Meet the Trust@HsH team at the RSA conference 2015 in San Francisco

The Trust@HsH research group will present their IF-MAP related work on this year’s RSA conference during the Trusted Computing Groups Association Seminar and Demonstration Showcase on Mondyay, 20th April in the time from 9AM to 1PM (PST).

It will be held at the Moscone Convention Center (West) in the room 2002/2006.

We will be participating at 2 out of the 20 different demonstration booths, showcasing our IF-MAP tools, like the MAP server irond or the visualisation client VisITMeta in collaboration with tools from other vendors like DECOIT or Pulse Secure.

The Trust@HsH team will be happy to welcome you at our booths titled BYOD Solutions Wellin Hand: Standards-Based Mobile Security and Near Real-Time Network Security with an IF-MAP-Based SIEM Approach!

16 Apr 2015

Bugfixes for VisITMeta

We released two bugfixes for our IF-MAP visualization software VisITMeta, so the current version is 0.4.2.

Bugs fixed:

  • Wrong rendering of links between vendor-specific metadata
  • Wrong behavior when changing colors of metadata nodes and selecting single nodes
08 Apr 2015

VisITMeta 0.4.0 released

Our IF-MAP visualization software VisITMeta has been released in version 0.4.0.

It features the following changes:

  • Search functionality: it is now possible to search for metadata and identifier nodes within the GUI, by using a very simplistic search “language”
  • New history navigation via tabs for live, history and delta view
  • Support for metadata published via the notify operation (only accessible via the REST interface at the moment)
  • Now using of ironcommon, our new utility library for ifmapj-based projects
  • Integration of Checkstyle plugin into our Maven build environment
  • Modified Maven pom.xml so that running VisITMeta within Eclipse should now be possible
  • Some minor bugfixes

Screenshot of VisITMeta GUI v0.4.0 The screenshot shows the new search functionality via searching for all nodes containing ip and 10.0.0 as well as all nodes exactly matching device; all nodes that do not match the search string are rendered slightly transparent. The screenshot also shows the new tab-based control over history navigation.

As always, the sourcecode is available at Github on the projects repository page.

23 Mar 2015

Several new releases of iron* software

During the last days we released new versions of nearly all our IF-MAP based software. Most releases are due to an integration of the Checkstyle plugin and changes to the Unix start scripts.

Some projects however received additional updates and functionality, as listed below:

  • ifmapj 2.2.2 (also on Maven Central) * Fixed a bug regarding the date format in logging (thanks to Markus Schölzel from DECOIT)

  • irondemo 0.5.0

    • Ability to start needed components via agenda
    • Fixes to project configurations
  • irondetect 0.0.8 * As db4o is no longer available, we now use YAML to define and load the training data

We also released a new helper library called ironcommon, that contains things like

  • Checkstyle policy and How-To to include it in Eclipse
  • Added Eclipse formatter and clean-up files
  • (first version of) YAML configuration file handling

It is available via Github and Maven Central; our other projects will be adapted .

The sourcecode of all projects is also available at Github on the projects repository page.

06 Mar 2015

VisITMeta 0.3.0 released

Today we released a new version of our IF-MAP visualization software VisITMeta.

Version 0.3.0 features the following changes:

  • bugfixes for handling of circular graphs, deltas that contain subgraphs and wrong order of handling updates and deletes from incoming IF-MAP poll results
  • improvements to YAML configuration file usage
  • JUnit tests of the main interface (and the underlying graph handling) to external services

The sourcecode of VisITMeta is also available at Github on the projects repository page.

16 Dec 2014

Metalyzer and VisITMeta 0.2.0 released

alternate text

With Metalyzer we introduce a software, that allows to analyse IF-MAP data for statistic and semantic features.

Metalyzer consists of two separate modules:

  1. a module that can be loaded by the dataservice application of VisITMeta, that performs the analysis on MAP data and provides REST-like access to the results

  2. a visualization client that presents these results via tables, charts and other diagrams.

Some of the analysis that can be done with Metalyzer include the absolute and relative frequencies of different identifiers and metadata or an overview of associated IP addresses and MAC addresses, found by following a given path in the IF-MAP graph data.

The statistic analysis is partly done by using the R framework, whereas the visualization via charts and diagrams uses the JFreechart library.

Metalyzer was developed by a group of 9 students during their bachelor studies within two terms at the Hochschule Hannover.

Please find the sourcecode and instructions on how to build Metalyzer and include it in a VisITMeta runtime environment in the projects Github repository.

In combination with the release of Metalyzer in its first version we also release VisITMeta in version 0.2.0. The main feature of this version is the added support for external modules - like Metalyzer - , to allow arbitrary processing on the stored MAP data.

We also fixed a bug that happened when the delta is calculated after a single value metadata was updated, and added the possibility to select and unselect single nodes in the GUI application.

The sourcecode of VisITMeta is also available at Github on the projects repository page.

19 Sep 2014

irond now fully supports IF-MAP 2.2

Good news, everyone!

The freshly released 0.5.0 version of our MAP server irond incorporates a number of changes to provide full compliance with the IF-MAP 2.2 specification. Some of the features include (see the specification for the whole changelog):

  • MAP Content Autorization - MAP Content Authorization provides a standard model for controlling what operations MAP Clients can execute upon the content of a MAP server.

  • ifmap-server identifier - The IF-MAP server-identifier is a well known extended identifier that provides a dedicated identifier on which MAP servers can create server-capability metadata to indicate which capabilities they supports. The IF-MAP server-identifier is published by the MAP server itself to enable MAP clients to find out which IF-MAP version and optional capabilities the MAP server they intend to communicate with supports.

  • ifmap-timestamp-fraction metadata attribute - This special or “operational” attribute that MAP servers add to stored metadata enables for finely grained timestamps with potentially arbitrary precision.

To the best of our knowledge, the Trust@HsH research group are the first to implement a fully IF-MAP 2.2 compliant MAP server and we are proud to provide researchers in industry and academia with an open source implementation to support their research activities.

You can find precompiled binaries and the sources on our github page. Please consult the README for details on building irond on your own.

Note: We already released version 0.5.1 of irond, as we changed a small shortcoming in the build process.

01 Sep 2014

Updates on VisITMeta and irondemo

Just a few days after the last release, we like to introduce VisITMeta 0.1.2 to the public.

Changes and new features include

  • Bipartite layout: identifiers and metadata are ordered in 5 columns, where columns 1 and 5 are used by metadata attached to one identifier, column 3 is used by link metadata and columns 2 and 4 are used to show identifiers.
  • Dataservice uses neo4j v2.1.2 instead of v1.8
  • Extended identifier now uses the root-element of their inner XML to represent them
  • Metadata nodes now also allow different textual representation (two supported styles at the moment: just the typename of the metadatum, or with the publish timestamp in a second text line)
  • Transparency of glow effects now works correctly
  • Fixed a bug that occured when the liveview-checkbox was unchecked too soon after application startup

alternate text This screenshot shows the new bipartite layout as well as some of the features from version 0.1.1, like enhanced identifier information or the new information panel at the bottom of the GUI.

Furthermore, we released version 0.4.5 of our demonstration environment irondemo. It features a new scenario visitmeta-project as well as some bugfixing/enhancements to the agenda parser (now allows trailing/leading whitespace and blank lines).

Both projects are available via their repositories on Github.

12 Aug 2014
Hochschule Hannover
University of Applied Sciences and Arts
Faculty IV, Dept. of Computer Science
Ricklinger Stadtweg 120
30459 Hannover, Germany
Google+ Twitter Youtube Atom-Feed

Channel: #trustathsh