Prof. Hans P. Reiser
Benjamin Taubmann
Noëlle Rakotondravony
Johannes Köstler
The project is devoted to the detection, forensic analysis and reporting of security incidents. The starting point is the status information of operating systems, runtime parameters of the application systems and data from virtual machines, which are enriched with information from the identity and computer management and are compared with known attack patterns. Data streams are evaluated using new visual analysis methods. In the case of the detection of anomalies, the systems are fed to an intensive forensic trace analysis. In addition, it is planned to forensically evaluate and publish known and hitherto unknown attack patterns and, in the event of damage to critical infrastructure operators, to prepare a pseudonymized notification according to the recent law on increasing the security of information technology systems. In addition to the research results, DINGFEST will provide all research prototypes in the form of a modular toolsuite in the open source business model.
Bundesministerium für Bildung und Forschung
F. Menges, T. Latzo, M. Vielberth, S. Sobola, H. C. Pöhls, B. Taubmann, J. Köstler, A. Puchta, F. Freiling, H. P. Reiser and G. Pernul, "Towards GDPR-compliant data processing in modern SIEM systems" , Computers & Security , vol. 103, pp. 102165, 2021.
DOI: https://doi.org/10.1016/j.cose.2020.102165
File: https://www.sciencedirect.com/science/article/pii/S0167404820304387
N. Rakotondravony, B. Taubmann, S. Sentanoe and H. P. Reiser, "Poster: Reconfigurable monitoring and performance awareness in VMI-based SIEM systems" in 2019 {IEEE} Security and Privacy Poster, San Francisco, CA, USA, May 20-22 , 2019.
B. Taubmann, A. Böhm and H. P. Reiser, "TwinPorter - An Architecture For Enabling the Live Migration of VMI-based Monitored Virtual Machines" in The 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom'19) , 2019.
S. Sentanoe, B. Taubmann and H. P. Reiser, "VMIGuard: Detecting and Preventing Service Integrity Violations by Malicious Insiders Using Virtual Machine Introspection" in Proc. of the 24th Nordic Conference on Secure IT Systems (NordSec) , 2019. pp. 271--282.
B. Taubmann, O. Al Abduljaleel and H. P. Reiser, "DroidKex: Fast Extraction of Ephemeral TLS Keys from the Memory of Android Apps" , Digital Investigation , vol. 26, pp. S67-S76, 2018.
S. Sentanoe, B. Taubmann and H. P. Reiser, "Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots using Virtual Machine Introspection" in Proc. of the 23. Nordic Conference on Secure IT Systems , 2018.
B. Taubmann and B. Kolosnjaji, "Architecture for Resource-Aware VMI-based Cloud Malware Analysis" in Workshop on Security in {H}ighly {C}onnected IT {S}ystems (SHCIS'17) , 2017.
N. Rakotondravony and H. P. Reiser, "Towards a Common Evaluation Framework for Cyber Security Visualizations" in Poster at the 14th IEEE Symposium on Visualization for Cyber Security (VizSec) , 2017.
S. Sentanoe, B. Taubmann and H. P. Reiser, "Virtual Machine Introspection Based SSH Honeypot" in Workshop on Security in {H}ighly {C}onnected IT {S}ystems (SHCIS'17) , 2017.
B. Taubmann, N. Rakotondravony and H. P. Reiser, "CloudPhylactor: Harnessing Mandatory Access Control for Virtual Machine Introspection in Cloud Data Centers" in The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16) , 2016.
