Trust@HsH at RSA Conference 2014

alternate text

The Trust@HsH research group, in person by Bastian Hellmann and Ralf Steuerwald, participated at this years RSA conference in San Francisco (24th-28th February).

At the TCG associated seminar “Get proactive with security” on Monday 24th, Trust@HsH presented a live demonstration of a BYOD-scenario including software of the iron* software suite as well as the StrongSwan VPN-software by Hochschule Rapperswil and the Android IF-MAP client by DECOIT GmbH.

TCG seminar at RSA 2014
Figure 1: TCG seminar at RSA 2014
Demo booth of Trust@HsH
Figure 2: Demo booth of Trust@HsH

Demonstration details (including virtual machines and setup instructions) will be released in the next few weeks.

The conference itself was a perfect opportunity to meet some fellow TCG members and other network security professionals and discuss our approaches and current work, as well as attending talks and panels with security experts like Bruce Schneier, Adi Shamir and Whitfield Diffie.

Impressions of RSA 2014
Figure 3: Impressions of RSA 2014

Here are some general impressions of the city of San Francisco.

Golden Gate Bridge
Figure 4: Golden Gate Bridge
Figure 5: Alcatraz
Lombard Street
Figure 6: Lombard Street
03 Mar 2014

New releases of all ifmapj-based software

As we mentioned in our last news about the release of ifmapj 1.0.0, we successfully updated all of our ifmapj-based tools to make use of ifmapj 1.0.0.

All of our Github master branches for the following software were adjusted to use ifmapj 1.0.0, and therefore use the new package structure (

20 Dec 2013

ifmapj 1.0.0 available at Maven Central

ifmapj, our Java library for IF-MAP Clients is now available via Maven Central.

As mentioned in our post about the new name of our research group, we increased the version number to 1.0.0, as we adapted the package names in all source files of ifmapj to match the new name of our research group and University.

At the moment, we are working on all our IF-MAP Clients that use ifmapj, to adapt them to use ifmapj 1.0.0 and therefore also adjust their package structure, so there will be new releases as well.

So in the near future, when all tools are adapted, all of our IF-MAP Clients can then be simply build by downloading them from Github and then run Maven, and ifmapj will be downloaded automatically by Maven like every other dependency.

We will publish a further news item, when adapting all tools is finished. Until then, you can use and build our tools as before (including manually installing ifmapj to your local Maven repository).

18 Dec 2013

Research group renamed - Trust@HsH

alternate text

From today, our research group will present itself under a new name: Trust@HsH

As our University recently changed its name from Fachhochschule Hannover (FHH) to Hochschule Hannover (HsH), we decided to rename our research group from Trust@FHH to Trust@HsH to reflect this change.

During this process, we also changed our logo to match the new corporate design (color of our faculty, official font of the University).

New account names/URLs

As our name changes, our accounts all over the web also will be renamed (and thus some get new URLs):

Software changes

We will also change the package structure of our software to All our libraries - only ifmapj at the moment - will get a major version number increase, all other tools will be updated to use the new ifmapj 1.0.0 version over the next (few) weeks.

If you find broken links or other inconsistencies, feel free to contact us via

17 Dec 2013

Trust@FHH Participates in ETISS 2013

As in previous years, members of the Trust@FHH group have participated in the European Trusted Infrastructure and Systems School 2013 (ETISS 2013) hosted at the Graz University of Technology. The ETISS winter school covers a variety of fields related to creating a trusted infrastructure to cope with the demands of current and future information processing.

Our research associate Thomas Rossow and our student assistant Thomas Oelsner enjoyed interesting talks by some of the leading experts on Trusted Computing and lively discussions with fellow researchers in the beautiful city of Graz. A real treat was the Capture the Flag tournament where 5 teams had to attack the other teams’ servers while securing their own machines. Thomas Rossow’s team was able to score highest and make the first place.

The Trust@FHH team would like to express its appreciation to Peter Lipp and his team for organizing this great event.

