Types (CRDTs) allow updates to be applied to different replicas independently and concurrently, without the need for a remote conflict resolution. Thus, they provide a building block for scalability and performance of fault-tolerant distributed systems. Currently, CRDTs are typically used in a crash fault setting for global scale, partition-tolerant, highly available databases or collaborative applications. In this paper, we explore the use of CRDTs in Byzantine environments. This exploration is inspired by the popular Matrix messaging system: as recently shown, the underlying Matrix Event Graph replicated data type represents a CRDT that can very well deal with Byzantine behavior. This “Byzantine Tolerance” is due to mechanisms inherent in CRDTs and in the hash-based directed acyclic graph (HashDAG) data structure used in Matrix. These mechanisms restrict Byzantine behavior. We, therefore, discuss Byzantine behavior in a context of CRDTs, and how the notion of Byzantine tolerance relates to equivocation. We show that a subclass of CRDTs is equivocation-tolerant, i.e., without equivocation detection, prevention or remediation, this subclass still fulfills the CRDT properties, which leads to Byzantine tolerance. We conjecture that an operation-based Byzantine-tolerant CRDT design supporting non-commutative operations needs to be based on a HashDAG data structure. We close the paper with thoughts on chances and limits of this data type.
- TextdokumentOngoing Automated Data Set Generation for Vulnerability Prediction from Github Data(GI SICHERHEIT 2022, 2022) Hinrichs, TorgeThis paper describes the development of a continuous github repository analysis pipeline with the focus on creating a data set for vulnerability prediction in source code. Currently, used data sets consist only of source code functions or methods without additional meta information. This paper assumes that the surrounding code of vulnerable functions can be beneficial to the detection rate. In order to test this assumption, large data sets are needed that can be created using the proposed pipeline. Although the pipeline requires some improvements, in a first test run 1.5 million repositories could be analyzed and evaluated. The resulting data set will be published in the future.
- TextdokumentPrivacyDates: A Framework for More Privacy-Preserving Timestamp Data Types(GI SICHERHEIT 2022, 2022) Burkert, Christian; Balack, Jonathan; Federrath, HannesCase studies of application software data models indicate that timestamps are excessively used in connection with user activity. This contradicts the principle of data minimisation which demands a limitation to data necessary for a given purpose. Prior work has also identified common purposes of timestamps that can be realised by more privacy-preserving alternatives like counters and dates with purpose-oriented precision. In this paper, we follow up by demonstrating the real-world applicability of those alternatives. We design and implement three timestamp alternatives for the popular web development framework Django and evaluate their practicality by replacing conventional timestamps in the project management application Taiga.
- TextdokumentRecent Developments in the Context of Online Elections and Digital Polls in Germany(GI SICHERHEIT 2022, 2022) Beckert, Bernhard; Budurushi, Jurlind; Grunwald, Armin; Krimmer, Robert; Kulyk, Oksana; Küsters, Ralf; Mayer, Andreas; Müller-Quade, Jörn; Neumann, Stephan; Volkamer, MelanieThe paper summarizes the technical report [Be21] which was published in 2021. The aim of the paper is to summarize and critically discuss the situation in Germany concerning electronic voting.
- «
- 1 (current)
- 2
- 3
- »