Ulrich Ultes-Nitsche

Non-signature based virus detection

A non-signature-based virus detection approach using Self-Organizing Maps (SOMs) is presented in this paper. Unlike classical virus detection techniques using virus signatures, this SOM-based approach can detect virus-infected files without any prior knowledge of virus signatures. Exploiting the fact that virus code is inserted into a complete file which was built using a certain compiler, an untrained SOM can be trained in one go with a single virus-infected file and will then present an area of high density data, identifying the virus code through SOM projection. The virus detection approach presented in this paper has been tested on 790 different virus-infected files, including polymorphic and encrypted viruses. It detects viruses without any prior knowledge – e.g. without knowledge of virus signatures or similar features – and is therefore assumed to be highly applicable to the detection of new, unknown viruses. This non-signature-based virus detection approach was capable of detecting 84% of the virus-infected files in the sample set which included, as already mentioned, polymorphic and encrypted viruses. The false positive rate was 30%. The combination of the classical virus detection technique for known viruses and this SOM-based technique for unknown viruses can help systems be even more secure.

Strong mutual authentication in a user-friendly way in EAP-TLS

EAP-TLS is one of the best authentication schemes in wireless networks. To make it one of the most secure ones, a client has to authenticate itself using certificates, which allow to authenticate client and server mutually. But as certificates are widespread in a business environment but only less used by private users, mutual authentication in EAP-TLS for public hot-spots is not suitable. Therefore several solutions emerged, which on the one hand disclaim EAP completely, or on the other hand establish secure server authenticated EAP-TLS tunnels and use other EAP protocols inside this tunnel to authenticate the client. However, apart from reducing the level of security, these solutions usually do not provide automated login procedures and/or are not suitable for small devices. We propose a way to make EAP-TLS with mutual authentication more comfortable even for private users. To do so, we propose to use Trusted Platform Modules with their integrated certificate infrastructure. This leads to an authentication scheme, which can be used on full computers as well as on embedded devices. Furthermore, it will provide the possibility for automated login and real anonymity support.

Improved verification of linear‐time properties within fairness: weakly continuation‐closed behaviour abstractions computed from trace reductions

The satisfaction of linear‐time temporal properties within fairness introduces an implicit fairness constraint to the verification process. To be applied to practical verification tasks, weakly continuation‐closed abstractions preserve properties satisfied within fairness. Being defined on the complete behaviour of a distributed system, weakly continuation‐closed abstractions require, in principle, an exhaustive state space construction prior to abstraction. Constructing the state space of a practically relevant specification exhaustively, however, is usually not feasible.

Towards a zero configuration authentication scheme for 802.11 based networks

Compared to many 802.11 based networks, GSM has an significant advantage. In contrast to 802.11, GSM provides a standardized authentication scheme, which requires no configuration on the end userpsilas side, but still allows international roaming. GSM does this by using a trusted module within each client: a subscriber identification module.In contrast to the comparable heavy GSM standard, the early 802.11 standards focused on data transmission within small local area networks, therefore omitting a secure and simple to use authentication mechanism. This caused several different and partly incompatible authentication schemes to evolve, ranging from simple password based login pages to certificate based mutual authentication protocols. While these protocols can provide state of the art secure authentication they are, from a users point of view, almost unacceptable complex, especially if used in an ad-hoc manner outside an corporate environment. Trusted platform modules, as part of any modern computer, can reduce the users overhead to establish a secure 802.11 based connection dramatically by providing secure, potentially anonymous identities. As shown in this paper this approach can be further extended by using an modified TLS handshake, allowing an automated, on-the-fly retrieval of required credentials. Together with the trusted platform modules, this extension can provide a full fledged zero configuration authentication for 802.11 networks.

Identification of Chordless Cycles in Ecological Networks

In the last few years the studies on complex networks have gained extensive research interests. Significant impacts are made by these studies on a wide range of different areas including social networks, technology networks, biological networks and others. Motivated by understanding the structure of ecological networks we introduce in this paper a new algorithm for enumerating all chordless cycles. The proposed algorithm is a recursive one based on the depth-first search.

Improving network reliability by avoiding misconfiguration

One source of network operation interruption is the human factor. In this paper, we discuss how network management systems can help to avoid mistakes in configuration. While ensuring correct syntax of configuration data is nothing novel, testing its semantics has become a challenge to network management. We illustrate possible solutions with the verified network configuration (Verinec) project. A central XML database is used to model the network and device configuration. All configuration is tested before the setup of the real devices is modified.

A power-set construction for reducing Büchi automata to non-determinism degree two

Buchi automata are finite automata that accept languages of infinitely long strings, so-called @w-languages. It is well known that, unlike in the finite-string case, deterministic and non-deterministic Buchi automata accept different @w-language classes, i.e., that determination of a non-deterministic Buchi automaton using the classical power-set construction will yield in general a deterministic Buchi automaton which accepts a superset of the @w-language accepted by the given non-deterministic automaton. In this paper, a power-set construction to a given Buchi automaton is presented, which reduces the degree of non-determinism of the automaton to at most two, meaning that to each state and input symbol, there exist at most two distinct successor states. The constructed Buchi automaton of non-determinism degree two and the given Buchi automaton of arbitrary non-determinism degree will accept the same @w-language.

cPLC — A cryptographic programming language and compiler

Cryptographic two-party protocols are used ubiquitously in everyday life. While some of these protocols are easy to understand and implement (e.g., key exchange or transmission of encrypted data), many of them are much more complex (e.g., e-banking and e-voting applications, or anonymous authentication and credential systems). For a software engineer without appropriate cryptographic skills the implementation of such protocols is often difficult, time consuming and error-prone. For this reason, a number of compilers supporting programmers have been published in recent years. However, they are either designed for very specific cryptographic primitives (e.g., zero-knowledge proofs of knowledge), or they only offer a very low level of abstraction and thus again demand substantial mathematical and cryptographic skills from the programmer. Finally, some of the existing compilers do not produce executable code, but only metacode which has to be instantiated with mathematical libraries, encryption routines, etc. before it can actually be used. In this paper we present a cryptographically aware compiler which is equally useful to cryptographers who want to benchmark protocols designed on paper, and to programmers who want to implement complex security sensitive protocols without having to understand all subtleties. Our tool offers a high level of abstraction and outputs well-structured and documented Java code. We believe that our compiler can contribute to shortening the development cycles of cryptographic applications and to reducing their error-proneness.

Assessment of Code Quality through Classification of Unit Tests in VeriNeC

Unit testing is a tool for assessing code quality. Unit tests check the correctness of code fragments like methods, loops and conditional statements. Usually, every code fragment is involved in different tests. We propose a classification of tests, depending on the tested features, which delivers a higher detailed feedback than unclassified tests. Unclassified tests only deliver a feedback whether they failed or succeeded. The detailed feedback from the classified tests help to do a better code quality assessment and can be incorporated in tools helping to improve code quality. We demonstrate the power of this approach doing unit tests on network configuration.

Introduction to the special issue on Verification and Computational Logic

The past decade has seen dramatic growth in the application of model checking techniques to the validation and verification of correctness properties of hardware, and more recently software systems. Recently, there has been increasing interest in applying logic programming techniques to model checking in particular and verification in general. For example, table-based logic programming can be used as an efficient means of performing explicit model checking. Other research has successfully exploited set-based logic program analysis, constraint logic programming, and logic program transformation techniques to verify systems.