Meet the Trust@HsH team on CeBIT 2014
The Trust@HsH research group will present their work in IT and Network Security on this year’s CeBIT as one of 27 exhibitors of the joint booth of Germany’s federal state of Lower Saxony. Core themes of the joint booth are information security, law enforcement, IT and government solutions.
True to the booth’s motto “We have foresight”, the Trust@HsH research group will showcase their current work in Security Information and Event Management (see SIMU project) and in visualization of network security (see VisITMeta project).
You can watch a high level demonstration of our open source IF-MAP tools or discuss the nitty details of their concepts or even implementation with our developers who will be present over the entire duration of the fair.
The Trust@HsH team will be happy to welcome you in Hall 7, at booth c28!
06 Mar 2014
New releases of all ifmapj-based software
As we mentioned in our last news about the release of ifmapj 1.0.0, we successfully updated all of our ifmapj-based tools to make use of ifmapj 1.0.0.
All of our Github master branches for the following software were adjusted to use ifmapj 1.0.0, and therefore use the new package structure (de.hshannover.f4.trust).
20 Dec 2013
ifmapj 1.0.0 available at Maven Central
ifmapj, our Java library for IF-MAP Clients is now available via Maven Central.
As mentioned in our post about the new name of our research group, we increased the version number to 1.0.0, as we adapted the package names in all source files of ifmapj to match the new name of our research group and University.
At the moment, we are working on all our IF-MAP Clients that use ifmapj, to adapt them to use ifmapj 1.0.0 and therefore also adjust their package structure, so there will be new releases as well.
So in the near future, when all tools are adapted, all of our IF-MAP Clients can then be simply build by downloading them from Github and then run Maven, and ifmapj will be downloaded automatically by Maven like every other dependency.
We will publish a further news item, when adapting all tools is finished. Until then, you can use and build our tools as before (including manually installing ifmapj to your local Maven repository).
18 Dec 2013
Research group renamed - Trust@HsH
From today, our research group will present itself under a new name: Trust@HsH
New name and logo
As our University recently changed its name from Fachhochschule Hannover (FHH) to Hochschule Hannover (HsH), we decided to rename our research group from Trust@FHH to Trust@HsH to reflect this change.
During this process, we also changed our logo to match the new corporate design (color of our faculty, official font of the University).
New account names/URLs
As our name changes, our accounts all over the web also will be renamed (and thus some get new URLs):
We will also change the package structure of our software to de.hshannover.f4.trust. All our libraries - only ifmapj at the moment - will get a major version number increase, all other tools will be updated to use the new ifmapj 1.0.0 version over the next (few) weeks.
If you find broken links or other inconsistencies, feel free to contact us via firstname.lastname@example.org.
17 Dec 2013
Trust@FHH Participates in ETISS 2013
As in previous years, members of the Trust@FHH group have participated in the European Trusted Infrastructure and Systems School 2013 (ETISS 2013) hosted at the Graz University of Technology. The ETISS winter school covers a variety of fields related to creating a trusted infrastructure to cope with the demands of current and future information processing.
Our research associate Thomas Rossow and our student assistant Thomas Oelsner enjoyed interesting talks by some of the leading experts on Trusted Computing and lively discussions with fellow researchers in the beautiful city of Graz. A real treat was the Capture the Flag tournament where 5 teams had to attack the other teams’ servers while securing their own machines. Thomas Rossow’s team was able to score highest and make the first place.
The Trust@FHH team would like to express its appreciation to Peter Lipp and his team for organizing this great event.
Winners of the ETISS 2013 Capture the Flag (left to right):
11 Dec 2013
- Wolfgang Wieser (Graz University of Technology)
- Hubert Gasparitzi (Graz University of Technology)
- Thomas Rossow (Trust@FHH)
- Davide Papini (Royal Holloway University of London)
irondemo - an IF-MAP demo and testing environment
The Trust@FHH team would like to announce that our new IF-MAP demo and testing environment, irondemo, is now available to the public on github.
irondemo is a utility written in Perl that automates the task of downloading and building various of our IF-MAP tools (such as irond, irondetect, irongui and others). Third party tools can easily be integrated by providing instructions for downloading and building the sources in a YAML file.
irondemo also allows for easily constructing demo or test scenarios by describing them in a YAML file and providing the neccessary config files and scripts. irondemo will handle copying of the needed binaries and making sure the demo is set up in a clean environment.
We are still in an early stage of developement, but we see a lot of potential here. Our midterm goal for irondemo is to extend it gradually until we have a full blown environment for automated testing of different IF-MAP tools by being able to simulate complex network events on an IF-MAP level.
If you have any comments or questions, please contact us at email@example.com or create an Issue at the irondemo github page.
21 Nov 2013
Metalyzer - Analysis of MAP graphs
A new project called Metalyzer started at Hochschule Hannover. As part of their bachelor studies, 9 students work within this project for two terms.
Goals of the project
The project will extend the VisITMeta dataservice to perform statistical methods and semantic(-like) queries on MAP graphs and visualize the results within the VisITMeta GUI. With the use of VisITMeta’s history of MAP data, time-variant analysis can be done.
Some of the statistical analysis that are planed within the project are:
General graph-based analysis: how many nodes, how many edges, mean of edges per node, …
IF-MAP based analysis: how many identifiers of a special type, …
Analysis with respect to the history feature of VisITMeta: histogram of identifier-types at specific timestamp, development of number of a specific identifier over time, …
Furthermore, the project will also design and implement (simple) semantic queries, that can be performed on MAP graphs, like …
General information about the project
31 Oct 2013
- Type: Research project for bachelor students
- Start: October 2013
- Duration: 2 term (until June/July 2014)
- Team: 9 bachelor students, 2 research associates and 1 professor acting as advisors
irondetect - a IF-MAP based detection engine
The Trust@FHH team would like to announce that our IF-MAP based detection engine, irondetect, is available to the public via our Github account. Based on contexts, signatures and anomalies, irondetect is able to detect deviations from normal behavior in a IF-MAP based network.
The development was done within the ESUKOM project. irondetect is IF-MAP 2.1 compliant, but works on metadata specified by the ESUKOM project, which uses Features and Categories to structurize metadata.
In this first (prototypical) reslease, irondetect supports the following functionality:
Detection of abnormal behavior via Anomalies.
Anomaly detection uses a training phase to record the “normal” behavior.
Signatures allow for simple pattern matching of Features.
irondetect uses Contexts to further constrain, when specific signatures and anomalies are valid. Contexts can be the time, (geo) location or other parameters, that define the “situation” when a Feature was measured.
It dcan be controled via a policy language, consisting of Rules with Conditions and Actions.
Detection results are published back into the MAP server (both as ESUKOM and IF-MAP Standard metadata) so other components - and irondetect itself - can react on them.
At the moment, the release comes more or less without a user documentation; you can use our demo environment irondemo (also available at Github) and take a look at the provided policy of scenario 1. Our ifmapcli tools also provide some tools to publish metadata that uses the ESUKOM metadata model.
We will release a specific irondetect documentation as well as more sophisticated example policies and scenarios for irondemo in the future.
If you have any comments or questions, please contact us at firstname.lastname@example.org or directly create an Issue at the corresponding Github-project page.
24 Oct 2013