Search

Your search keyword '"Freiling, Felix"' showing total 155 results
Start Over Author "Freiling, Felix" Language english
155 results on '"Freiling, Felix"'

24. As if Time Had Stopped -- Checking Memory Dumps for Quasi-Instantaneous Consistency

Author

Ottmann, Jenny, Cengiz, Üsame, Breitinger, Frank, and Freiling, Felix

Subjects
Computer Science - Cryptography and Security, Computer Science - Programming Languages
Abstract

Memory dumps that are acquired while the system is running often contain inconsistencies like page smearing which hamper the analysis. One possibility to avoid inconsistencies is to pause the system during the acquisition and take an instantaneous memory dump. While this is possible for virtual machines, most systems cannot be frozen and thus the ideal dump can only be quasi-instantaneous, i.e., consistent despite the system running. In this article, we introduce a method allowing us to measure quasi-instantaneous consistency and show both, theoretically, and practically, that our method is valid but that in reality, dumps can be but usually are not quasi-instantaneously consistent. For the assessment, we run a pivot program enabling the evaluation of quasi-instantaneous consistency for its heap and allowing us to pinpoint where exactly inconsistencies occurred., Comment: In: Proceedings of the Digital Forensics Research Conference USA (DFRWS USA). 2023

Published
2023

25. An Experimental Assessment of Inconsistencies in Memory Forensics.

Author

Ottmann, Jenny, Breitinger, Frank, and Freiling, Felix

Subjects
LINUX operating systems, ELECTRONIC evidence, DATA encryption, MALWARE, VIRTUAL machine systems
Abstract

Memory forensics is concerned with the acquisition and analysis of copies of volatile memory (memory dumps). Based on an empirical assessment of observable inconsistencies in 360 memory dumps of a running Linux system, we confirm a state of overwhelming inconsistency in memory forensics: almost a third of these dumps had an empty process list and was therefore obviously incomplete. Out of those dumps that were analyzable, almost every second dump showed some form of inconsistency that potentially impacts the interpretation of the dump in a forensic investigation. These results are based on a new way to estimate the level of causal consistency of a memory dump. The factors influencing these inconsistencies are less clear but in general correlate with the level of concurrency (system load and number of threads). [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

27. Stark : Tamperproof Authentication to Resist Keylogging

Author

Müller, Tilo, Spath, Hans, Mäckl, Richard, Freiling, Felix C., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and Sadeghi, Ahmad-Reza, editor

Published
2013
Full Text
View/download PDF

28. TreVisor : OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks

Author

Müller, Tilo, Taubmann, Benjamin, Freiling, Felix C., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Bao, Feng, editor, Samarati, Pierangela, editor, and Zhou, Jianying, editor

Published
2012
Full Text
View/download PDF

29. LAVA: Log Authentication and Verification Algorithm.

Author

Bajramovic, Edita, Fein, Christofer, Frinken, Marius, Rösler, Paul, and Freiling, Felix

Subjects
LAVA, ALGORITHMS, ELECTRONIC evidence, COMPUTER systems, PYTHON programming language
Abstract

Log files provide essential information regarding the actions of processes in critical computer systems. If an attacker modifies log entries, then critical digital evidence is lost. Therefore, many algorithms for secure logging have been devised, each achieving different security goals under different assumptions. We analyze these algorithms and identify their essential security features. Within a common system and attacker model, we integrate these algorithms into a single (parameterizable) "meta" algorithm called LAVA that possesses the union of the security features and can be parameterized to yield the security features of former algorithms. We present a security and efficiency analysis and provide a Python module that can be used to provide secure logging for forensics and incident response. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

30. A Functional Classification of Forensic Access to Storage and its Legal Implications.

Author

Hammer, Andreas, Ohlig, Mathis, Geus, Julian, and Freiling, Felix

Subjects
CLOUD storage, FORENSIC sciences, EXPERT evidence, ELECTRONIC evidence, CLASSIFICATION, CLOUD computing
Abstract

