ASMONIA Workshop 1 | March 29th, 2011 in Heidelberg
Thanks to around 50 visitors from universities, reaseach organizations and industry the first workshop of the ASMONIA project in Heidelberg (Germany) on March 29th, 2011 was a very interesting and successful event. Twelve really informative talks offered substantial insights not only in the ASMONIA project but also in international Early Warning, mobile network security and Cloud Networking activities from external projects and organizations in Europe and the US.
We also want to say a special thank you to Mr. Enno Rey the host of the Troopers 2011 conference and his crew for the great and intensive support.
- "ASMONIA Overview and Reference Architecture for Collaborative Information Exchange"
Hans Hofinger, Fraunhofer Institute for Secure Information Technology SIT, Garching near Munich, Germany
The ASMONIA project aims at improving the overall security of mobile network infrastructures by developing comprehensive security concepts which are supported by collaborative information exchange between mobile network operators. The main tasks of ASMONIA include the development and improvement of integrity protection concepts for mobile end devices and network elements, new and improved attack detection and assessment methodologies and the usage of elastic systems like Cloud Computing to provide flexible resource allocation. The collaborative information exchange between administrative domains enables mobile network operators to improve their situational awareness and mitigate or even avert the negative impact of attacks on their infrastructure. ASMONIA defines a reference architecture to address security and privacy issues arising from this collaboration and encourages operators to share their data on incidents without being afraid of losing their reputation or revealing sensitive information.
Download slides (PDF, 1.0 MB)
- "Cyber Fed Model - a Collaborative Threat Mitigation Tool"
Scott C. Pinkerton, Argonne National Laboratory, Chicago, IL, US
The presentation addresses collaborative approaches to cyber security defense. Primarily near real-time, autonomic, approaches to enterprise security based on the experiences of Scott Pinkerton as PI (Principal Investigator) for the Cyber Fed Model (CFM) program in use by the US Dept of Energy. Of late he has been working to quantify the efficacy of a collaborative approach like the CFM. Recent accomplishments include:
- Developing and promoting a federated approach to cyber security (received the 2009 DOE Technology Innovation Award)
- Implementing a comprehensive risk-based approach to cyber security at ANL, which strives to balance science and security, and
- Active Internet2 REN-ISAC organization and in the Internet2 Joint Techs and Energy Sciences Coordinating Committee (ESCC) – addressing network related issues across the DOE National Laboratories and R&E space
Download slides (PDF, 1.9 MB)
- "Input for the Local Security Overview and Dashboard"
Michael Hoche and Heiko Kirsch, Cassidian Systems, Friedrichshafen, Germany
Transparent security risk is a clear business advantage. Security risk is a concept that links value with security threats. Traditionally security risk is treated by implementation of counter measures for pre-defined threats. This implies the knowledge of any future threat and up-front investments in security measures with unclear pay-off. Furthermore this approach limits usually collaboration. A security dashboard overcomes these deficits. It discovers effectively security risks by observing relevant security incidents and their impact on value flows thus compiling them into one picture.
Download slides (PDF, 2.8 MB)
- "FIDeS: Event Correlation based on Knowledge-Supported Machine Learning"
Mirko Horstmann, Technologie-Zentrum Informatik und Informationstechnik, Bremen, Germany
The FIDeS project develops a security incident and event management system that uses algorithmic intelligence methods to correlate security events in order to mitigate the problem of information overload for a system administrator. At the heart of the system is a correlation engine that performs both syntactic and semantic normalization and brings important findings to the user's attention according to a rating based on a modeled set of patterns and a statistic model.
Download slides (PDF, 1.8 MB)
- "Integrity Protection for 4G Devices and NW Elements"
Manfred Schäfer, Nokia Siemens Networks, Munich, Germany
The presentation covers contributions of FhG-SIT and NSN in the area of System Integrity Protection in ASMONIA (WP2). It introduces the goals of the research work on in this area and provides an overview on security requirements and state-of-the-art mechanisms for SW integrity protection and for hardening of software architectures. The presentation considers essential aspects of integrity detection and attack prevention methods as relevant for both, network elements in 3GPP context as well as mobile platforms / smart phones. Results of the evaluation of examined methods are presented. The contribution concludes with an outlook on further research (for this topic) in ASMONIA context.
Download slides (PDF, 0.6 MB)
- "Femtocell: Femtostep to the Holy Grail"
Ravishankar Borgaonkar and Kevin Redon, T-Labs, Berlin, Germany
Femtocells are now being rolled out across the world to enhance third generation (3G) coverage and to provide assurance of always best connectivity in the 3G telecommunication networks. It acts as an access point that securely connect standard mobile handset to the mobile network operator’s core network using an existing wired broadband connection. This talk covers an analysis of the femtocell security mechanisms and shows possibilities of attacking to the telecom operators infrastructural elements.
