See also my presentations & teaching.
by Alexander Becher, Zinaida Benenson, Maximillian Dornseif, will be published in Proceedings of SPC 2006, Lecture Notes in Computer Science 3934, York, 2006.
Download: PDF
by: Alexander Becher, Zinaida Benenson and Maximillian Dornseif,
published in Jana Dittman (Hrsg.), Proceedings of Sicherheit 2006
by Gesellschaft für Informatik, pp 26-30, Bonn, 2006,
ISBN 3-88579-171-4, Lecture Notes in Informatics, ISSN 1617-5468.
Download: PDF
by: Maximillian Dornseif,
will be published in Procceedings of the DFK-Workshop,
"Internet-Devianz", Bonn, Febuary 2005.
by: Alexander Becher, Zinaida Benenson and Maximillian Dornseif,
published in
Aachener Informatik Berichte, ISSN 0935–3232, AIB-2005-21, Aachen,
October 2005.
Download: PDF
by: Michael Becher and Maximillian Dornseif,
published in MISC-Magazine, Paris, October 2005.
by: Maximillian Dornseif,
published in MISC-Magazine, Paris, October 2005.
by: Maximillian Dornseif and Thorsten Holz and Sven Müller,
published in the proceedings of the 19. DFN Tagung über
Kommunikationsnetze, pp. 235-252, Bonn 2005,
Lecture Notes in Informatics, ISSN 1617-5468.
by: Maximillian Dornseif, Felix C. Gaertner, Martin Mink, Lexi
Pimenidis,
published in proceedings of the WISE04 conference, Moscow 2005.
Download: PDF
by: Maximillian Dornseif, Felix C. Gärtner,
Thorsten Holz und Martin Mink,
published as TechReport AIB-2005-02, Aachen, Febuary 2005.
There is a general consensus that courses on data security at university degree level should be research-oriented and teach fundamentals of the field, i.e., items of long-term knowledge in contrast to technology-oriented system knowledge. Unfortunately, this consensus often results in courses that are either too theoretical or are outdated with respect to current developments in security technology. To understand the importance of information security, students should have the possibility to gain practical experience how security systems fail, using offensive techniques.
In this article, we give an overview over a three-week intensive course on applied computer security we held at RWTH Aachen university. It brought together students from various countries and with different previous knowledge. We describe in detail the course outline, course contents and the lessons learned
Download: PDF
by: Maximillian Dornseif, Felix C. Gärtner and Thorsten Holz,
published in "PIK - Praxis der Informationsverarbeitung und Kommunikation",
ISSN 0930-5157, Number 27, Volume 4, pages 195-201.
Download: PDF.
by: Maximillian Dornseif, Thorsten Holz, Juliane Mattes, Ingo
Weisemöller,
published in Procceedings of the 4th International
System Administration and Network Engineering Conference "SANE
2004", pp 285-286, Amsterdam 2004.
Download: Poster.
by: Maximillian Dornseif, Thorsten Holz, Christian Klein
published in the proccedings of the
5th
Annual IEEE Information Assurance Workshop,
Westpoint, 10.-11. June 2004
ISBN 0-7803-8572-1
Honeynets are usually assumed to be hard to detect and attempts to detect or disable them can be un- conditionally monitored. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place. We also discuss solutions for the weaknesses found in the logging mechanisms.
"NoSEBrEaK - Attacking Honeynets" won the best paper award at the 5th Annual IEEE Information Assurance Workshop. So now we have a certificate with the logos of all kinds of government organisations including the NSA to stick to our office wall.
Download: PDF, archived at the arXiv as cs.CR/0406052.
by: Maximillian Dornseif, Sascha May
was presented at
The Third Annual
Workshop on Economics and Information Security (WEIS04),
Mineapolis 2004.
For many IT-security measures exact costs and benefits are not known. This makes it difficult to allocate resources optimally to different security measures. We present a model for costs and benefits of so called Honeynets. This can foster informed reasoning about the deployment of honeynet technology.
See also presentation on the subject.
Download: PDF, archived at the arXiv as cs.CR/0406057.
by: Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz
published in Ulrich Flegel and Michael Meier (Eds.), Procceedings of the
Detection
of Intrusions and Malware & Vulnerability Assessment (DIMVA
2004) Workshop, ISBN 3-88579-375-X, pp 129-141,
Lecture Notes in Informatics, ISSN 1617-5468.
