Internet Sicherheit (Seminar)

News / Aktuelles

Overview / Überblick

lecturer / Dozentin: Prof. Anja Feldmann, Ph.D.
Contact Person / Ansprechpartner: Fabian Schneider
Supervisors / Betreuer:

All supervisors / Alle Betreuer:
seminar@lists.net.t-labs.tu-berlin.de

event type / Veranstaltungstyp: advanced seminar / Hauptseminar
area / Gebiet: Operating and Communication Systems / Betriebs- und Kommunikationssysteme (BKS)
SWS: 2
ECTS / LP: 3
Time / Zeit: 24. Feb. 2007, Beginn: 10:00
Room / Raum: HFT-FT 441
Course ID / Veranstaltungsnr.: 0432 L 010
Audience / Hörerkreis main course students / Hauptstudium
Prerequisites / Voraussetzungen: intermediate diplom, profound knowledge in computer networks and cryptology, good english for reading scientific papers /
Vordiplom, tiefgehendes Wissen in Rechnernetzen und Krypothologie, gutes Englisch, um wissenschaftliche Artikel zu lesen
Tutorial / Übung: none / keine
Exam / Prüfung: talk and paper / Vortrag und Ausarbeitung
Deadline for Registration / Anmeldung bis: 3. Nov. 2006 (08:00)
Preparatory Meeting / Vorbesprechung: 20. Oct. 2006, 14:00
Room/Raum: TEL 0010 Erdgeschoss / Ground Floor (Telefunkenhochhaus Ernst-Reuter-Platz 7)
Group Meeting / Gruppentreffen: Group 1 / Gruppe 1: 11. Jan. 2007, 15:00
Group 2 / Gruppe 2: 12. Jan. 2007, 14:00
Room/Raum: TEL Spirit 18th floor / 18. Stock (Telefunkenhochhaus Ernst-Reuter-Platz 7)

Content / Inhalt

The Internet influences our life more and more: Many of us use electronic mail instead of writing with pen and paper; homebanking and ordering books over the web are in everyday life; and elections via Internet are in field tests. Furthermore, the interconnectedness gets denser and the day is near that every coffee maker is programmable through the internet and every car connects to its manufacturer for diagnosis.

But this implies many Security risks as well: spying and manipulating data, spam, intrusions, or denial-of-service attacs. This seminar deals with some major threats and possible counter-measures.

Das Internet gewinnt mehr und mehr Einfluss in unserem Leben: Für viele von uns haben E-Mails Briefe aus Papier ersetzt; Homebanking und der Kauf von Büchern übers Web gehört zum Alltag; und bereits werden erste Versuche mit Wahlen über das Internet vorgenommen. Zudem wird die Vernetzung immer dichter und der Tag ist nah, an dem jede Kaffeemachine übers Internet programierbar ist und jedes Auto sich übers Netz zu Diagnosezwecken mit dem Hersteller in Verbindung setzt.

Damit verbunden sind aber auch viele Sicherheitsrisiken, z.B., das Ausspähen und gezielte Manipulation von Daten, Spam, Intrusions oder Denial-of-service. In diesem Seminar werden wir uns mit einigen wichtigen Risiken und möglichen Gegenmassnahmen beschäftigen.

Organisation

Intention of the seminar

  • practice to work original literature

  • practice of profesional/scientific talks

  • occupation with a small, definite and recent matter

Zweck des Seminars

  • Übung des Umgangs mit Orginalliteratur

  • Übung von fachlichen Vorträgen

  • Beschäftigung mit einem kleinen, klar abgegrenzten und aktuellen Stoffgebiet

General Guidelines

Please have a look into general guidelines which are only available in german at the moment.

Allgemeine Richtlinien

Seminar Certificate

To receive the Seminar Certificate we demand:

  • a successfull presentation/talk

  • a seminar paper accepted by us

  • continuous attendence and active participation and contribution (in the group meetings as well as during the presentations)

The seminar certificate will have a grade, which will be made from above mentioned Criteria.

Seminar Schein

Zum Seminar wird ein Schein vergeben. Wir erwarten dafür konkret:

  • erfolgreicher Vortrag

  • von uns akzeptierte Ausarbeitung

  • durchgängige Teilnahme mit aktiver Mitarbeit (sowohl in den Gruppentreffen als auch am eigentlichen Seminar)

Es werden benotete Scheine ausgestellt, wobei die Note sich aus den obigen Komponenten zusammensetzt.