Due to their ease of use and their reliability, managed storage services in the cloud have become a standard way to store files for many users. Consequently, data from cloud storage services and remote file systems in general is an increasingly valuable source of digital evidence in forensic investigations. In this respect, two questions appear relevant: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition? The two questions refer to critical aspects of forensic evidence collection, namely, in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. We formalize the above questions and use this formalization to classify common storage services. We argue that this classification has direct consequences with regard to the probative value of data acquired from them. We, therefore, discuss the legal implications of this classification with regard to probative value so that IT expert witnesses can adapt their procedures during evidence acquisition and legal practitioners know how to assess such procedures and the evidence obtained through them from cloud storage services. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

32. Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing

Author

Ottmann, Jenny, Breitinger, Frank, and Freiling, Felix

Subjects
storage acquisition, instantaneous snapshot, correctness, integrity
Abstract

The acquisition of data from main memory or from hard disk storage is usually one of the first steps in a forensic investigation. We revisit the discussion on quality criteria for “forensically sound” acquisition of such storage and propose a new way to capture the intent to acquire an instantaneous snapshot from a single target system. The idea of our definition is to allow a certain flexibility into when individual portions of memory are acquired, but at the same time require being consistent with causality (i.e., cause/effect relations). Our concept is much stronger than the original notion of atomicity defined by Vömel and Freiling (2012) but still attainable using copy-on-write mechanisms. As a minor result, we also fix a conceptual problem within the original definition of integrity.

Published
2022

34. Proceedings of the 2022 Joint Workshop of the German Research Training Groups in Computer Science

Author

Freiling, Felix, Seidl, Helmut, and 2022 Joint Workshop Of The German Research Training Groups In Computer Science June 12–June 15, 2022

Subjects
ddc:000, 000 Informatik, Informationswissenschaft, allgemeine Werke
Abstract

Having spent two successive years running online to prevent the spread of the Corona virus, the traditional annual meeting of the German Research Training Groups (RTGs) funded by the Deutsche Forschungsgemeinschaft (DFG) in the field of computer science returns to Schloss Dagstuhl --– Leibniz Center for Informatics, one of the world's premier venues for computer science-related seminars. Returning to Dagstuhl and hosting this meeting as an in-person-only event was a deliberate decision to revive interaction modes that many of the funded researchers had yet to experience: fostering personal interchange of ideas and experiences in order to strengthen the connection within the German computer science community. This volume documents the abstracts of the research topics of funded researchers in the participating RTGs. The event was jointly organized by RTG 2475 (Cybercrime and Forensic Computing) and RTG 2428 (ConVeY --- Continuous Verification of Cyber-Physical Systems). It took place between Sunday, June 12 and Wednesday, June 15, 2022, as in-person only Dagstuhl Event 22243. The meeting featured the usual sequence of research presentations by funded researchers, networking meetings for PIs and RTG coordinators, as well as two invited talks, one by Professor Martina Seidl (JKU Linz, Austria) on ``Competitions as Scientific Method'' and another by Professor Jennifer Byrne (School of Medical Sciences, The University of Sydney, Australia) titled ``An introduction to research paper mills''. Because last year's event marked the 25th anniversary of the workshop series, it featured a live interview with Professor Otto Spaniol who had initiated the workshop series in 1996. We document the interview in this volume.

