direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Logo der TU Berlin

SE Autonomous Security

Modul: Special Topics in Communication Networks and Autonomous Security (MINF-KT-CNAS.W10)
Semester: Wintersemester 2011/12
Art: SE (2 SWS / 3 LP)
LV-Nr.: 0435 L 781
Veranstalter: Dr. Seyit Ahmet Camtepe
Dr.-Ing. Karsten Bsufka
Dr.-Ing. Aubrey-Derrick Schmidt
Ort und Zeit: Themenvergabe am 19.10., 18-19 Uhr im TEL 1414

This seminar will be organised within the lecture Topics in Communication Networks and Autonomous Security.

Master degree seminer with following topics from Autonomous and Pervasive Security fields:

Securing Android-based Devices

Language: English / German

Trainer: Dr.-Ing. Aubrey-Derrick Schmidt, Leonid Batyuk

Smartphones become more and more popular. As the capabilities (cpu, memory, communication, sensing) of these devices increase, they provide mobile computing power that can be used in variety of critical applications. Resulting security and privacy issues become even more series with android open-platform which permits very short innovation cycle for emerge of new smartphone applications without any proper security measures. Our aim in this seminar topic is to identify weaknesses in the Google Android platform and examine appropriate security architectures that can protect against such vulnerabilities.

Secure Agent Communication

Language: English / German

Trainer: Dennis Grunewald

In Multi-Agent Systems (MAS), software agents communicate with each other and also exchange sensitive data that needs protection. The intention is to hide the data from third parties, i.e. agents that are not directly involved in the communication. Communication comes in basically two forms: (1) between agents on the same platform (e.g. the same host) and (2) between agents on different platforms. While traditional approaches like using simple TLS/SSL communication might be sufficient for stationary agents, mobile agents, which are able to migrate between different platforms, increase the requirements for secure communication. The student reads miscellaneous papers on this topic and sums up the different approaches in a survey paper.

Simulation in Security Research

Language: English / German

Trainer: Dr.-Ing. Karsten Bsufka, Joel Chinnow

Security research, especially intrusion detection, require data for developing and evaluating approaches. This data is either collected in static data sets, generated in test beds or captured in real IT environments. All of these approaches have advantages and disadvantages, one alternative approach is the use of simulation for creating the required data. The aim of this seminar topic is to create an overview of used tools and conducted simulation experiments and to identify the advantages and disadvantages of using simulation.

A Quantitative Methodology for Online IT Risk Management

Language: English / German

Trainer: Stephan Schmidt

Risk management and business process management play an increasingly vital role in contemporary corporate infrastructures due to a multitude of operational, technical and regulatory reasons. Increasingly complex interdependencies as well as flexibility demands in rapidly changing networked environments make this effect even more pronounced for companies which are strongly based in the IT domain. Current risk management methodologies are often static in nature and can not meet the demands of operational practices.

We focus on a quantitative framework for organizational IT risk management. The underlying risk management process splits into three phases. The risk assessment phase quantifies asset values at a high level and threats at a low level of abstraction. Augmented by interdependency analysis rooted in graph theory, these values are correlated at the hardware level where tactical risk mitigation strategies are available. Theoretically optimal and scalable risk mitigation strategies based on game and control theory are applied in risk mitigation phase which minimize the total risk over a given finite time horizon utilizing the given security budget. The risk transfer phase includes strategies for redesigning corporate IT infrastructure based on high-risk interdependencies.

Non-Intrusive User Behavior Analysis Using Computerized Systems

Language: English / German

Trainer: Arik Messerman

There are different ways to authenticate humans to a system. An authentication process consists of the validation of the authorization by any subset of three factors: (i) something you know (password), something you have (smartcard), and something you are (biometrics). Besides classical attacks on password and risk that smartcards can be stolen, biometric have their own disadvantages such as requirement of expensive devices, risk of stolen bio-templates. Moreover existing approaches provide authentication process usually performed only once initially. Non-intrusive and continuous monitoring of user activities emerges as promising solution in hardening authentication process.

Identity Management Mechanisms for Smart Homes

Language: Deutsch / English

Trainer: Tarik Mustafic

Recent developments in Ambient Assisted Living (AAL) technologies suggest that in the near future home environment will be surrounded with networked intelligent devices and sensors bringing more comfort and safety. Technical requirements for implementation of innovative services in home environment are largely met, but these services have to be supported by smart and intelligent identity management solutions. Our aim is to investigate smart identity management mechanisms for smart homes that can be applied for private use.

Security in Smart Grids

Language: Deutsch / English

Trainer: Joel Chinnow

Smart Grid is a key technology for integrating distributed energy resources to meet the increasing energy demands of our society. Thereby, two concepts gained attention: Virtual power plants and smart metering. But, the required communication technology introduces number of security and privacy concerns. Therefore, the protocols have to be analyzed with regard to confidentiality, integrity and availability. Example protocols which are standardized or under standardization process are: Multi Utility Communication (MUC), Smart Message Language (SML) or DIN 43863-4.

Analysis of Multi-step Internet Attacks

Language: English / Deutsch

Trainer: Dr. Seyit Ahmet Camtepe

Due to increased complexity, scale and functionality of Information and telecommunication (IT) infrastructures, every day new exploits and vulnerabilities are discovered. These vulnerabilities are most of the time used by malicious people to penetrate these IT infrastructures for mainly disrupting business or stealing intellectual properties. Our focus is identifying possible attack vectors reflecting likely multi-step attack vectors within an IT infrastructure by using device vulnerabilities and possible exploits listed in public vulnerability and threat databases (NVD, CVE, CPE, CWE, CVSS, etc.) Attack vectors simply provides ordered list of which vulnerabilities should be exploited where and when so that target resource can be compromised. The aim of this seminar topic is to understand existing works in attack modeling and attack analysis, and identify challenges towards realizing automated analysis solutions.