The CTF winners on ETISS 2013 Winners of the ETISS 2013 Capture the Flag (left to right):

  • Wolfgang Wieser (Graz University of Technology)
  • Hubert Gasparitzi (Graz University of Technology)
  • Thomas Rossow (Trust@FHH)
  • Davide Papini (Royal Holloway University of London)
11 Dec 2013

irondemo - an IF-MAP demo and testing environment

The Trust@FHH team would like to announce that our new IF-MAP demo and testing environment, irondemo, is now available to the public on github.

irondemo is a utility written in Perl that automates the task of downloading and building various of our IF-MAP tools (such as irond, irondetect, irongui and others). Third party tools can easily be integrated by providing instructions for downloading and building the sources in a YAML file.

irondemo also allows for easily constructing demo or test scenarios by describing them in a YAML file and providing the neccessary config files and scripts. irondemo will handle copying of the needed binaries and making sure the demo is set up in a clean environment.

We are still in an early stage of developement, but we see a lot of potential here. Our midterm goal for irondemo is to extend it gradually until we have a full blown environment for automated testing of different IF-MAP tools by being able to simulate complex network events on an IF-MAP level.

If you have any comments or questions, please contact us at or create an Issue at the irondemo github page.

21 Nov 2013

Metalyzer - Analysis of MAP graphs

alternate text

A new project called Metalyzer started at Hochschule Hannover. As part of their bachelor studies, 9 students work within this project for two terms.

Goals of the project

The project will extend the VisITMeta dataservice to perform statistical methods and semantic(-like) queries on MAP graphs and visualize the results within the VisITMeta GUI. With the use of VisITMeta’s history of MAP data, time-variant analysis can be done.

Some of the statistical analysis that are planed within the project are:

  • General graph-based analysis: how many nodes, how many edges, mean of edges per node, …

  • IF-MAP based analysis: how many identifiers of a special type, …

  • Analysis with respect to the history feature of VisITMeta: histogram of identifier-types at specific timestamp, development of number of a specific identifier over time, …

Furthermore, the project will also design and implement (simple) semantic queries, that can be performed on MAP graphs, like …

  • .. at which times was a specific user “present” in the network? What were his IP and MAC adresses?

  • … when did a specific device occur in the network for the first/last time?

General information about the project

  • Type: Research project for bachelor students
  • Start: October 2013
  • Duration: 2 term (until June/July 2014)
  • Team: 9 bachelor students, 2 research associates and 1 professor acting as advisors
31 Oct 2013

irondetect - a IF-MAP based detection engine

alternate text

The Trust@FHH team would like to announce that our IF-MAP based detection engine, irondetect, is available to the public via our Github account. Based on contexts, signatures and anomalies, irondetect is able to detect deviations from normal behavior in a IF-MAP based network.

The development was done within the ESUKOM project. irondetect is IF-MAP 2.1 compliant, but works on metadata specified by the ESUKOM project, which uses Features and Categories to structurize metadata.

In this first release, irondetect supports the following functionality:

  • Detection of abnormal behavior via Anomalies.

  • Anomaly detection uses a training phase to record the “normal” behavior.

  • Signatures allow for simple pattern matching of Features.

  • irondetect uses Contexts to further constrain, when specific signatures and anomalies are valid. Contexts can be the time, (geo) location or other parameters, that define the “situation” when a Feature was measured.

  • It can be controlled via a policy language, consisting of Rules with Conditions and Actions.

  • Detection results are published back into the MAP server (both as ESUKOM and IF-MAP Standard metadata) so other components - and irondetect itself - can react on them.

At the moment, the release comes more or less without a user documentation; you can use our demo environment irondemo (also available at Github) and take a look at the provided policy of scenario 1. Our ifmapcli tools also provide some tools to publish metadata that uses the ESUKOM metadata model.

We will release a specific irondetect documentation as well as more sophisticated example policies and scenarios for irondemo in the future.

If you have any comments or questions, please contact us at or directly create an Issue at the corresponding Github-project page.

24 Oct 2013
Hochschule Hannover
University of Applied Sciences and Arts
Faculty IV, Dept. of Computer Science
Ricklinger Stadtweg 120
30459 Hannover, Germany
Youtube Atom-Feed