Published
2022
Full Text
View/download PDF

35. Invasives Rechnen

Author

Anantharajaiah, Nidhi, Asfour, Tamim, Bader, Michael, Bauer, Lars, Becker, Jürgen, Bischof, Simon, Brand, Marcel, Bungartz, Hans-Joachim, Eichler, Christian, Esper, Khalil, Falk, Joachim, Fasfous, Nael, Freiling, Felix, Fried, Andreas, Gerndt, Michael, Glaß, Michael, Gonzalez, Jeferson, Hannig, Frank, Heidorn, Christian, Henkel, Jörg, Herkersdorf, Andreas, Herzog, Benedict, John, Jophin, Hönig, Timo, Hundhausen, Felix, Khdr, Heba, Langer, Tobias, Lenke, Oliver, Lesniak, Fabian, Lindermayr, Alexander, Listl, Alexandra, Maier, Sebastian, Megow, Nicole, Mettler, Marcel, Müller-Gritschneder, Daniel, Nassar, Hassan, Paus, Fabian, Pöppl, Alexander, Pourmohseni, Behnaz, Rabenstein, Jonas, Raffeck, Phillip, Rapp, Martin, Rivas, Santiago Narváez, Sagi, Mark, Schirrmacher, Franziska, Schlichtmann, Ulf, Schmaus, Florian, Schröder-Preikschat, Wolfgang, Schwarzer, Tobias, Sikal, Mohammed Bakr, Simon, Bertrand, Snelting, Gregor, Spieck, Jan, Srivatsa, Akshay, Stechele, Walter, Teich, Jürgen, Turan, Furkan, Ureña, Isaías A. Comprés, Verbauwhede, Ingrid, Walter, Dominik, Wild, Thomas, Wildermann, Stefan, Wille, Mario, Witterauf, Michael, and Zhang, Li

Subjects
Chip-Multiprozessor, Speicherhierarchie, System-on-Chip, 003 Systeme, Parallelverarbeitung, Ressourcenverwaltung, Ablaufplanung, ddc:003, Hardwarebeschleunigung, ddc:004, Dienstgüte, Network-on-Chip, 004 Datenverarbeitung, Informatik, Parallelprogrammierung
Abstract

Invasive computing is a paradigm for designing and programming future parallel computing systems. For systems with 1,000 or more cores on a chip, resource-aware programming is of utmost importance to obtain high utilisation as well as computational, energy and power efficiency. Invasive computing provides a programmer explicit handles to specify and argue about resource requirements desired or required in different phases of execution: In an invade phase, an application asks the operating system to allocate a set of processor, memory and communication resources to be claimed. In a subsequent infect phase, the parallel workload is spread and executed on the obtained claim of resources. Finally, if the degree of parallelism should be lower again, a retreat operation frees the claim again, and the application resumes a sequential execution. To support this idea of self-adaptive and resource-aware programming, not only new programming concepts, languages, compilers, and operating systems were needed to be developed, but also revolutionary architectural changes in the design of MPSoCs (multiprocessor systems-on-a-chip) to efficiently support invasion, infection, and retreat operations. This book gives a comprehensive overview of all aspects of invasive computing., Invasives Rechnen ist ein Paradigma für den Entwurf und die Programmierung zukünftiger paralleler Rechensysteme. Für Systeme mit 1.000 oder mehr Kernen auf einem Chip ist eine ressourcengewahre Programmierung von größter Bedeutung, um eine hohe Auslastung sowie Rechen-, Energie- und Leistungseffizienz zu erreichen. Invasives Rechnen bietet dem Programmierer bzw. der Programmiererin explizite Möglichkeiten, die in verschiedenen Phasen der Ausführung gewünschten oder erforderlichen Ressourcenanforderungen zu spezifizieren: In einer Invasionsphase fordert eine Anwendung vom Betriebssystem eine Reihe gewünschter Prozessor-, Speicher- und Kommunikationsressourcen an. In einer anschließenden Infektionsphase wird die parallele Arbeitslast auf die bereitgestellten Ressourcen verteilt und ausgeführt. Nimmt der Grad der Parallelität während der Programmausführung ab, können die allozierten Ressourcen durch eine Rückzugsoperation wieder freigegeben werden, und die Anwendung wird wieder sequenziell ausgeführt. Um diese Idee der selbstadaptiven und ressourcengewahren Programmierung zu realisieren, mussten nicht nur neue Programmierkonzepte, Sprachen, Compiler und Betriebssysteme entwickelt werden, sondern auch revolutionäre architektonische Änderungen im Entwurf von MPSoCs (Multiprozessorsystemen auf einem Chip), um Invasions-, Infektions- und Rückzugsoperationen effizient zu unterstützen. Dieses Buch gibt einen umfassenden Überblick über alle Aspekte des invasiven Rechnens.

Published
2022

36. 5.-8. April 2022

Author

Gruber, Jan and Freiling, Felix C.

