Competence Center Security

Transcription

1 Competence Center Security DAI-Labor The Laboratory for Distributed Artificial Intelligence (DAI-Labor) is an institute of the Technische Universität Berlin; it currently is employing about 100 researchers, graduate students, postdocs and support staff. The research focus lies on agent technologies and its fast and safe deployment in diverse application areas of business and telecommunications. In particular, an open and scalable agent framework for the design, test and deployment of sophisticated services, the Java Intelligent Agent Componentware (JIAC) is developed at DAI-Labor. Additional fields of research at DAI- Labor are wireless technologies in heterogeneous networks and security issues concerning network operators and end users. Competence Center Security (CC SEC) The main focus of the Competence Center Security is the design and implementation of intelligent security solutions that operate autonomously. In our opinion, the ubiquity and pervasiveness of contemporary networked systems poses new challenges which can not be met with conventional monolithic approaches. Autonomous Security deals with the design and implementation of a security framework which is aware of its environment, detects changes in this environment indicating a threat to the system and makes decisions reacting to these threats in an intelligent and autonomous fashion.

2 The framework-inherent security mechanisms will assist end users and administrators in dealing with different threats and their rapid rate of propagation and allow them to master the complexity of contemporary IT infrastructures. Hence, the research directions in CC Security prominently include: Application of AI approaches for detecting unknown attack patterns Design of cooperative models for joint attack detection Combination of various different mathematical approaches to network analysis Design and implementation of secure software solutions Main Research Areas Autonomous Security Framework This cluster deals with the conceptual development and the implementation of Autonomous Security components, with the exception of the separately clustered Detection Units. This includes the abovementioned cooperation mechanisms as well as mathematical models for network analysis and tools for the simulation and evaluation of security functionality. Secure Services This cluster handles the development of autonomous security solutions as well as secure services on top of the JIAC IV agent framework. In this respect, the main focus is the realization of security mechanisms and the design of secure development processes for the JIAC IV Service Development methodology. Malware Detection The cluster Malware Detection deals with the various approaches originating from multiple domains for detecting malware. This ranges from bio-inspired techniques, supervised and unsupervised learning strategies to statistical analysis. Another goal is to intelligently combine different algorithms to achieve better detection results. Reference Projects JIAC Intelligent and autonomous agents are the key technology for realising flexible and distributed systems. In the JIAC project [Fricke 2001] a scalable serviceware framework for agents was developed, which allowed adaptive configuration relating to changing users, groups, security policies and interoperability.

3 The core of the JIAC serviceware framework is a component oriented architecture, which allows creating software agent from different software components [Sesseler 2002]. Each needed ability like understanding different communication protocols, knowledge processing and action managing as well as scheduling can be found in a special component. Further more, additional collections of services, possible tasks and ontologies can be found, e.g. billing and accounting services. Unlike JIAC components, services, actions and ontologies are not written in Java, they use a special logical and declarative programming language called JIAC Agent Description Language (JIAC), which allows fast creation and configuration of agents. Application specific, additional functions can be created by extending already existing components, services, actions or ontologies using Java or JADL. JIAC Agents base on the Belief, Desire, Intention (BDI-) Model, which means that they follow goals to achieve certain desired states. This is done more efficiently by having the ability to choose between different Actions. Communication between components of an agent is realized by asynchronous messages. For data exchange between agents and services, which base on FIPA conform messages. JIAC supports HTTP, TCP, and SSL for exchange of FIPA conform messages, where only HTTP is described in the FIPA standard, but using TCP and SSL increases security and reliability. An additional characteristic of JIAC is that security played an important role in design phase [Bsufka 1999]. Different security mechanisms are implemented in JIAC [Schmidt 2002], e.g. the protection of the transport layer with SSL, as well as the protection of the application layer. Further more, mechanisms like authorization and authentication of agents, agents owners and users are included. All these mentioned mechanisms base on the Public Key Infrastructure (PKI) mechanisms in JIAC [Bsufka 2006]. JIAC supports the PKI standards x.509 and SPKI. The migration of mobile agents basing on trusting systems for mobile agents [Albayrak 2001] is included, too. Further more, JIAC version is evaluated and certified for Common Criteria EAL 3 [DAILabor2004, Geissler 2004, BSI 2005]. Beside the ability of reading private keys from filesystem, in version agents are able to use private keys from chip cards with a special enhancement [Scheunemann2002]. With JIAC, development is not only supported by collections of components, services, actions and ontologies, several additional tools [Hirsch 2006] that help to create agents and to define their roles and communication protocols, are provided Other Projects We have also other reference projects in the security area. However, because of contract and IPR agreements we are not allowed to publish details about them officially. NetShield DDos Detection The objective of the project NetShield DDos Detection is to develop a smartphone security framework capable of detecting malicious code on mobile device and to initiate the appropriate counter measures.

4 NetShield Malware Filtering The project Malware Filtering focuses on the net centric approach of Malware Detection. Therefore the network security simulator (NeSSi) is developed capable of evaluating detection algorithms. The development of new algorithms in the area of network security is the second foundation of the project. Selected Publications [Albayrak 2001] Sahin Albayrak and Karsten Bsufka. Integration von Public-Key- Infrastruktur-Funktionalitäten in Agenten-Toolkits. In S. Jablonski, S. Kirn, M. Plaha, E.J. Sinz, A. Ulbrich vom Ende, and G. Weiß, editors, Verteile Informationssysteme auf der Grundlage von Objekten, Komponenten und Agenten. PROCEEDINGS der Verbundtagung VertIS 2001, pages , October [Albayrak 2005] Sahin Albayrak, Achim Müller, Christian Scheel, and Dragan Milosevic. Combining Self-Organizing Map Algorithms for Robust and Scalable Intrusion Detection. In M. Mohammadian, editor, Proceedings of International Conference on Computational Intelligence for Modelling Control and Automation (CIMCA 2005), Vienna, Austria, [Bsufka 1999] Karsten Bsufka, Stefan Holst, and Torge Schmidt. Realization of an Agent- Based Certificate Authority and Key Distribution Center. In Sahin Albayrak, editor, Intelligent Agents for Telecommunication Applications, number 1699 in Lecture Notes in Artifical Intelligence, pages , Third International Workshop, IATA 99, Stockholm, Sweden, August [Bsufka 2006] Karsten Bsufka. Public Key Infrastrukturen in Agentenarchitekturen zur Realisierung dienstbasierter Anwendungen. Dissertation, Technische Universität Berlin, [Bsufka 2006b] Karsten Bsufka, Olaf Kroll-Peters Sahin Albayrak. Intelligent Network- Based Early Warning Systems. Proceedings of 1st International Workshop on Critical Information Infrastructures Security, Samos Greece Lecture Notes in Computer Science LNCS Vol Editor Javier Lopez. Springer-Verlag Berlin Heidelberg, [BSI 2005] Bundesamt für Sicherheit in der Informationstechnik. Certification Report BSI- DSZCC for Java Intelligent Agent Componentware IV Version from DAI- Labor Technische Universität Berlin [DAI-Labor 2004] DAI-Labor. Security Target Java Intelligent Agent Componentware IV [Fricke 2001] Stefan Fricke, Karsten Bsufka, Jan Keiser, Torge Schmidt, Ralf Sesseler, and Sahin Albayrak. Agent-based telematic services and telecom applications. Communications of the ACM, 44(4):43 48, April 2001.

5 [Geissler 2004] Tim Geissler and Olaf Kroll-Peters. Applying Security Standards to Multi Agent Systems. In The First International Workshop on Safety and Security in Multiagent Systems (SASEMAS) Part of AAMAS held at Columbia University New York City, 20 July 2004, July [Hirsch 2006] B. Hirsch, T. Konnerth, A. Hessler, and S. Albayrak. A serviceware framework for designing ambient services. In A. Mana and V. Lotz, editors, Proceedings of the First International Conference on Ambient Intelligence Developments (AmID 06), pages Springer France, [Luther 2007] Katja Luther, Rainer Bye, Tansu Alpcan, Sahin Albayrak, Achim Müller. A cooperative AIS framework for Intrusion Detection. (accepted) IEEE International Conference on Communications 2007 ( [Luther 2006] Katja Luther. Entwurf eines Künstlichen Immunsystems zur Netzwerküberwachung auf Basis eines Multi-Agenten-Systems. Diplomarbeit, Technische Universität Berlin, [Scheel 2005] Christian Scheel. Managing Strategies for a Self-Organising Map based Filtering Agent Community. Diplomarbeit, Technische Universität Berlin, [Scheunemann 2002] Heiko Scheunemann. Einbindung der TCOS-Chipkarten- Funktionalitäten In der Agentenarchitektur JIAC IV. Diplomarbeit, Technische Universität Berlin, 2002 [Schmidt 2002] Torge Schmidt. ASITA: Advanced Security Infrastructure for Multi-Agent Applications in the Telematic Area. Dissertation, Technische Universität Berlin, [Schmidt 2006] Aubrey-Derrick Schmidt. Monitoring of Mobile Devices for Anomaly Detection on Agent Framework JIAC. Diplomarbeit, Technische Universität Berlin, [Schmidt 2007] Stephan Schmidt, Tansu Alpcan, Tamer Basar, Achim Müller, Sahin Albayrak. A Malware Detector Placement Game for Intrusion Detection. Eingereicht für IEEE International Conference on Communications [Sesseler 2002] Ralf Sesseler. Eine modulare Architektur für dienstbasierte Interaktionen zwischen Agenten. Dissertation, Technische Universität Berlin, [Wetzker 2005] Robert Wetzker. Beherrschbarkeit zukünftiger Bedrohungen durch ein Künstliches Immunsystem (AIS) auf Basis von Agententechnologien. Diplomarbeit, Technische Universität Berlin, 2005.

6 Persons Dr.-Ing- Karsten Bsufka finished his doctoral studies at Technische Universität Berlin with the topic Public Key Infrastrukturen in Agentenarchitekturen zur Realisierung dienstbasierter Anwendungen /(engl.: Public Key Infrastructures in Agent Architectures for Realising Service-Oriented Applications ) in He is employed at DAI-Labor for nine years, starting as student assistant and afterwards working as academic staff, where he developed together with others the Serviceware Framework JIAC. Most on his work on JIAC was designing and implementing security and communication mechanisms, where the security mechanisms where certified for Common Criteria by German Bundesanstalt fuer Sicherheit in der Informationstechnologie (BSI). In 2005 he got project leader of the research project DDoS Detection and in 2006 leader of the whole Competence Center Security. His scientific/research interests lie on development of secure distributed systems. Dipl.-Inform. Rainer Bye got the grade Diplom Informatiker, comparable with int. master degree, in 2005 at Technische Universität Carolo-Wilhelmina zu Braunschweig. His research focus lies on distributed systems, which lead him to DAI-Labor Berlin, where he got project leader of the Malware Filtering projects in In this project he develops a network simulator which includes routing and TCP/IP components for traffic analysis. In addition, he is supervisor for diploma thesis s regarding security, databases and distributed systems and is active in acquiring new projects. His scientific/research interests lie on distributed systems and their deployment for cooperative detection of attacks in networks.

7 Dr. Seyit Ahmet Çamtepe received the Ph.D. degree in Computer Science from Rensselaer Polytechnic Institute, Troy, NY, in He received the B.S. and M.S. degrees in Computer Engineering from Boğaziçi University, Istanbul, Turkey, in 1996 and 2001 respectively. He worked as a Network and Security Engineer in Pamukbank (currently Halkbank), Istanbul, Turkey, from 1996 to During his Ph.D. study, he worked on variety of security research projects including key management in wireless sensor networks, attack modelling and detection and social network analysis. He is currently working as a senior researcher in DAI-Labor at Technische Universität Berlin. His research interests include autonomous security, economy of information security, malicious cryptography, key management, distributed system security, attack modelling-detection-prevention, social network analysis and VoIP security. Dipl.-Inform. Olaf Kroll-Peters got the degree Diplom Informatiker in 1999 and worked in different companies in the section of quality assurance. As leader of the support and quality assurance of the company Fresenius Netcare he had intensive contact to the customers, where got to know the special problems concerning user interfaces, which in turn lead to his research field of usability. Besides, first he was project leader of the Common Criteria certification of Agent Framework JIAC IV and then started teaching at Technische Universität Berlin courses relating to security and usability. Olaf Kroll-Peters is supervisor for several diploma thesis s, where the main topics relate to usability, quality assurance and security in distributed systems and cryptologic methods. His scientific/research interests lies on the connection of usability and security, which means realising easy to use systems that nevertheless are secure.

8 Dipl.-Inform., Dipl.-Bio. Katja Luther finished studying computer science at Technischel Universität Berlin in Before, she already worked as student assistant at DAI-Labor, where now she is an academic employee. Besides security in networks and machine learning, she is interested in bio-inspired algorithms like Artificial Immune Systems (AIS) or swarm algorithms. In 2005, she works in Malware Filtering project on the Network Security Simulator NeSSi, where she designed and realized the implementation of the TCP protocol as well as the sockets. Since 2006 she develops and implements a Detection Unit in the project DDoS Detection. Her scientific/research interests lie on machine learning (anomaly detection) in network security and cooperative security solutions. Dipl.-Inform. Arik Messerman finished his Diploma (M.S.) in Computer Science department at Technische Universität Berlin in His research interests include operating systems, cryptology and network security. During the years , he worked as a teaching assistant in DAI-Labor. He is currently employed as a scientific researcher in DAI-Labor and working in the project Malware Filtering).

9 Dipl.-Inform. Aubrey-Derrick Schmidt finished his studies at Technische Universität Berlin in While writing his diploma thesis Monitoring of Mobile Devices for Anomaly Detection on Agent Framework JIAC he worked in DDoS Detection project, where he realized the client side monitoring of Symbian devices. His scientific/research interests lie on mobile devices and related security topics. Dipl-Inform. Stephan Schmidt received his diploma degree in computer science in 2005 at the Technische Universität Berlin specializing in operating and communication systems. Additionally, he received a minor degree in mathematics. He is working as a scientific researcher at the DAI laboratories in the Malware Filtering project. His main areas of interest are network algorithms, game theory, optimization techniques and their application to the network security domain. He is furthermore assisting Rainer Bye in the project management and student mentoring