Schedule / Zeitplan

When/Wann? What? Was? Time
Need /
Aufwand?
16. Oct. 2006 – 20. Oct. 2006 Preparatory Meeting: Presentation of the supervisors, topic groups and topics Vorbesprechung: Vorstellung der Betreuer, Themengruppen und Einzelthemen 2h
until/bis
23. Oct. 2006 (08:00)
Registration for the seminar via web form. At least three topic wishes and the Matrikelnummer are required. The topics are allocated by lot! Anmeldung zum Seminar per Webformular. Es müssen mindestens drei Themenwünsche und die Matrikelnummer angegeben werden. Die Themenvergabe wird ausgelost!
until/bis
27. Oct. 2006
Announcement of participant ↔ topic correlation in the web or per email Bekanntgabe der Zuordnung der Themen auf die Teilnehmer/innen im Web oder per E-Mail
until end of November / bis Ende November elaborate the topic (search literature, sort it, read it – and if possible – understand it) Thema ausarbeiten (Literatur suchen, sortieren, lesen und – soweit es geht – verstehen) 20h
susequently / anschließend Meeting of every participant with his supervisor Treffen jedes/r Teilnehmers/in mit seinem/ihrem Betreuer 1h
until mid-December / bis Mitte Dezember summarize literature in a seminar paper (about 10 pages) Literatur in Form einer Seminarausarbeitung (ca. 10 Seiten) zusammenfassen. 20h
until / bis
25. Dec. 2006 (08:00)
send seminar paper to supervisor Seminarausarbeitung an Betreuer mailen
until / bis
10. Jan. 2007
read and correct seminar paper of the other participants of the group Korrekturlesen der Seminarausarbeitungen der anderen Gruppenteilnehmer 5h
susequently / anschließend Group meeting: exchange comments and helpful hints with each other. Attendance is mandatory! Gruppentreffen: Dabei werden die gegenseitigen Kommentare besprochen. Anwesenheit ist verpflichtend! 2h
until / bis
22. Jan. 2007
incorporate results of the group meeting in seminar paper and send the revised version to supervisor Ergebnisse des Gruppentreffens in Seminarausarbeitung einarbeiten und überarbeitete Fassung an Betreuer mailen 5h
until / bis
05. Feb. 2007
Prepare slides and send them to supervisor Vortragsfolien vorbereiten und an Betreuer mailen 10h
until / bis
12. Feb. 2007
Meeting with supervisor: discuss slides Treffen mit Betreuer zur Besprechung der Folien 1h
until / bis
19. Feb. 2007
incoporate comments of supervisor in slides and send final version to supervisor Treffen mit Betreuer zur Besprechung der Folien 5h
until / bis
22. Feb. 2007
Prepare the talk Vorbereitung des Vortrags 5h
27. Feb. 2007 – 02. Mar. 2007 Talks (exact times tba.)
Attendance to all talks is mandatory!
Vorträge (die genauen Zeiten werden noch bekannt gegeben)
Anwesendheit zu allen Vorträgen ist verpflichtend!
45min incl. Discussion per talk

Topics / Themen

Block A: Attacs

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

A.1 — An Inside Look at Botnets

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

The continued growth and diversification of the Internet has been accompanied by an increasing prevalence of attacks and intrusions [40]. It can be argued, however, that a significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain. This shift has been marked by a growing sophistication in the tools and methods used to conduct attacks, thereby escalating the network security arms race.

Our thesis is that the reactive methods for network security that are predominant today are ultimately insufficient and that more proactive methods are required. One such approach is to develop a foundational understanding of the mechanisms employed by malicious software (malware) which is often readily available in source form on the Internet. While it is well known that large IT security companies maintain detailed databases of this information, these are not openly available and we are not aware of any such open repository. In this paper we begin the process of codifying the capabilities of malware by dissecting four widely-used Internet Relay Chat (IRC) botnet codebases. Each codebase is classified along seven key dimensions including botnet control mechanisms, host control mechanisms, propagation mechanisms, exploits, delivery mechanisms, obfuscation and deception mechanisms. Our study reveals the complexity of botnet software, and we discusses implications for defense strategies based on our analysis.