- "Future Directions in Malware Detection on Mobile Handsets"
André Egners, RWTH Aachen University, Aachen, Germany
Malware detection on Smartphones potentially enables the quick and timely mitigation of attacks that might originate from these devices. Typical malware detection methods known from fixed networks heavily rely on signature based detection of malware. Signature-based detection enables a very high detection rate, but is ultimately dependent on the a-priori knowledge of the kind of malware it aims to detect. If the malware is known and a signature is available, it will be detected. If the malware is unknown or employs advances hiding techniques such as encryption, polymorphism, obfuscation, or packing, the signature-based detection will not be successful. It is obvious that signature-based malware detection is needed, but has its limitation especially in the context of Smartphones and the diverse application landscape. A new approach to malware detection is based on behavioral aspects of the application and also the behavior of the users. This talk will introduce various detection mechanisms leveraging different behavioral aspects that can be extracted from Smartphones. Additionally we offer some ideas for future directions and application scenarios.
Download slides (PDF, 0.6 MB)
- "Project AMSEL: Automatically Collect and Learn to Detect Malware"
Michael Meier, Technical University Dortmund, Germany
The talk gives an overview of the automatic malware early warning system developed in the AMSEL project that combines malware collectors, malware analysis systems, malware behavior clustering, signature generation and distribution and malware/misuse detection system in an integrated process chain. Selected deployment issues as well as considered notions of “early” will be discussed.
Download slides (PDF, 1.0 MB)
- "Worldwide Observatory of Malicious Behaviours and Attack Threats"
Apostolis Zarras, Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Greece
Recent articles from major anti-virus companies have acknowledged the fact that the cyber-crime scene is becoming increasingly more organized and more consolidated. Several initiatives, described later, exist that offer plausible indicators supporting this theory. However, the information they provide cannot be used by the research community to identify, understand and eventually defeat the threats we are facing. The reasons are twofold. First, due to privacy or confidentiality issues, most of these sources are not allowed to share the detailed information they hold. Second, as a result of the lack of publicly available information, no framework exists to rigorously investigate emerging attacks using different data sources and viewpoints. The wombat project addresses these two issues by (i) offering datasets and by (ii) building a framework that enables scientific research to be carried out in order to fight more efficiently the ever increasing cyber-crime.
Download slides (PDF, 3.9 MB)
- "Usage Scenarios of Elastic Systems in a Telco Infrastrucutre"
Mark Gall, Fraunhofer Institute for Secure Information Technology SIT, Garching near Munich, Germany
In der Infrastruktur eines Telekommunikationsanbieters können Cloud-Computing-Systeme in unterschiedlichen Einsatzszenarien genutzt werden. Im ASMONIA-Kontext ist dabei der Einsatz der Cloud in Überlast- und Ausfallsituationen von besonderem Interesse, sowie der Einsatz der Cloud für Datenspeicherung und -verarbeitung. Die von uns identifizierten Einsatzszenarien werden im Vortrag detailliert vorgestellt, und im Kontext des Gesamtprojekts beleuchtet.
Download slides (PDF, 2.0 MB)
- "Cloud Networking Research in SAIL Project"
Dominique Dudkowski, NEC Europe Ltd., Heidelberg, Germany
SAIL Cloud Networking integrates computing, storage and networking onto one single optimization problem. The two pillars of our work are: a) a cloud that is distributed within a network; b) providing dynamic connectivity services to the cloud. The combination of these two aspects brings about a solution that will provide end-users with a better experience and provide a applications with a complete execution platform.
Download slides (PDF, 1.6 MB)
- "Threats and risks for 4G Mobile Communication Networks and Terminals"
Peter Schneider, Nokia Siemens Networks, Munich, Germany
Future 4G mobile communication networks will be an attractive target for attacks aiming at the theft of information, the distortion of information, destroying information or software on hosts or making information or services unavailable. The same holds for the terminals by which the 4G networks will be used, in particular smartphones. In the project ASMONIA, a comprehensive threat and risk analysis for 4G mobile networks and terminals has been carried out. This presentation introduces the applied threat and risk analysis method, the chosen categorisation of assets as well as threats, and the results of the threat and risk assessment, in particular a ranking of the different threats and the different assets according to the risk associated to them.
Download slides (PDF, 0.4 MB)
If you have any further questions regarding the ASMONIA workshops please send a mail to: