Demonstration details (including virtual machines and setup instructions) will be released in the next few weeks.
The conference itself was a perfect opportunity to meet some fellow TCG members and other network security professionals and discuss our approaches and current work, as well as attending talks and panels with security experts like Bruce Schneier, Adi Shamir and Whitfield Diffie.
Here are some general impressions of the city of San Francisco.
03 Mar 2014
New releases of all ifmapj-based software
As we mentioned in our last news about the release of ifmapj 1.0.0, we successfully updated all of our ifmapj-based tools to make use of
All of our Github master branches for the following software were adjusted to use
ifmapj 1.0.0, and therefore use the new package structure (de.hshannover.f4.trust).
VisITMeta (note: as we changed our REST-interface and not adapted the GUI, the GUI
does not work at the moment: will be fixed in early January)
20 Dec 2013
ifmapj 1.0.0 available at Maven Central
ifmapj, our Java library for IF-MAP Clients is now available via Maven Central.
As mentioned in our post about the new name of our research group, we increased the
version number to 1.0.0, as we adapted the package names in all source files of ifmapj to
match the new name of our research group and University.
At the moment, we are working on all our IF-MAP Clients that use ifmapj, to adapt them to
use ifmapj 1.0.0 and therefore also adjust their package structure, so there will be new
releases as well.
So in the near future, when all tools are adapted, all of our IF-MAP Clients can then be
simply build by downloading them from Github and then run
Maven, and ifmapj will be downloaded automatically by Maven like every other dependency.
We will publish a further news item, when adapting all tools is finished.
Until then, you can use and build our tools as before (including manually installing
ifmapj to your local Maven repository).
18 Dec 2013
Research group renamed - Trust@HsH
From today, our research group will present itself under a new name: Trust@HsH
New name and logo
As our University recently changed its name from Fachhochschule Hannover (FHH) to
Hochschule Hannover (HsH), we decided to rename our research group from Trust@FHH to
Trust@HsH to reflect this change.
During this process, we also changed our logo to match the new corporate design
(color of our faculty, official font of the University).
New account names/URLs
As our name changes, our accounts all over the web also will be renamed (and thus some
get new URLs):
We will also change the package structure of our software to de.hshannover.f4.trust.
All our libraries - only ifmapj at the moment - will get a major version number increase,
all other tools will be updated to use the new ifmapj 1.0.0 version over the next (few)
As in previous years, members of the Trust@FHH group have participated in the European Trusted Infrastructure and Systems School 2013 (ETISS 2013) hosted at the Graz University of Technology. The ETISS winter school covers a variety of fields related to creating a trusted infrastructure to cope with the demands of current and future information processing.
Our research associate Thomas Rossow and our student assistant Thomas Oelsner enjoyed interesting talks by some of the leading experts on Trusted Computing and lively discussions with fellow researchers in the beautiful city of Graz. A real treat was the Capture the Flag tournament where 5 teams had to attack the other teams’ servers while securing their own machines. Thomas Rossow’s team was able to score highest and make the first place.
The Trust@FHH team would like to express its appreciation to Peter Lipp and his team for organizing this great event.
Winners of the ETISS 2013 Capture the Flag (left to right):
Wolfgang Wieser (Graz University of Technology)
Hubert Gasparitzi (Graz University of Technology)
Thomas Rossow (Trust@FHH)
Davide Papini (Royal Holloway University of London)
11 Dec 2013
irondemo - an IF-MAP demo and testing environment
The Trust@FHH team would like to announce that our new IF-MAP demo and testing environment, irondemo, is now available to the public on github.
irondemo is a utility written in Perl that automates the task of downloading and building various of our IF-MAP tools (such as irond, irondetect, irongui and others). Third party tools can easily be integrated by providing instructions for downloading and building the sources in a YAML file.
irondemo also allows for easily constructing demo or test scenarios by describing them in a YAML file and providing the neccessary config files and scripts. irondemo will handle copying of the needed binaries and making sure the demo is set up in a clean environment.
We are still in an early stage of developement, but we see a lot of potential here. Our midterm goal for irondemo is to extend it gradually until we have a full blown environment for automated testing of different IF-MAP tools by being able to simulate complex network events on an IF-MAP level.
A new project called Metalyzer started at Hochschule Hannover.
As part of their bachelor studies, 9 students work within this project for two terms.
Goals of the project
The project will extend the VisITMeta dataservice to perform statistical methods and semantic(-like) queries on MAP graphs and visualize the results within the VisITMeta GUI.
With the use of VisITMeta’s history of MAP data, time-variant analysis can be done.
Some of the statistical analysis that are planed within the project are:
General graph-based analysis: how many nodes, how many edges, mean of edges per node, …
IF-MAP based analysis: how many identifiers of a special type, …
Analysis with respect to the history feature of VisITMeta: histogram of identifier-types at specific timestamp, development of number of a specific identifier over time, …
Furthermore, the project will also design and implement (simple) semantic queries, that can be performed on MAP graphs, like …
.. at which times was a specific user “present” in the network? What were his IP and MAC adresses?
… when did a specific device occur in the network for the first/last time?
General information about the project
Type: Research project for bachelor students
Start: October 2013
Duration: 2 term (until June/July 2014)
Team: 9 bachelor students, 2 research associates and 1 professor acting as advisors
31 Oct 2013
irondetect - a IF-MAP based detection engine
The Trust@FHH team would like to announce that our IF-MAP based detection engine, irondetect, is available to the public via our Github account.
Based on contexts, signatures and anomalies, irondetect is able to detect deviations from normal behavior in a IF-MAP based network.
The development was done within the ESUKOM project.
irondetect is IF-MAP 2.1 compliant, but works on metadata specified by the ESUKOM project, which uses Features and Categories to structurize metadata.
In this first release, irondetect supports the following functionality:
Detection of abnormal behavior via Anomalies.
Anomaly detection uses a training phase to record the “normal” behavior.
Signatures allow for simple pattern matching of Features.
irondetect uses Contexts to further constrain, when specific signatures and anomalies are valid. Contexts can be the time, (geo) location or other parameters, that define the “situation” when a Feature was measured.
It can be controlled via a policy language, consisting of Rules with Conditions and Actions.
Detection results are published back into the MAP server (both as ESUKOM and IF-MAP Standard metadata) so other components - and irondetect itself - can react on them.
At the moment, the release comes more or less without a user documentation; you can use our demo environment irondemo (also available at Github) and take a look at the provided policy of scenario 1.
Our ifmapcli tools also provide some tools to publish metadata that uses the ESUKOM metadata model.
We will release a specific irondetect documentation as well as more sophisticated example policies and scenarios for irondemo in the future.
If you have any comments or questions, please contact us at email@example.com or directly create an Issue at the corresponding Github-project page.