  • P. Barford & V. Yegneswaran. An Inside Look at Botnets, To appear in Series: Advances in Information Security, Springer, 2006. (english)


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

A.2 — Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Network "telescopes" that record packets sent to unused blocks of Internet address space have emerged as an important tool for observing Internet-scale events such as the spread of worms and the backscatter from flooding attacks that use spoofed source addresses. Current telescope analyses produce detailed tabulations of packet rates, victim population, and evolution over time. While such cataloging is a crucial first step in studying the telescope observations, incorporating an understanding of the underlying processes generating the observations allows us to construct detailed inferences about the broader "universe" in which the Internetscale activity occurs, greatly enriching and deepening the analysis in the process.

In this work we apply such an analysis to the propagation of the Witty worm, a malicious and well-engineered worm that when released in March 2004 infected more than 12,000 hosts worldwide in 75 minutes. We show that by carefully exploiting the structure of the worm, especially its pseudo-random number generation, from limited and imperfect telescope data we can with high fidelity: extract the individual rate at which each infectee injected packets into the network prior to loss; correct distortions in the telescope data due to the worm's volume overwhelming the monitor; reveal the worm's inability to fully reach all of its potential victims; determine the number of disks attached to each infected machine; compute when each infectee was last booted, to sub-second accuracy; explore the "who infected whom" infection tree; uncover that the worm specifically targeted hosts at a US military base; and pinpoint Patient Zero, the initial point of infection, i.e., the IP address of the system the attacker used to unleash Witty.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

A.3 — The Final Nail in WEP's Coffin

Student/Bearbeiter: Alexander Lichti; Supervisor/Betreuer: Bernhard Ager
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

The 802.11 encryption standard Wired Equivalent Privacy (WEP) is still widely used today despite the numerous discussions on its insecurity. In this paper, we present a novel vulnerability which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a single data packet. Furthermore, we present techniques for real-time decryption of data packets, which may be used under common circumstances. Vendor produced mitigation techniques which cause frequent WEP re-keying prevent traditional attacks, whereas our attack remains effective even in such scenarios.

We implemented a fully automatic version of this attack which demonstrates its practicality and feasibility in real networks. As even rapidly re-keyed networks can be quickly compromised, we believe WEP must now be abandoned rather than patched yet again.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

Block B: Secure Programming and Secure Protocols

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

B.1 — Secure Programming from Practical Crypthography

Student/Bearbeiter: Martin Eismann; Supervisor/Betreuer: Wolfgang Mühlbauer
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

This topic is of a bit different kind than the others, it is about summarizing the Chapters 8, 9, 15, 16 and eventually Chapter 22 of the Book Practical Crypthography and presenting the most important lessons learned from reading the book.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

B.2 — Lessons Learned: A Security Analysis of the Internet Chess Club

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

The Internet Chess Club (ICC) is a popular online chess server with more than 30,000 members worldwide including various celebrities and the best chess players in the world. Although the ICC website assures its users that the security protocol used between client and server provides sufficient security for sensitive information to be transmitted (such as credit card numbers), we show this is not true. In particular we show how a passive adversary can easily read all communications with a trivial amount of computation, and how an active adversary can gain virtually unlimited powers over an ICC user. We also show simple methods for defeating the timestamping mechanism used by ICC. For each problem we uncover, we suggest repairs and draw conclusions on how to best avoid repeating these types of problems in the future.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

B.3 — Model Checking an Entire Linux Distribution for Security Violations

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale-an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

Block C: Securing Networks / Network Intrusion Detection Systems

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

C.1 — Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection

Student/Bearbeiterin: Elisa Jasinska; Supervisor/Betreuer: Bernhard Ager
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Many network intrusion detection systems (NIDS) rely on protocol-specific analyzers to extract the higher-level semantic context from a traffic stream. To select the correct kind of analysis, traditional systems exclusively depend on well-known port numbers. However, based on our experience, increasingly significant portions of today's traffic are not classifiable by such a scheme. Yet for a NIDS, this traffic is very interesting, as a primary reason for not using a standard port is to evade security and policy enforcement monitoring. In this paper, we discuss the design and implementation of a NIDS extension to perform dynamic application-layer protocol analysis. For each connection, the system first identifies potential protocols in use and then activates appropriate analyzers to verify the decision and extract higher-level semantics. We demonstrate the power of our enhancementwith three examples: reliable detection of applications not using their standard ports, payload inspection of FTP data transfers, and detection of IRC-based botnet clients and servers. Prototypes of our system currently run at the border of three large-scale operational networks. Due to its success, the bot-detection is already integrated into a dynamic inline blocking of production traffic at one of the sites.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

