Seminar 4 CP, summer term 2013
Florian Volk [email protected]
based on slides by Dr. Leonardo Martucci
Seminar Telekooperation
What? Read and analyze current scientific
publications
Topics: Security, Privacy, Trust
Florian Volk, Telekooperation 2
General Information
How? Select a topic and study it
Write a short report
Review other reports
Present your report
Who? BSc, MSc and Diploma students from Computer Science
Electrical Engineering
and related areas
Florian Volk, Telekooperation 3
General Information
Why? Introduction to a resarch area
Learn to read and analyze scientific material
Present your evaluation
When? April 23 (today) Introduction Topic Presentation Tutorial: Working with Literature
April 28 Topic Selection
June 23 First version of your report (for the review)
June 30 Deliverable of the reviews
July 09 First version of your presentation
July 14 Final version of your report
July 16 (13:00, room 4.3.01 at CASED) Presentation of your work
Meetings with your advisor (optional)
Language? English Even though your advisor might
speak German, your report has to be in English
1. Pick a topic, read the provided literature
and find more literature
2. Write an overview or state-of-the-art report
3. Peer-Review process
Your report will be reviewed by a colleague (and by your advisor)
You will review a colleague‘s report
4. Correct and improve your report following the
reviewer‘s comments
5. Give a presentation on your report
Florian Volk, Telekooperation 4
5 Steps to Success
Read
Literature
Write Report
Peer review
Correct Report
Presentation
enough
Yes
No
You get 4 graded credit points for Your report: 4-5 pages IEEE transactions style paper
(find templates on the course web page)
Your participation in the review: both active and passive
Your presentation: 15 minutes + discussion
Florian Volk, Telekooperation 5
Evaluation and Grading
You need to pass all parts!
60 %
Report
15 %
Review
25 %
Presentation
4 CP seminar with topics on Security, Privacy, and Trust
Deadlines Topic Selection: April 28
Report‘s 1st version: June 23
Review: June 30
Presentation‘s 1st version: July 09
Report‘s final version: July 14
Presentation: July 16
Florian Volk, Telekooperation 6
At a Glance
http://www.tk.informatik.tu-darmstadt.de/de/teaching/sommersemester-2013/seminar-telekooperation-s3/ [email protected]
Honeypots
Honeypot: a decoy system, who's value lies only in being probed,
attacked or compromised.
Low and medium interaction honeypots
simulate network operations (usually at the
TCP/IP stack), in order to trick attackers.
Interesting way to detect new attacks and
malware. More and more research centers and
companies deploy honeypots.
Goal:
State-of-the-art of low and medium Honeypots
Botnets: Hiding & Defense Mechanisms
Overview:
Botnets: Infected machines/computers over the Internet (via Malwares) and turned
into Bots/Zombies/Drones.
Bots can be instructed to execute malicious activities by the Botherder/Botmaster
Difficult to detect because of the hiding & defense mechanisms
Goal:
State-of-the-art survey on Botnet’s hiding-and-defense
mechanisms
Botnets:
‘Protecting’ the Communication-and-Control Mechanism
Overview:
Infected Bots need to contact the Botmaster (controls the Bots) via Command-
and-Control (C&C) mechanism
Seek next instruction/actions
Botmasters place high importance in protecting the C&C and its communication
medium/methods
Goal:
State-of-the-art survey on how the C&C’s are ‘protected’ by the Botmasters
Network Resilience Metrics
Network resilience as important pre-requisite of today‘s systems
E.g., resilience to the removal of nodes:
How many nodes do I have to remove to partition the network?
Which node causes the largest number of paths to be broken?
Goal: Survey of graph-related metrics and
algorithms quantifying the
resilience / survivability of networks
Location is sensitive for privacy Well studied – MIX networks, cloaking, […]
What about problems strongly depending
on accurate location?
Proximity testing
Closest meeting point
Or even distributed localization
Still a hot topic!
