Research on IF-MAP - esukom
Research on IF-MAP - esukom
Research on IF-MAP - esukom
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<str<strong>on</strong>g>Research</str<strong>on</strong>g> <strong>on</strong> <strong>IF</strong>-<strong>MAP</strong><br />
Ingo Bente (Trust@FHH)<br />
15.04.2011, University of Frankfurt
Introducti<strong>on</strong><br />
2011/04/15 ESUKOM 2
Trust@FHH <str<strong>on</strong>g>Research</str<strong>on</strong>g> Group<br />
• Team<br />
– Chair: Prof Dr. Josef v<strong>on</strong> Helden<br />
– 3 research associates<br />
– 4 student assistants<br />
• <str<strong>on</strong>g>Research</str<strong>on</strong>g> Fields<br />
– Trusted Computing<br />
– Network & Mobile Security<br />
• Selected Projects<br />
– TNC@FHH<br />
– IRON<br />
– ESUKOM<br />
• More Informati<strong>on</strong><br />
– trust.inform.fh-hannover.de<br />
2011/04/15 ESUKOM 3
The ESUKOM Project in a Nutshell<br />
• Motivati<strong>on</strong><br />
– Smartph<strong>on</strong>es are used in business envir<strong>on</strong>ments<br />
– Impact of Smartph<strong>on</strong>es in terms of IT-Security is unclear<br />
– Idea: Address Smartph<strong>on</strong>e Challenge by leveraging <strong>IF</strong>-<strong>MAP</strong><br />
• Project Goals<br />
– Investigati<strong>on</strong> of Smartph<strong>on</strong>e platforms in terms of security<br />
– Development of <strong>IF</strong>-<strong>MAP</strong> prototype infrastructure<br />
• Durati<strong>on</strong><br />
– 10/2010 – 09/2012 (2 years)<br />
• Funding<br />
– Funded by german BMBF<br />
• Website<br />
– www.<strong>esukom</strong>.de<br />
2011/04/15 ESUKOM 4
Project C<strong>on</strong>sortium<br />
• 3 SMEs & 2 Academic Instituti<strong>on</strong>s<br />
– DECOIT GmbH<br />
– mikado soft GmbH<br />
– NCP Secure Communicati<strong>on</strong>s<br />
– Fraunhofer SIT<br />
– Trust@FHH, FH Hannover<br />
• Further Cooperati<strong>on</strong>s<br />
– Infoblox, Juniper, Enterasys, Infine<strong>on</strong><br />
– PhD Programme with<br />
Universität der Bundeswehr München<br />
2011/04/15 ESUKOM 5
Why using <strong>IF</strong>-<strong>MAP</strong> anyway?<br />
2011/04/15 ESUKOM 6
ESUKOM Problem Statement<br />
• How to secure smartph<strong>on</strong>es in business envir<strong>on</strong>ments?<br />
• What we knew in advance<br />
– (Some) characteristics of smartph<strong>on</strong>es<br />
– Smartph<strong>on</strong>es are not properly addressed today …<br />
– … but existing security tools are deployed<br />
– Our technological background (TC, TNC, <strong>IF</strong>-<strong>MAP</strong>)<br />
• What we did not know<br />
– How do smartph<strong>on</strong>es change attack surface?<br />
– What aspects of smartph<strong>on</strong>es are important in terms of security?<br />
– What (existing/new) means are appropriate to secure<br />
smartph<strong>on</strong>es?<br />
2011/04/15 ESUKOM 7
• Idea<br />
ESUKOM Idea<br />
– Leverage existing tools to secure smartph<strong>on</strong>e usage<br />
– Follow network oriented approach<br />
– Correlate (smartph<strong>on</strong>e) metadata from arbitrary sources<br />
– No system security<br />
• Why <strong>IF</strong>-<strong>MAP</strong>?<br />
– General purpose, c<strong>on</strong>tent based pub/sub protocol<br />
– Integrati<strong>on</strong> of existing security soluti<strong>on</strong>s<br />
– Good experiences from adopti<strong>on</strong> (IRON project)<br />
– Exciting new technology<br />
2011/04/15 ESUKOM 8
ESUKOM High Level Architecture<br />
2011/01/12 ESUKOM 9
The Field of Mobile Ph<strong>on</strong>e Security<br />
2011/04/15 ESUKOM 10
Mobile Ph<strong>on</strong>e Security <str<strong>on</strong>g>Research</str<strong>on</strong>g><br />
• <str<strong>on</strong>g>Research</str<strong>on</strong>g> questi<strong>on</strong>s<br />
