April 13, 2010 Passwort war gestern – SecLookOn ist heute! Statistische Sicherheitsanalyse von SecLookOn
Andreas Schuster will present a special forensics workshop ragarding memory analysis. The workshop will take place on the 22/23 of april, 2010 and will focus on:
- Intel x86 hardware platform
- Random Access Memory (RAM)
- Techniques of adressing
- Forensic backup of the RAM, methods and tools
- Windows memory management
- Objects of the system kernel
- Applied techniques for analysis
- Use of the Microsoft debugger and the volatility framework
- Excercises on memory dumps
The course will be held in German.
Guest Talk Prof. Müller: Does the Current Security Research only Solve Known Problems?
So far, security meant access control. Statistics show that this paradigm becomes less sufficient, therefore applications of cloud computing and service orientation are at risk. One wants not only to have access, but also the assurance that agreements will be fulfilled at any time. This so-called „usage control“ is understood as the known reliability complemented with security and the accuracy of the services. Vulnerabilities allow via an inevitable interference the deriving of information, made possible only through unreliable information flows. The lecture presents the current starting and security situation based on statistics about security breaches. Especially due to the shortcomings of the security research vulnerabilities have occurred which today can be summarized under the term “compliance” and are very difficult to combat. This involves security problems in processes. Therefore, the DFG (German Research Foundation) has established a priority program entitled “Reliably Secure Systems” for which the lecturer is also responsible. The point is to expand the security question beyond access control by incorporating reliability. The practical and technical challenges are in the focus of this presentation.
Today, Stefan Fenz presents the paper “Ontology-based Generation of IT-Security Metrics” at the 25th ACM Symposium on Applied Computing.
Click here to browse and edit the security ontology online.
Mar 2, 2010 @SBA:
17:30 – 17:50, SBA: “Cloud-Tools” und Auswirkungen auf Sicherheitsanforderungen
17:50 – 18:25, SBA-Partner Security Research: Sicherheit und Virtualisierung
18:25 – 19:00, SBA-Partner factline: Bedeutung der Verlässlichkeit und Sicherheit für Zusammenarbeit über Web-Plattformen
The ‘Explore, Investigate and Correlate’ (EIC) Conceptual Framework for Digital Forensics Information Visualisation
by Grant Osborne, University of Adelaide, South Australia
From March to May and from August to December 2010 Martin Mulazzani will work on his research in Privacy and Forensics at Purdue University in Elisa Bertino’s group.