C.2 — Robust TCP Stream Reassembly In the Presence of Adversaries

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

There is a growing interest in designing high-speed network devices to perform packet processing at semantic levels above the network layer. Some examples are layer-7 switches, content inspection and transformation systems, and network intrusion detection/ prevention systems. Such systems must maintain perflow state in order to correctly perform their higher-level processing. A basic operation inherent to per-flow state management for a transport protocol such as TCP is the task of reassembling any out-of-sequence packets delivered by an underlying unreliable network protocol such as IP. This seemingly prosaic task of reassembling the byte stream becomes an order of magnitude more difficult to soundly execute when conducted in the presence of an adversary whose goal is to either subvert the higher-level analysis or impede the operation of legitimate traffic sharing the same network path.

We present a design of a hardware-based high-speed TCP reassembly mechanism that is robust against attacks. It is intended to serve as a module used to construct a variety of network analysis systems, especially intrusion prevention systems. Using trace-driven analysis of out-of-sequence packets, we first characterize the dynamics of benign TCP traffic and show how we can leverage the results to design a reassembly mechanism that is efficient when dealing with non-attack traffic. We then refine the mechanism to keep the system effective in the presence of adversaries. We show that although the damage caused by an adversary cannot be completely eliminated, it is possible to mitigate the damage to a great extent by careful design and resource allocation. Finally, we quantify the trade-off between resource availability and damage from an adversary in terms of Zombie equations that specify, for a given configuration of our system, the number of compromised machines an attacker must have under their control in order to exceed a specified notion of "acceptable collateral damage."


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

C.3 — Ein generisches Intrusion Prevention System mit dynamischer Bandbreitenbeschränkung

Student/Bearbeiter: Ullrich Kresse; Supervisor/Betreuer: Jörg Wallerich
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Metropolitan Area Networks wie das MünchnerWissenschaftsnetz (MWN) bieten aufgrund ihrer Größe viele Missbrauchsmöglichkeiten von aussen und zunehmend auch von innen. So stellen beispielsweise durch Würmer und Viren verseuchte Systeme längst keine Einzelfälle mehr dar. Regelmässig kommt es dadurch zu Beschwerden anderer Nutzer und auch zu Beeinträchtigungen von ganzen Netzbereichen. Zudem lassen sich die meisten infizierten Rechner durch sog. Bot-Netz Kommandos komplett fernsteuern oder ausspähen. In Folge fällt auf der Administrationsseite durch die manuelle Reaktion und Bearbeitung solcher Problemfälle ein erheblicher Aufwand an. Um diesen Bearbeitungsaufwand zu verringern, gleichzeitig aber das Sicherheitsniveau zu erhöhen, wurde am Leibniz-Rechenzentrum (LRZ) ein generisches Intrusion Prevention System (IPS) entwickelt. Dieses System - Nat-O-Mat - realisiert ein statistisches und signaturbasiertes Intrusion Prevention System mit einer feingranularen Verwaltung von Policies. Darüber hinaus können bei Verstößen gegen die festgelegten Policies nach einem Eskalationsprinzip automatisch unterschiedliche Maßnahmen ergriffen werden. Auch kann die Bandbreite för beliebige Protokollklassen, wie z.B. P2P-Verkehr, dynamisch beschränkt werden, ohne den restlichen Verkehr zu behindern. Das System hat sich im Einsatz hervorragend bewährt und führte auf Administratorenseite zu deutlichen Erleichterungen im Betrieb des Netzes bei gleichzeitig positiver Resonanz auf Seiten der Nutzer.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

C.4 — An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Skype is a peer-to-peer VoIP client developed by KaZaa in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than the MSN and Yahoo IM applications. It encrypts calls end-to-end, and stores user information in a decentralized fashion. Skype also supports instant messaging and conferencing.

