Secure Information Technology Center – Austria

Traffic Analysis of Mobile Applications

Kategorie: IT-Security

As a supporting measure for the inspection of mobile applications, the data sent and received to/from the Internet has always been of interest. If data was transfered in plain text, intuitive conclusions could be drawn about their use in the context of a mobile application. Due to the fact that more and more network traffic is encrypted (HTTPS / TLS), the meaningfulness of captured data packets becomes limited and, consequently, allows only little conclusions to be drawn about the actually transmited content.
Weiter lesen…

24

May

2017

Analysis of Browser-Extensions

Kategorie: IT-Security, Web Technologies

Browser extensions can extend the functionality of modern web browsers almost arbitrarily. However, they are often used for malicious activities, due to their ability to easily access sensitive data (i.e. Cookies). Likewise, benign but faulty extensions can be used for targeted attacks by exploiting errors in the implementation. Usually, the security mechanisms of modern browsers only provide limited protection against such attacks. Thus, the present study deals with dangers posed from benign browser extensions.

Weiter lesen…

9

May

2017

Migrating Edge Computing to Hybrid Edge Computing

Kategorie: Cloud Computing

Currently, various ways exist to offload computationally intensive tasks to remote computers. The goals of these approaches are similar: increase performance and reduce energy consumption.
Furthermore, is was discovered that moving computing units in the priximity of the users is beneficial and is key to achieve best possible results. These revelations form the baseline for the Edge Computing paradigm.
Weiter lesen…

5

May

2017

State of the Art Services for Direct Communication

Kategorie: Cloud Computing, IT-Security

Direct data transfer and direct communication services are becoming increasingly relevant due to widespread availability of high bandwidth Internet connections. At the same time, some properties of today’s Internet infrastructure overcomplicate the act of establishing direct end-to-end connections. This is mostly due to legacy technologies still dominating some key components of the TCP/IP stack. To make matters worse, this is unlikely to change significantly for the foreseeable future.
Weiter lesen…

24

April

2017

Automated Reasoning over Security Policies

Kategorie: Cloud Computing, eGovernment, IT-Security, Web Technologies

Applied approaches on authorization management often focus on a single system or environment, neglecting the need to address the security of data sharing processes that span various entities and organizations.
In the course of this work, we address the shortcomings of existing frameworks by separating authorization management from particular organizations, their business or resource models. We establish a framework that defines abstract means to manage the security of resources distributed across diverse services using a unified service and policy description models. Weiter lesen…

15

March

2017

Security Aspects of Web-APIs

Kategorie: Cloud Computing, eGovernment, IT-Security, Web Technologies

Web-APIs represent a significant building block of the modern Web. They enable efficient and technology neutral data and process integration between diverse entities and platforms. As an innovation driver, they facilitate the creation of new business models and products. The broad variety of APIs, as well as the need to efficiently manage their lifecycles, motivated the inception of specifications and tools to ease and accelerate their development and integration in programmatic environments. Weiter lesen…

Browser Addon for Certificate Validation using EU Trust Lists

Kategorie: Electronic signatures, IT-Security

Intended for demonstration purposes, A-SIT realised an addon for Mozilla Firefox capable of verifying and displaying the trust status of a website certificate according to the EU Trust List (TL). The extension adds a symbol to the browser’s address bar, indicating the trustworthiness of certificates on HTTPS-protected websites according to the eIDAS regulation via TL. Inspired by common usage of a coloured lock icon in order to signalize the trust status in browsers, the addon displays a blue EU flag for trustworthy, a crossed out flag for untrustworthy domains after completion of the browser-specific handshake validation. Besides, the user has the ability to learn more about the validation results by clicking onto the icon. As a result, certificate characteristics as well as TL-specific attributes are denoted. Weiter lesen…

Decentralisation of Centralised Services

Kategorie: Cloud Computing, IT-Security

In recent years, the way users utilise their personal devices changed drastically due to the increasing popularity of smartphones and other mobile devices. A modern-day user typically owns multiple devices running a wide variety of different services which (ideally) should be available anywhere at all times. Service operators cater to these needs. From a software-architectural point of view, this is oftentimes achieved by relying on traditional client-server architectures. Central instances still play a major role when it comes to delivering internet-based services to end users. In essence, existing systems have often been extended and adapted to meet today’s user requirements. Their underlying structure, however, remained unchanged in many cases. Weiter lesen…