Electronic bait (honeypots) are network resources whose value consists of being attacked and compromised. These are often computers which do not have a task in the network, but are otherwise indestinguishable from regular computers. Such bait systems could be interconnected (honeynets). These honeynets are equipped with special software, facilitating forensic anylisis of incidents. Taking average of the wide variety of recorded data it is possible to learn considerable more about the behaviour of attackers in networks than with traditional methods. This article is an introduction into electronic bait and a description of the setup and first experiences of such a network deployed at RWTH Aachen University.
Als elektronische Köder (honeypots) bezeichnet man Netzwerkressourcen, deren Wert darin besteht, angegriffen und kompromittiert zu werden. Oft sind dies Computer, die keine spezielle Aufgabe im Netzwerk haben, aber ansonsten nicht von regulären Rechnern zu unterscheiden sind. Köder können zu Köder-Netzwerken (honeynets) zusammengeschlossen werden. Sie sind mit spezieller Software ausgestattet, die die Forensik einer eingetretenen Schutzzielverletzung erleichtert. Durch die Vielfalt an mitgeschnittenen Daten kann man deutlich mehr über das Verhalten von Angreifern in Netzwerken lernen als mit herkömmlichen forensischen Methoden. Dieser Beitrag stellt die Philosophie der Köder-Netzwerke vor und beschreibt die ersten Erfahrungen, die mit einem solchen Netzwerk an der RWTH Aachen gemacht wurden.
Download: PDF, archived at the arXiv as cs.CR/0406059".
by: Maximillian Dornseif
,
in: Jan von Knop, Wilhelm Haverkamp,
Eike Jessen (Editors)
Security, E-Learning,
E-Services: Proceedings of the
17. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf 2003,
ISBN 3-88579-373-3
Pages 617-648
,
Lecture Notes in Informatics, ISSN 1617-5468.
Blocking of foreign Web content by Internet access providers has been a hot topic for the last 18 months in Germany. Since fall 2001 the state of North-Rhine-Westphalia very actively tries to mandate such blocking. This paper will take a technical view on the problems imposed by the blocking orders and blocking content at access or network provider level in general. It will also give some empirical data on the effects of the blocking orders to help in the legal assessment of the orders. (Preprint, revised 30.6.2003)
See also related presentations: 1, 2
Download: PDF, archived at the arXiv as cs.CY/0404005.
I have assisted in creating the country report for Germany in the fipr report "Implementing the European Union Copyright Directive" published september 2003.
von: Maximillian Dornseif,
erschienen in DuD - Datenschutz und
Datensicherheit, 8/2003, Vieweg,
ISSN 0724-4371.
by: Maximillian Dornseif, Christian Klein and Kai Schumann.
English language version of "Risiken bei
Wireless Ethernet"
The IEEE 802.11b wireless ethernet standart has several serious
security flaws. This paper describes this flaws, surveys
wireless networks in the Cologne/Bonn area to get an assessment
of the security configurations of fielded networks and analizes
the legal protections provided to wireless ethernet operators by
german law. We conclude that wireless ethernets without
additional security measures are not usable for any
transmissions which are not meant for a public audience. We also
point out problems in german criminal laws regarding the
protection of encrypted communication.
Download: PDF, archived at the arXiv as cs.CY/0204021.
von: Maximillian Dornseif, Christian Klein und Kai Schumann,
erschienen in DuD - Datenschutz und
Datensicherheit, 4/2002, S. 226ff, Vieweg,
ISSN 0724-4371.
Wir beschreiben die technischen Angriffsmöglichkeiten, ermitteln
experimentell die Zahl der so angreifbaren Netze in Bonn und
teilweise in Köln und kommen bei der Bewertung der Rechtslage zu
dem Schluß dass der Betreiber von WaveLANs nur sehr beschränkt
gegen Angriffe geschützt ist. Dies liegt insbesondere daran, das
Cyphertext nicht zwingend vom § 202a StGB geschützt wird da der
Cyphertext selbst in aller Regel nicht besonders gegen Zugang
gesichert ist.
Siehe hierzu auch die Pressemitteilung der
Universität Bonn mit einer Klarstellung und das weitere Presseecho.
Download: PDF
von: Maximillian Dornseif und Kai Schumann,
erschienen in Juristische
Rundschau, 2/2002 S. 52ff, de Gruyter, ISSN
0022-6920. (Manuskript Stand 1999)
This German language article investigates the usage of the notion of data in german criminal law.
Download: PDF, durchsuchbares PDF
Maximillian Dornseif Last modified: Sat Apr 29 17:25:18 CEST 2006