This report analyzes key Skype functions such as login, NAT and firewall traversal, call establishment, media transfer, codecs, and conferencing under three different network setups. Analysis is performed by careful study of Skype network traffic.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

Block D: Honeynets, Honeypot, Honeyfarms

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

D.1 — Ermittlung von Verwundbarkeiten mit elektronischen Ködern

Student/Bearbeiterin: Doris Reim; Supervisor/Betreuer: Fabian Schneider
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Als elektronische Köder (honeypots) bezeichnet man Netzwerkressourcen, deren Wert darin besteht, angegriffen und kompromittiert zu werden. Oft sind dies Computer, die keine spezielle Aufgabe im Netzwerk haben, aber ansonsten nicht von regulären Rechnern zu unterscheiden sind. Köder können zu Köder-Netzwerken (honeynets) zusammengeschlossen werden. Sie sind mit spezieller Software ausgestattet, die die Forensik einer eingetretenen Schutzzielverletzung erleichtert. Durch die Vielfalt an mitgeschnittenen Daten kann man deutlich mehr über das Verhalten von Angreifern in Netzwerken lernen als mit herkömmlichen forensischen Methoden. Dieser Beitrag stellt die Philosophie der Köder-Netzwerke vor und beschreibt die ersten Erfahrungen, die mit einem solchen Netzwerk an der RWTH Aachen gemacht wurden.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

D.2 — Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

The rapid evolution of large-scale worms, viruses and botnets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely used tools for gathering intelligence on new malware | network honeypots | have forced investigators to choose between monitoring activity at a large scale or capturing behavior with high delity. In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet hosts. We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of re- sources to achieve this goal. While still an immature implementation, Potemkin has emulated over 64,000 Internet honeypots in live test runs, using only a handful of physical servers.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

Block E: Society

(Hide all abstracts & references / alle Zusammenfassungen und Referenzen ausblenden)

(Unhide all abstracts & references / alle Zusammenfassungen und Referenzen einblenden)

E.1 — Keyboards and Covert Channels

Student/Bearbeiter: tbd; Supervisor/Betreuer: tba;
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

E.2 — Lessons from the Sony CD DRM Episode

Student/Bearbeiter: Thomas Meilleroux; Supervisor/Betreuer: Fabian Schneider
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

In the fall of 2005, problems discovered in two Sony-BMG compact disc copy protection systems, XCP and MediaMax, triggered a public uproar that ultimately led to class-action litigation and the recall of millions of discs. We present an in-depth analysis of these technologies, including their design, implementation, and deployment. The systems are surprisingly complex and suffer from a diverse array of flaws that weaken their content protection and expose users to serious security and privacy risks. Their complexity, and their failure, makes them an interesting case study of digital rights management that carries valuable lessons for content companies, DRM vendors, policymakers, end users, and the security community.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

E.3 — SANE: A Protection Architecture for Enterprise Networks

Student/Bearbeiter: Obi Akonjang; Supervisor/Betreuer: Vinay Aggarwal
(Hide abstract & reference / Zusammenfassung und Referenz ausblenden)

Connectivity in today's enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage.

To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., "Alice can access http server foo"). Capabilities are enforced at each switch, which are simple and only minimally trusted. SANE offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use. Our prototype implementation shows that SANE could be deployed in current networks with only a few modifications, and it can easily scale to networks of tens of thousands of nodes.


(Unhide abstract & reference / Zusammenfassung und Referenz einblenden)

Handouts and Slides / Ausarbeitungen und Folien

Group 1 / Gruppe 1

(Groupmeeting / Gruppentreffen: 11.01.2007 15:00 Uhr, Room / Raum "Spirit")

Group 2 / Gruppe 2

(Groupmeeting / Gruppentreffen: 12.01.2007 14:00 Uhr, Room / Raum "Spirit")

no Group / keine Gruppe

Agenda / Ablauf

Time/Zeit Topic/Thema
10:00 – 10:15 Start, Introduction, Agenda/
Beginn, Einführung, Tagesprogramm
10:15 – 11:00 B.1 Secure Programming, Martin Eismann:
Coffee break / Kaffepause
11:05 – 11:50 A.3 WEP's Coffin, Alexander Lichti:
Coffee break / Kaffepause
11:55 – 12:40 E.3 SANE, Obi Akonjang:
Lunch / Mittagessen
13:30 – 14:15 C.1 NIDS: Dynamic Application Detection, Elisa Jasinska:
Coffee break / Kaffepause
14:20 – 15:05 C.3 IPS mit dyn. Bandbreitenbeschr., Ullrich Kresse:
Coffee break / Kaffepause
15:20 – 16:05 D.1 Honeynets, Doris Reim:
Coffee break / Kaffepause
16:10 – 16:55 E.2 Sony: DRM per Rootkit, Thomas Meilleroux:
Coffee break / Kaffepause
17:00 – 17:45 concluding discussion, feedback/
Abschlussbesprechung, Feedback

Literature / Literatur