Trust@FHH Participates in ETISS 2013

As in previous years, members of the Trust@FHH group have participated in the European Trusted Infrastructure and Systems School 2013 (ETISS 2013) hosted at the Graz University of Technology. The ETISS winter school covers a variety of fields related to creating a trusted infrastructure to cope with the demands of current and future information processing.

Our research associate Thomas Rossow and our student assistant Thomas Oelsner enjoyed interesting talks by some of the leading experts on Trusted Computing and lively discussions with fellow researchers in the beautiful city of Graz. A real treat was the Capture the Flag tournament where 5 teams had to attack the other teams’ servers while securing their own machines. Thomas Rossow’s team was able to score highest and make the first place.

The Trust@FHH team would like to express its appreciation to Peter Lipp and his team for organizing this great event.

The CTF winners on ETISS 2013 Winners of the ETISS 2013 Capture the Flag (left to right):

  • Wolfgang Wieser (Graz University of Technology)
  • Hubert Gasparitzi (Graz University of Technology)
  • Thomas Rossow (Trust@FHH)
  • Davide Papini (Royal Holloway University of London)
11 Dec 2013

irondemo - an IF-MAP demo and testing environment

The Trust@FHH team would like to announce that our new IF-MAP demo and testing environment, irondemo, is now available to the public on github.

irondemo is a utility written in Perl that automates the task of downloading and building various of our IF-MAP tools (such as irond, irondetect, irongui and others). Third party tools can easily be integrated by providing instructions for downloading and building the sources in a YAML file.

irondemo also allows for easily constructing demo or test scenarios by describing them in a YAML file and providing the neccessary config files and scripts. irondemo will handle copying of the needed binaries and making sure the demo is set up in a clean environment.

We are still in an early stage of developement, but we see a lot of potential here. Our midterm goal for irondemo is to extend it gradually until we have a full blown environment for automated testing of different IF-MAP tools by being able to simulate complex network events on an IF-MAP level.

If you have any comments or questions, please contact us at or create an Issue at the irondemo github page.

21 Nov 2013

Metalyzer - Analysis of MAP graphs

alternate text

A new project called Metalyzer started at Hochschule Hannover. As part of their bachelor studies, 9 students work within this project for two terms.

Goals of the project

The project will extend the VisITMeta dataservice to perform statistical methods and semantic(-like) queries on MAP graphs and visualize the results within the VisITMeta GUI. With the use of VisITMeta’s history of MAP data, time-variant analysis can be done.

Some of the statistical analysis that are planed within the project are:

  • General graph-based analysis: how many nodes, how many edges, mean of edges per node, …

  • IF-MAP based analysis: how many identifiers of a special type, …

  • Analysis with respect to the history feature of VisITMeta: histogram of identifier-types at specific timestamp, development of number of a specific identifier over time, …

Furthermore, the project will also design and implement (simple) semantic queries, that can be performed on MAP graphs, like …

  • .. at which times was a specific user “present” in the network? What were his IP and MAC adresses?

  • … when did a specific device occur in the network for the first/last time?

General information about the project

  • Type: Research project for bachelor students
  • Start: October 2013
  • Duration: 2 term (until June/July 2014)
  • Team: 9 bachelor students, 2 research associates and 1 professor acting as advisors
31 Oct 2013

irondetect - a IF-MAP based detection engine

alternate text

The Trust@FHH team would like to announce that our IF-MAP based detection engine, irondetect, is available to the public via our Github account. Based on contexts, signatures and anomalies, irondetect is able to detect deviations from normal behavior in a IF-MAP based network.

The development was done within the ESUKOM project. irondetect is IF-MAP 2.1 compliant, but works on metadata specified by the ESUKOM project, which uses Features and Categories to structurize metadata.

In this first release, irondetect supports the following functionality:

  • Detection of abnormal behavior via Anomalies.

  • Anomaly detection uses a training phase to record the “normal” behavior.

  • Signatures allow for simple pattern matching of Features.

  • irondetect uses Contexts to further constrain, when specific signatures and anomalies are valid. Contexts can be the time, (geo) location or other parameters, that define the “situation” when a Feature was measured.

  • It can be controlled via a policy language, consisting of Rules with Conditions and Actions.

  • Detection results are published back into the MAP server (both as ESUKOM and IF-MAP Standard metadata) so other components - and irondetect itself - can react on them.

At the moment, the release comes more or less without a user documentation; you can use our demo environment irondemo (also available at Github) and take a look at the provided policy of scenario 1. Our ifmapcli tools also provide some tools to publish metadata that uses the ESUKOM metadata model.

We will release a specific irondetect documentation as well as more sophisticated example policies and scenarios for irondemo in the future.