Subjects
Malware Analysis||Sandboxing||Virtual Machine Introspection||Reverse Turing Test
Abstract

Sandboxes are an indispensable tool in dynamic malware analysis today. However, modern malware often employs sandbox-detection methods to exhibit non-malicious behavior within sandboxes and therefore evade automatic analysis. One category of sandbox-detection techniques are reverse Turing tests (RTTs) to determine the presence of a human operator. In order to pass these RTTs, we propose a novel approach which builds upon virtual machine introspection (VMI) to automatically reconstruct the graphical user interface, determine clickable buttons and inject human interface device events via direct control of virtualized human interface devices in a stealthy way. We extend the VMI-based open-source sandbox DRAKVUF with our approach and show that it successfully passes RTTs commonly employed by malware in the wild to detect sandboxes

Published
2022
Full Text
View/download PDF

37. A Comparison of Cloud Storage Technologies as Sources of Digital Evidence

Author

Büter, Regine, Engst, German, Esser, Kai, Freiling, Felix, Friedrich, Kay, Friedrich, Tim, Hammer, Andreas, Heine, Lukas, Heinlein, Lukas, Korn, Oliver, Minuth, Christian, Müller, Manuel, Müller, Nico, Reithmeier, Juliane, Ripley, Nora, Schulze, Matti, Sievers, Merlin, Srikhaolan, Charinee, and Zenk, Johan

Subjects
ddc:004, 004 Datenverarbeitung, Informatik
Abstract

Due to their ease of use and their reliability, managed storage services "in the cloud" have become a standard way to store personal files for many users. In fact, many apps on mobile devices use local storage on the client merely as a cache for data that is fully stored on a remote server. Consequently, data from cloud storage services is an increasingly valuable source of digital evidence in forensic investigations. This document presents the results of a student project that was performed at Friedrich-Alexander-Universität Erlangen-Nürnberg in the winter term 2021/22. Six groups of students analyzed the most relevant network storage technologies (Samba, Nextcloud, Dropbox, Google Drive, OneDrive, iCloud) regarding two questions: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition in any way? The two questions refer to critical aspects of forensic evidence collection, namely in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. In the concluding discussion we compare the different technologies and develop a taxonomy of storage services that can be used to assess other cloud storage services with regarding the evidental value of data acquired from them., Technical reports / Department Informatik; CS-2022-01

Published
2022

40. LAVA: Log Authentication and Verification Algorithm

Author

Bajramovic, Edita, Frinken, Marius, and Freiling, Felix

Subjects
Department Informatik, ddc:004, 004 Datenverarbeitung, Informatik
Abstract

Log files provide essential information regarding the actions of processes in critical computer systems. If an attacker modifies log entries, critical digital evidence is lost. Therefore, many algorithms for secure logging have been devised, each achieving different security goals under different assumptions. We analyze these algorithms and identify their essential security features. Within a common system and attacker model, we integrate these algorithms into a single (parameterizable) “meta” algorithm called LAVA that possesses the union of the security features and can be parameterized to yield the set of former algorithms (and many more). Apart from giving insight into general structures of secure logging protocols, we present an abstract efficiency analysis and practical performance measurements of LAVA showing its usefulness., Technical reports / Department Informatik, CS-2019-01

Published
2019

41. Unified Representation of Log Files for Correlation and Visualization

Author

Frinken, Marius, Bajramovic, Edita, and Freiling, Felix

Subjects
Department Informatik, ddc:004, 004 Datenverarbeitung, Informatik
Abstract

The analysis of various log files is an integral part of digital forensic investigations. Despite their different file formats and due to their common purpose, log files generally contain similar structures. Based on the analysis of three common log file types (syslog, windows event log and SQLite browser histories), we present a simple yet precise unified representation of log files that allows to analyze such files independently of their format. We exemplify the usefulness of our representation using two case studies: Firstly, we show how our representation allows to express consistency criteria used for the identification of (ab)normal events in first-order logic. Secondly, we show how—based on this unified representation—visualization of log files can be used to find evidence or to test hypotheses. For showing the latter, we have implemented a simple log file visualization tool (SLogViz) and apply it to identify evidence of a system time manipulation., Technical reports / Department Informatik, CS-2019-02