– Threats introduced by smartph<strong>on</strong>es?<br />
– Limitati<strong>on</strong>s and flaws of current platforms?<br />
• <str<strong>on</strong>g>Research</str<strong>on</strong>g> field is gaining momentum<br />
– Focus <strong>on</strong> Android and iOS<br />
– Mostly exploits & system security approaches<br />
– For example Taintdroid, Kirin & Saint (Enck et al. 2009 & 2010,<br />
PSU)<br />
2011/04/15 ESUKOM 11
Smartph<strong>on</strong>e Threat Analysis for ESUKOM<br />
• Goal<br />
– Threat model for smartph<strong>on</strong>es used in corporate envir<strong>on</strong>ments<br />
– Smartph<strong>on</strong>es == mobile c<strong>on</strong>sumer electr<strong>on</strong>ic devices<br />
• Smartph<strong>on</strong>e Characteristics<br />
– Built-in Sensors<br />
– C<strong>on</strong>nectivity<br />
– Internet-support<br />
– Resource Paradox<br />
– App-based Architectures<br />
– Platform Diversity<br />
2011/04/15 ESUKOM 12
Smartph<strong>on</strong>e Threat Analysis for ESUKOM<br />
2011/04/15 ESUKOM 13
ESUKOM Key Features<br />
2011/04/15 ESUKOM 14
ESUKOM Key Features<br />
2011/04/15 ESUKOM 15
Open (<str<strong>on</strong>g>Research</str<strong>on</strong>g>) Questi<strong>on</strong>s<br />
• Effective correlati<strong>on</strong> of large metadata graphs<br />
– What are suitable correlati<strong>on</strong> approaches?<br />
– What part of metadata graph is relevant for what purpose?<br />
• Smartph<strong>on</strong>e specific metadata vocabularies<br />
– Status of sensors<br />
– Locati<strong>on</strong><br />
– Platform Details (installed apps, used permissi<strong>on</strong>s)<br />
• Interdomain <strong>MAP</strong><br />
– <strong>MAP</strong>-Server to <strong>MAP</strong>-Server Communicati<strong>on</strong><br />
• Threats introduced by <strong>IF</strong>-<strong>MAP</strong>?<br />
– Impact of rouge <strong>MAP</strong>Cs<br />
– Trustworthiness of metadata graph<br />
2011/04/15 ESUKOM 16
Thank You<br />
Questi<strong>on</strong>s ?
Backup Slides<br />
2011/04/15 ESUKOM 18
ESUKOM Key Feature MalApp Detecti<strong>on</strong><br />
2011/04/15 ESUKOM 19
Live Demo<br />
2011/04/15 ESUKOM 20
<strong>IF</strong>-<strong>MAP</strong> Demo<br />
• <strong>MAP</strong> Server<br />
– ir<strong>on</strong>d 0.2.1<br />
• <strong>MAP</strong> Clients<br />
– soapUI (triggers <strong>IF</strong>-<strong>MAP</strong> operati<strong>on</strong>s)<br />
– ir<strong>on</strong>gui 0.1.0 (visualizati<strong>on</strong>)<br />
• Software available at<br />
– http://trust.inform.fh-hannover.de<br />
– www.soapui.org<br />
– Licenses: Apache License 2 & LGPL 2.1<br />
2011/04/15 ESUKOM 21
Copyright 2011<br />
Das dem Projekt zugrunde liegende Vorhaben wurde mit Mitteln des Bundesministeriums für<br />
Bildung und Forschung unter dem Förderkennzeichen „01BY1050“ gefördert. Die<br />
Verantwortung für den Inhalt liegt bei den Autoren.<br />
Die in dieser Publikati<strong>on</strong> enthaltenen Informati<strong>on</strong>en stehen im Eigentum der folgenden<br />
Projektpartner des vom Bundesministerium für Bildung und Forschung (BMBF)<br />
geförderten Projektes „ESUKOM“: DECOIT GmbH, Fachhochschule Hannover (FHH),<br />
Fraunhofer-Institut für Sichere Informati<strong>on</strong>stechnologie (SIT), NCP engineering GmbH<br />
und der mikado soft GmbH. Für in diesem Dokument enthaltenen Informati<strong>on</strong> wird keine<br />
Garantie oder Gewährleistung dafür übernommen, dass die Informati<strong>on</strong>en für einen<br />
bestimmten Zweck geeignet sind. Die genannten Projektpartner übernehmen keinerlei<br />
Haftung für Schäden jedweder Art, dies beinhaltet, ist jedoch nicht begrenzt auf direkte,<br />
indirekte, k<strong>on</strong>krete oder Folgeschäden, die aus dem Gebrauch dieser Materialien<br />
entstehen können und soweit dies nach anwendbarem Recht möglich ist.<br />
2011/01/12 ESUKOM 22