If you have any comments or questions, please contact us at or directly create an Issue at the corresponding Github-project page.

24 Oct 2013

Launch of new research project SIMU

alternate text

We can proudly announce the start of our new research project “SIMU: Security Information and Event Management (SIEM) für Klein- und Mittelständische Unternehmen (KMU)”. SIMU started on October 1st and will be completed in September 2015.

The goal of SIMU is the development of a SIEM system that utilizes novel network security approaches to meet the specific requirements of small and medium enterprises (SMEs) like ease of integration, small administrative effort and cost effectiveness.

SIMU will benefit from the experiences that we and our partners DECOIT GmbH, Fraunhofer SIT, macmon and NCP have gathered during the ESUKOM research project. The IF-MAP based software developed during the ESUKOM project will be extended and enhanced to create more sophisticated tools that allow for better automation and address the limited possibilities of SMEs in security expert knowledge and resources.

The SIMU research project is funded by the German Federal Ministry of Education and Research (BMBF, FKZ: 16KIS0045).

08 Oct 2013

ironcontrol - IF-MAP admin tools on Android

alternate text

The Trust@FHH research group presents a new software: ironcontrol.

ironcontrol is an IF-MAP 2.1 client for Android smartphones (>=4.0), that allows the user to “control” a MAP server. It was developed within a 1 year students project at the Hochschule Hannover (University of Applied Sciences and Arts).

The main features in this first public release are:

  • Publish metadata (either Standard Metadata for Network Security or Vendor Specific metadata)
  • Search for metadata with filters, search depth, …
  • Subscribe to metadata
  • Get notifications on new subscriptions results (via vibration, sound effect, notification)
  • Navigate the results of searches and subscriptions
  • Manage connections to multiple MAP servers
  • Use both basic and certificate-based authentication
  • Import and use new/third party certificates of MAP servers

The software is available at our Github account and can be build with Maven, a Java JDK (>=6) and an installed Android SDK. A Readme file is provided that explains the steps to build and deploy ironcontrol.

We also provide a User and Developer documentation in our Download section.

If you have any comments or questions, please contact us at or directly create an Issue at the corresponding Github-project page.

30 Jul 2013

Successful doctoral examinations of former team members

Our former team members and colleagues Ingo Bente and Joerg Vieweg have successfully pass their doctoral examinations on July 26th, 2013 at the Universität der Bundeswehr München.

They both have worked in our research group from 2008 until 2012 as research associates and worked on their PhD theses during that time, which in both cases cover questions about the secure integration of smartphones in busines environments.

The title of the PhD thesis of Ingo Bente is “Towards a Network-based Approach for Smartphone Security”, the title of Joerg Viewegs thesis is “A Concept for a Trustworthy Integration of Smartphones in Business Environments”.

The original (german) news item on the website of the Hochschule Hannover is available here.

alternate text (from left to right): Prof. Dr. Peter Hertling (UniBwM, Chairman of commission), Prof. Dr. Josef von Helden (HsH, advisor), Prof. Dr.-Ing. Helmut Mayer (UniBwM, examiner), Prof. Dr. Gabi Dreo Rodosek (UniBwM, 1st reviewer) , Prof. Dr.-Ing. Mark Minas (UniBwM, examiner), Ingo Bente, Prof. Dr. Udo Helmbrecht (Honorary professor UniBwM, 2nd reviewer)

alternate text (from left to right): Prof. Dr. Josef von Helden (HsH, advisor), Prof. Dr.-Ing. Helmut Mayer (UniBwM, examiner), Prof. Dr. Gabi Dreo Rodosek (UniBwM, 1st reviewer), Prof. Dr.-Ing. Mark Minas (UniBwM, examiner), Jörg Vieweg, Prof. Dr. Peter Hertling (UniBwM, Chairman of commission), Prof. Dr. Udo Helmbrecht (Honorary professor UniBwM, 2nd reviewer)

27 Jul 2013

First prototype of VisITMeta available

The first prototype version of VisITMeta has been released by the Trust@FHH research group via Github.

The main features in this version are:

  • A dataservice component, that connects to a MAP server and records all metadata on a subscription

  • It provides the metadata to other clients via a REST-like interface

  • A visualization component, that renders the metadata via Piccolo2D and JUNG2

  • The GUI supports browsing the history of the metadata via a slider mechanism

  • Changes to the metadata are highlighted with colors

More features and functionality (as well as overall stability) will come in the future, as the project is evolving.

For more information on VisITMeta in general, see the project page on our website or contact us via

04 Jul 2013
Hochschule Hannover
University of Applied Sciences and Arts
Faculty IV, Dept. of Computer Science
Ricklinger Stadtweg 120
30459 Hannover, Germany
Google+ Twitter Youtube Atom-Feed