In Depth Security Vol. II
Proceedings of the DeepSec Conferences

Stefan Schumacher (Hrsg.), René Pfeiffer (Hrsg.)
Paperback, 272 Seiten, ISBN-13: 9783981770025
Verlag: Magdeburger Institut für Sicherheitsforschung
Sprache: Englisch

Ebook: ISBN-13: 9783981770032

https://www.bod.de/buchshop/in-depth-security-vol-ii-9783981770025

This book contains a broad spectrum of carefully researched articles dealing with IT-Security: the proceedings of the DeepSec InDepth Security conference, an annual event well known for bringing together the world's most renowned security professionals from academics, government, industry, and the underground hacking community. In cooperation with the Magdeburger Institut für Sicherheitsforschung (MIS) we publish selected articles covering topics of past DeepSec conferences. The publication offers an in-depth description which extend the conference presentation and includes a follow-up with updated information.
Carefully picked, these proceedings are not purely academic, but papers written by people of practice, international experts from various areas of the IT-Security zoo. You find features dealing with IT-Security strategy, the social domain as well as with technical issues, all thoroughly researched and hyper contemporary. We want to encourage individuals, organizations and countries to meet and exchange, to improve overall security, understanding and trust. We try to combine hands-on practice with scientific approach. This book is bringing it all together.

IN DEPTH SECURITY
Schumacher, Stefan; Pfeiffer, René (Hrsg.)

Paperback
360 Seiten
ISBN 978-3-9817700-0-1
Verlag: Magdeburger Institut für Sicherheitsforschung

http://www.bod.de/buch/stefan-schumacher/in-depth-security/9783981770001.html

This book contains a broad spectrum of carefully researched articles dealing with IT-Security: the proceedings of the DeepSec InDepth Security conference, an annual event well known for bringing together the world's most renowned security professionals from academics, government, industry, and the underground hacking community. In cooperation with the Magdeburger Institut für Sicherheitsforschung (MIS) we publish selected articles covering topics of past DeepSec conferences. The publication offers an in-depth description which extend the conference presentation and includes a follow-up with updated information.
Carefully picked, these proceedings are not purely academic, but papers written by people of practice, international experts from various areas of the IT-Security zoo. You find features dealing with IT-Security strategy, the social domain as well as with technical issues, all thoroughly researched and hyper contemporary. We want to encourage individuals, organizations and countries to meet and exchange, to improve overall security, understanding and trust. We try to combine hands-on practice with scientific approach. This book is bringing it all together.

STEFAN SCHUMACHER (HRSG.)

Stefan Schumacher is the president of the Magdeburg Institute for Security Research and editor of the Magdeburg Journal for Security Research in Magdeburg/Germany. He started his hacking career before the fall of the Berlin Wall on an East German small computer KC85/3 with 1.75 MHz and a Datasette drive.
Ever since he liked to explore technical and social systems with a focus on security and how to exploit them. He was a NetBSD developer for some years and involved in several other Open Source projects and events. He studied Educational Science and Psychology and does a lot of unique research about the Psychology of Security with a focus on Social Engineering, User Training and Didactics of Security/Cryptography.
He is currently leading the research project Psychology of Security, where fundamental qualitative and quantitative research about the perception and construction of security is done.
He presents the research results regularly at international conferences like AusCert Australia, Chaos Communication Congress, Chaos Communciation Camp, DeepSec Vienna, DeepIntel Salzburg, Positive Hack Days Moscow or LinuxDays Luxembourg and in security related journals and books.


RENÉ PFEIFFER (HRSG.)

René Pfeiffer is one of the organiser of the annual DeepSec In-Depth Security Conference.
He works self-employed in information technology, lectures at the Technikum Wien, and is involved with cryptography and information security for over 20 years.