New protocols & solutions appearing
Location-based Privacy Enhancing Technologies
Motivation
Task
Survey LBS PETs
Discover & explain approaches
Identify common primitives & categorize
Compare benefits & drawbacks
(Social) graphs describe our lives
Friends, work, news, hobbies, […]
Anonymizaton techniques protect
privacy
Pseudonyms, Tor, MIXnets
However, unique social graph
properties can counter anonymity
Multiple graphs might be linked
By similar structures and properties
(Social) Graph Privacy Survey
Motivation
Task
Survey social graphs & privacy
Graph types & properties
Existing reference graphs & data sets
Privacy properties & metrics of graphs
(Trust and) Reputation Systems are found in numerous online sites
We are interested in
what kind of reputation systems are out there
who uses which kind of reputation system
what are they used for
Goals:
Find and survey sites using reputation systems
Classify the reputation systems according to what is being rated (products, companies, people,...)
how the rating works
Reputation Systems in the Wild
Virtualization as Security Enabler in Mobile Devices
Overview:
OS are complex -> many
vulnerabilities
Solutions: Virtualization
However, IO hardware is shared
Attacker might mock the interaction
with the secure application
Goal:
State-of-the-art survey on
Virtualization Solutions for Mobile
Devices
Focus: Secure I/O
Hardware Platform
Hypervisor
OS
Secure OS
Trustworthy
apps behave as expected!
Unexpected behaviour
can cause your money
can release your private information
Review the threats and classify them
Review the privacy issues
Trustworthy Mobile Applications
Source: Lookout Inc.
Application stores
Google play, Apple‘s app store,…
How trustworthy they are?
Remember! there are third party app stores
AppBrain, OpenAppMkt
How those stores enforce trust?
Review and classify underlying mechanisms
Trustworthy Application Stores
Comparison of Three Modern Trust Models
Computational Trust Modeling
When entities (e.g., people, services) interact, there is an interest in knowing the behavior
of a partner upfront.
Estimating the outcome of an interaction helps entities to decide on interaction partners.
Goals
Understand the three trust models
FIRE, TRAVOS and CSRC.
Compare them based on what they
try to achieve and how they
accomplish that.
Classify these models according to
older classifications for trust
models.
Effect and Use of Product Ratings
There is an asynchrony in product ratings
Customers base their purchase decisions on product ratings.
Customers don’t rate their purchased products.
Goals
Make a study (ask your friends and
fellow students) to research the
following:
Is the assumption above
correct?
Why and under which conditions
do customers rate? (Only after
bad experiences, when they
want to criticize?)
Scientifically evaluate your results.
Draw conclusions from your
findings.
1. Honeypots (Emmanouil Vasilomanolakis)
2. Botnets: Hiding & Defense Mechanisms (Shankar Karuppayah)
3. Botnets: ‘Protecting’ the Communication-and-Control Mechanism (Shankar Karuppayah)
4. Network Resilience Metrics (Mathias Fischer)
5. Location-based Privacy Enhancing Technologies (Jörg Daubert)
6. (Social) Graph Privacy Survey (Jörg Daubert)
7. Reputation Systems in the Wild (Sascha Hauke)
8. Virtualization as Security Enabler in Mobile Devices (Stefan Schiffner)
9. Trustworthy Mobile Applications (Sheikh Habib, Stefan Schiffner)
10. Trustworthy Application Stores (Sheikh Habib)
11. Comparison of Three Modern Trust Models (Florian Volk)
12. Effect and Use of Product Ratings (Florian Volk)
Florian Volk, Telekooperation 21
Overview on Topics
by
Leonardo A. Martucci
Sascha Hauke
proudly presented and edited by
Florian Volk
How to work with Literature and write Scientific Material
CONTENT
What’s a scientific publication?
Finding (good) references
Correct referencing
Writing your own paper
Reviewing papers
*parts of this slide set are based on material provided by Guido Rößling
Basically a message With scientific background
Offer a new insight of a scientific problem
(solution)
OR a survey of a research field
The message is a claim That needs to be evaluated
AND validated
Leonardo Martucci - Telecooperation
What’s a scientific publication?
24
Books Survey (mostly) about a topic
Theses Doctoral dissertations and Master theses
Very focused scientific work and findings
Articles and Papers Articles appear in Journals
Papers in Conferences, Symposia, Workshops
New findings and concepts
Leonardo Martucci - Telecooperation
How does a publication looks like?
25
Standards and RFC Define the common ground
Thoroughly reviewed
Published by a standardization body
Technical Reports A focused scientific work
White papers published by vendors
Sometimes biased
Not reviewed
Leonardo Martucci - Telecooperation
How does a publication looks like?
