Clemens Kerer

Decentralized Event Correlation for Intrusion Detection

Evidence of attacks against a network and its resources is often scattered over several hosts. Intrusion detection systems (IDS) which attempt to detect such attacks therefore have to collect and correlate information from different sources. We propose a completely decentralized approach to solve the task of event correlation and information fusing of data gathered from multiple points within the network.Our system models an intrusion as a pattern of events that can occur at different hosts and consists of collaborating sensors deployed at various locations throughout the protected network installation.We present a specification language to define intrusions as distributed patterns and a mechanism to specify their simple building blocks. The peer-to-peer algorithm to detect these patterns and its prototype implementation, called Quicksand, are described. Problems and their solutions involved in the management of such a system are discussed.

Experiences in engineering flexible Web services

The life-cycle of a World Wide Web service includes analysis, design, implementation and maintenance stages. Our experiences in building and maintaining the annual Vienna International Festivals Web site have led us to create engineering tools that cover all these phases.

Layout, Content and Logic Separation in Web Engineering

The rapid development of flexible, layout independent web sites is an increasingly important problem. Flexibility, scalability and the ability to adapt to evolving layout requirements is a key success factor for many web sites. A fundamental way to meet these requirements is to strictly separate business logic from the layout and the content. The World Wide Web Consortiums XML and XSL standards aim at providing the separation between layout and content only. In this paper, we describe our ongoing work in separating the layout, the content and the logic of web sites and show how this separation is supported by the tool MyXML. The underlying concepts of our solution are a declarative description of the layout information, automatic generation of static and dynamic pages and support of interconnection to extended information sources such as databases.

A secure execution framework for Java

The Java platform facilitates to dynamically load and execute code from remote sources which can threaten the security and integrity of a system and the privacy of its users. To address these problems, Java includes a security architecture which is based on a closed policy model. Although this model is su cient to specify arbitrary policies, it easily may become cumbersome to use and is not well-suited for administering a consistent security policy for a complete network. The Java Secure Execution Framework (JSEF) overcomes these drawbacks: it introduces higher-level abstractions which enhance the expressiveness of policy rules; it simpli es the maintenance of security con gurations; and it provides additional functionality and tools to make administration less error-prone. In JSEF we propose a hybrid policy model which supports additive and subtractive permissions with a denial-take-precedence rule to resolve conicts. Security pro les can be expressed in terms of hierarchical groups where a subgroup inherits the policy de ned by its parent. All members of a group share the same set of permissions and users can be members of an arbitrary number of groups. JSEFs administrative model supports the de nition of a network-wide policy which users can tailor to their needs but not break. At runtime JSEF enforces the de ned security policy and supports security negotiation in case of insu cient permissions. A set of graphical tools supports the user in de ning security policies and con guring JSEF.

ShareMe: running a distributed systems lab for 600 students with three faculty members

The goal of the distributed systems (DS) laboratory is to provide an attractive environment in which students learn about network programming and apply some fundamental concepts of distributed systems. In the last two years, students had to implement a fully functional peer-to-peer file sharing system called ShareMe. This paper presents the approach the authors used to provide the best possible support and guidance for the students while keeping up with ever-rising participant numbers in the laboratory course (approximately 600 last year), as well as managing budget and personnel constraints. The learning environment is based on Web and Internet technologies and not only offers the description of the laboratory tasks but also covers electronic submission, a discussion forum, automatic grading, and online access to grading and test results. The authors report their experiences of using the automated grading system, the amount of work required to prepare and run the laboratory, and how they deal with students who submit plagiarized solutions. Furthermore, the results of student feedback and evaluation forms are presented, and the overall student course satisfaction is discussed. Detailed information about the DS laboratory is available at http://www.dslab.tuwien.ac.at.

A generic content-management tool for Web databases

WebCUS uses XML and XSL to generate Web-based update interfaces with integrated access control mechanisms for arbitrary database schemas. WebCUSs adaptability allowed us to reduce development time and costs in building update interfaces for managing the content databases of the 2002 Vienna International Festival (VIF) and the Austrian Academy of Sciences (AAS) Web sites. We examine the WebCUS architecture and describe our experiences deploying the system with the VEF and AAS sites.

Supporting multi-device enabled Web services: challenges and open problems

Service providers face a number of challenges when providing services to users accessing the World Wide Web from hand-held devices. Among these challenges are the small display sixes, the low bandwidth, input limitations and the mobility of these devices. Web service providers need to be aware of these limitations in order to meet the exact needs of mobile clients. In this paper, we claim that new methodologies and development tools are needed in order to support the development and management of multi-device-enabled Web services. We discuss challenges and open problems faced by Web developers in adapting services to support mobile access. We share experiences we gained in extending the annual Vienna International Festival Web site to provide WAP services.

Building and managing XML/XSL-powered Web sites: an experience report

The World Wide Web Consortiums eXtensible Markup Language (XML) and the eXtensible Stylesheet Language (XSL) are standards defined in the interest of multipurpose publishing and content reuse. XML and XSL have been gaining popularity rapidly both in industry and in academia. Although much has been written on XML/XSL-based solutions, there exists a gap between theory and practice. In this paper we report our experiences in deploying XML/XSL in the implementation of two industry Web sites and summarize nine lessons we drew from our experiences.

XGuide - A Practical Guide to XML-Based Web Engineering

Various approaches have been proposed in the field of Web engineering that attempt to exploit the advantages of XML/XSL technologies. Although a strict separation of presentation and content achieved through XML/XSL has many advantages, a considerable effort is involved in using these technologies to develop Web sites. The lack of experience in XML/XSL can be a major cause for the extra effort. In several XML/XSL-based Web projects, we felt the need for a methodology that systematically guides the developer in the field through the development process, while taking into account the limitations and strengths of XML. In this paper, we present XGuide, a practical guide for XML-based Web Engineering that focuses on parallel development. XGuide is a methodology for XML/XSL-based Web development that is tool-independent and hence, can be used with a broad range of development tools. We are currently using the XGuide approach in several Web projects.

DIWE: a framework for constructing device-independent web applications

Recent developments in mobile computing software and hardware have highlighted the importance of device-independent access to Web content. This paper introduces a novel conceptual framework for constructing device-independent Web applications. The Device-Independent Web Engineering (DIWE) framework is composed of an XML-based Web language that is used to separate the layout, content and application logic and to model the Web applications and four run-time processors that provide device-independence support during application execution.