Table of Contents:

Editors Preface
Stefan Schumacher and René Pfeiffer . . . . .  . . . . . . . . . . . . . . . . P. VII

Foreword
Alexander Mense . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . P. IX

Sexy Defense – Maximizing the Home-Field Advantage
Iftach Ian Amit . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . S. 1

An Innovative and Comprehensive Framework for Social Driven Vulnerability Assessment
Enrico Frumento and Roberto Puricelli . . . . .. . . . . . . . . . . . . . . S. 15

Hacking Medical Devices
Florian Grunow . . . . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . . . .S. 37

Social Authentication – Vulnerabilities, Mitigations, and Redesign
Marco Lancini . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . S. 41

Javas SSLSocket – How Bad APIs Compromise Security
Dr. Georg Lukas . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . S. 71

Why Anti-Virus Software Fails
Daniel Sauder . . . . . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . . . . S. 87

Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System
Martin Schütte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S. 99

Psychology of Security – A Research Programme
Stefan Schumacher . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . . S. 169

The Compromised Devices of the Carna Botnet – As Used for the Internet
Census 2012
Parth Shukla . . . . . . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . . . . S. 181

Trusting Your Cloud Provider – Protecting Private Virtual Machines
Armin Simma . . . . . . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . . S. 209

IPv6 Security – Attacks and Countermeasures in a Nutshell
Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and
Adrian Dabrowski and Edgar Weippl . . . . . .  . . . . . . . . . . . . . . S. 227

From Misconceptions to Failure – Security and Privacy in the US Cloud Computing FedRAMP Program
Mikhail Utin, PhD . . . . . . . . . . . . . . . . . . . . .  . . . . . . . . . . . . . . . . . S. 255

How Bluetooth May Jeopardize Your Privacy – An Analysis of People
Behavioral Patterns in the Street
Vernica Valeros and Sebastin Garca . . . . . . .. . . . . . . . . . . . . . . S. 315

IT Security Compliance Management Can Make Sense
Adrian Wiesmann . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . S. 335

How to Get Published in This Series
Stefan Schumacher and René Pfeiffer . . . . .  . . . . . . . . . . . . . . . . S. 345

Fault-tolerant Industrial Wireless Mesh Network Infrastructure by Georg Lukas. 

Modern industrial facilities have growing demands for wireless communication. Industrial applications need a communication service which can cope with mobility and environmental dynamics while maintaining real-time service quality. The goal of this thesis is to provide a reliable communication service with end-to-end guarantees on top of Wireless Mesh Networks. Applications should be able to specify their functional and non-functional end-to-end requirements, which the infrastructure then fulfills. This task is challenging due to the limited throughput capacity and highly dynamic nature of the wireless medium, which includes effects like varying transmission rates, changing links, mobility and even ocassional node failures.

The approach taken in this thesis to master these issues is to apply the methods of fault-tolerance. The solution consists of a feedback control loop which adapts the network to the infl uence of dynamic e ects by deploying resource assessment, resource admission and resource provision. The control loop is combined with proactive measures which prevent service failures in the time between a fault occurs and is properly handled by the control loop.

The developed mechanisms are implemented on top of the existing AWDS routing protocol. Cross-layer interfaces to lower layers are used for obtaining more precise and timely information. The infrastructure provides an application interface for requesting QoS guarantees, and ensures their enforcement.

The infrastructure is evaluated in an industrial application scenario, where a mobile robot is remote-controlled using live video and sensory feedback. This high-bandwidth real- time application is competing for medium access with background data streams. The evaluation shows that it is possible to control the robot without interruptions or service failures when all implemented components are active. At the same time, the deactivation of any of the building blocks severely reduces the achievable service quality, showing their respective necessity.

Therefore, the presented work successfully solves the challenge of providing a communication backbone for dynamic industrial environments. It therefore enables the introduction of high-bandwidth mobile applications like tele-robotics and augmented reality in industrial automation.

Lukas, Georg
Fault-tolerant Industrial Wireless Mesh Network Infrastructure
1. Auflage, Januar 2013
Englisch, 196 Seiten, 14,8 x 21 cm, 270 g
ISBN: 978-3-86844-499-5
http://www.sierke-verlag.de/shop/index.php/fault-tolerant-industrial-wireless-mesh-network-infrastructure.html