26
Journal Articles Quality mostly depends on the Journal
Good Journal Good Article
Sometimes articles are outdated
Conferences and Symposia Quality is usually connected to the Conference
Good Conference Good Paper
The most recent research achievements
Workshops Mostly for work in progress
Good for discussing new ideas
Leonardo Martucci - Telecooperation
Articles and Papers
27
Standards relate to a given technology ITU-T standards
ITU is the UN agency for ICT standards
ITU-T defines standards for telecom
e.g. the X series
IEEE standards
Industrial standards, including ICT
e.g. IEEE 802 standard family
IETF
Internet related standards i.e. RFC
e.g. IP addressing scheme
TCP, TLS protocols, routing
Always pay attention on the RFC status
Leonardo Martucci - Telecooperation
Standards and RFC
28
Refer back to the original source of information For others to identify the foundations of your work
Giving credit, when credit is due
Not doing so is REALLY bad practice
aka plagiarism
Grundregeln der wissenschaftlichen Ethik am Fachbereich Informatik
Leonardo Martucci - Telecooperation
References and Referencing
29
Scientific publications Articles, papers, books
Standards RFC, ITU, IEEE, W3C etc.
+ All other non-scientific sources Surveys
Magazines
Reports
Can I reference Wikipedia?
or any other online material?
YES, but mind: not reliable (or stable) information sources
Leonardo Martucci - Telecooperation
What should I reference?
30
First, define the message Objective of your publication
define the area of research
Read the related work Define the work around your work
Finding out what has been done
Implement your idea Evaluate your idea
Validate your idea
Write your publication
Leonardo Martucci - Telecooperation
Writing a Scientific Publication
Survey the related work Evaluate differences
Identify trade-offs
31
Finding the message The most difficult part (!)
Also, the creative one
going beyond the state of the art
A message that needs science Scientific foundations + challenges
can be found in the related work
Leonardo Martucci - Telecooperation
Your Work, Your Message
!
32
Related Work? Where? For the initial literature ask a researcher in the field
it will give you a broad idea about the area
Check publication repositories
ACM Digital Lib http://portal.acm.org/portal.cfm
IEEE Xplore http://ieee.org/portal/site
Google Scholar http://scholar.google.com
Academic Search http://academic.research.microsoft.com/
Conference directories http://www.dblp.org/search/
Authors’ home pages
Other sources from the reference lists
REPEAT
Leonardo Martucci - Telecooperation
Related Work? Where? How?
33
Related Work ∞ Identify the relevant sources
Evaluating the importance of a publication
1. Read the abstract
2. Check the reference list
3. Read the conclusions
4. Read the rest
Related work will Compare your results against their results
Be used as input for a survey
Leonardo Martucci - Telecooperation
Related Work and Relevance
Good
Good
Good
Paper Read
Next Paper
No
Yes
Yes
Yes
34
A reference looks like this:
there are also other reference styles
Leonardo Martucci - Telecooperation
Referencing: doing it right
authors
title
how was it published (proceedings) publisher date page number
35
Complete entries using BibTeX DBLP, CiteSeerX, ACM Digital Library, etc.
In the text, you just need to use: \cite{MartucciKAP08}
Leonardo Martucci - Telecooperation
Referencing with BibTeX
@inproceedings{MartucciKAP08, author = {Leonardo A. Martucci and Markulf Kohlweiss and Christer Andersson and Andriy Panchenko}, title = {Self-certified Sybil-free pseudonyms}, booktitle = {WISEC}, year = {2008}, pages = {154-159}, ee = {http://doi.acm.org/10.1145/1352533.1352558}, crossref = {wisec/2008} } @proceedings{wisec/2008, editor = {Virgil D. Gligor and Jean-Pierre Hubaux and Radha Poovendran}, title = {Proceedings of the First ACM Conference on Wireless Network Security, WISEC 2008, Alexandria, VA, USA, March 31 - April 02, 2008}, booktitle = {WISEC}, publisher = {ACM}, year = {2008}, isbn = {978-1-59593-814-5} }
36
Always have a good paper structure Organize your ideas
Organize your papers
Define it BEFORE starting to add text
Plan the content of each section
Writing skills No one learns without doing it
General Guidelines:
Be concise
Be precise
Leonardo Martucci - Telecooperation
Structure is the Key!
38
Peer-reviews Peers review your work and verify its general quality
Evaluate the work before being published
Offer suggestions to improve the work (!)
How’s quality defined in a publication?* Novelty
Soundness
Evaluation + Validation
Completeness
Readability
Leonardo Martucci - Telecooperation
Peer-reviews
* it sometimes depends on the venue
40
What to write Positive and negative aspects of the work
Constructive criticism (if possible)
Offer suggestions to improve the paper
e.g. + literature
Suggest an overall evaluation of the work
It is NOT the reviewer’s work to correct the publication!
to point typos (unless if it is one or two)
Leonardo Martucci - Telecooperation
Writing a Review
41
Top Related