Published
2019
Full Text
View/download PDF

45. DiOS: Dynamic Privacy Analysis of iOS Applications

Author

Kurtz, Andreas, Weinlein, Andreas, Settgast, Christoph, and Freiling, Felix

Subjects
Privatsphäre, iOS, Dynamische Analyse, ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION, GeneralLiterature_INTRODUCTORYANDSURVEY, Apps, Department Informatik, ddc:004
Abstract

We present DiOS, a practical system to perform automated dynamic privacy analysis of iOS apps. DiOS provides a highly scalable and fully automated solution to schedule apps from the official Apple App Store for privacy analysis to iOS devices. While apps are automatically executed, user interaction is simulated using random and smart execution strategies, and sensitive API calls as well as network connections are tracked. We evaluated the system on 1,136 of the most popular free apps from the iOS App Store and found out that almost 20% of all investigated apps are tracking users' locations on every app start, one third of all accesses to users' address books are attributed to apps from the social network category and almost half of all apps are tracking users' app usage behavior by incorporating tracking and advertising libraries.

Published
2014

46. From Computer Forensics to Forensic Computing: Investigators Investigate, Scientists Associate

Author

Dewald, Andreas and Freiling, Felix C.

Subjects
Digital Forensics, Computer Forensics, IT-Forensics, ddc:000, ComputingMilieux_COMPUTERSANDSOCIETY, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Department Informatik
Abstract

This paper draws a comparison of fundamental theories in traditional forensic science and the state of the art in current computer forensics, thereby identifying a certain disproportion between the perception of central aspects in common theory and the digital forensics reality. We propose a separation of what is currently demanded of practitioners in digital forensics into a rigorous scientific part on the one hand, and a more general methodology of searching and seizing digital evidence and conducting digital investigations on the other. We thereby mark out the route for computer forensics to turn into a true forensic science. To illustrate the feasibility of the proposed path, we supply a couple of practical examples, as well as a list of exemplary questions that should be answered by digital forensic scientists.

Published
2014

49. Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots

Author

Kurtz, Andreas, Freiling, Felix, and Metz, Daniel

Subjects
Sicherheit, Passwort, Benutzerfreundlichkeit, Smartphone, ddc:004, Drahtloses lokales Netz, Technische Fakultät -ohne weitere Spezifikation
Abstract

Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak. The same usability/security trade-off arises in scenarios where passwords are generated by machines but exchanged by humans, as is the case in pre-shared key (PSK) authentication. We investigate this trade-off by analyzing the PSK authentication method used by Apple iOS to set up a secure WPA2 connection when using an iPhone as a Wi-Fi mobile hotspot. We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1.842 entries are taken into consideration. In addition, the process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds. Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios.

Published
2013

50. Hardware-Based Trusted Computing Architectures for Isolation and Attestation.

Author

Maene, Pieter, Gotzfried, Johannes, de Clercq, Ruan, Muller, Tilo, Freiling, Felix, and Verbauwhede, Ingrid

Subjects
COMPUTER architecture, INTERNET of things, EMBEDDED computer systems, COMPUTER input-output equipment, MALWARE, INDUSTRIAL controls manufacturing
Abstract

Attackers target many different types of computer systems in use today, exploiting software vulnerabilities to take over the device and make it act maliciously. Reports of numerous attacks have been published, against the constrained embedded devices of the Internet of Things, mobile devices like smartphones and tablets, high-performance desktop and server environments, as well as complex industrial control systems. Trusted computing architectures give users and remote parties like software vendors guarantees about the behaviour of the software they run, protecting them against software-level attackers. This paper defines the security properties offered by them, and presents detailed descriptions of twelve hardware-based attestation and isolation architectures from academia and industry. We compare all twelve designs with respect to the security properties and architectural features they offer. The presented architectures have been designed for a wide range of devices, supporting different security properties. [ABSTRACT FROM PUBLISHER]

Published
2018
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results