This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-24 Creation time: 05-54-11 --- Number of references 41 inproceedings 2024-wagner-madtls 2024 7 1 https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf 19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur Singapur ACM ASIA Conference on Computer and Communications Security (AsiaCCS) July 1-5, 2024 unpublished 1 EricWagner DavidHeye MartinSerror IkeKunze KlausWehrle MartinHenze inproceedings 2024-kunze-spintrap 2024 5 7 IEEE/IFIP Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24) 2024 IEEE/IFIP Network Operations and Management Symposium accepted 1 IkeKunze ConstantinSander LarsTissen BenediktBode KlausWehrle inproceedings 2024-kunze-civic 2024 5 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24) accepted 1 IkeKunze DominikScheurenberg LiamTirpitz SandraGeisler KlausWehrle inproceedings 2023-kunze-spin-bit-in-the-wild 2023 10 https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-kunze-spin-bit-in-the-wild.pdf ACM Proceedings of the Internet Measurement Conference (IMC '23) Internet Measurement Conference 2023 10.1145/3618257.3624844 1 IkeKunze ConstantinSander KlausWehrle inproceedings 2023-sander-quic-ecn 2023 10 legato https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-sander-quic-ecn.pdf https://arxiv.org/abs/2309.14273 ACM Proceedings of the Internet Measurement Conference (IMC '23) Internet Measurement Conference 2023 979-8-4007-0382-9/23/10 10.1145/3618257.3624821 1 ConstantinSander IkeKunze LeoBlöcher MikeKosek KlausWehrle inproceedings 2023-dahlmanns-docker 2023 7 10 797-811 Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse. network security; security configuration; secret leakage; container ven2us, internet-of-production, https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf ACM Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia Melbourne, VIC, Australia ASIA CCS '23 July 10-14, 2023 979-8-4007-0098-9/23/07 10.1145/3579856.3590329 1 MarkusDahlmanns ConstantinSander RobinDecker KlausWehrle inproceedings 2023-grote-mvca-fairness 2023 6 https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-grote-mvca-fairness.pdf IFIP/IEEE Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '23) 978-3-903176-58-4 10.23919/TMA58422.2023.10199019 1 LaurenzGrote IkeKunze ConstantinSander KlausWehrle incollection 2023_pennekamp_crd-a.i 2023 2 8 35-60 The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL. Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_2 1 JanPennekamp AnastasiiaBelova ThomasBergs MatthiasBodenbenner AndreasBührig-Polaczek MarkusDahlmanns IkeKunze MoritzKröger SandraGeisler MartinHenze DanielLütticke BenjaminMontavon PhilippNiemietz LuciaOrtjohann MaximilianRudack Robert H.Schmitt UweVroomen KlausWehrle MichaelZeng incollection 2023_rueppel_crd-b2.ii 2023 2 8 221-246 The main objectives in production technology are quality assurance, cost reduction, and guaranteed process safety and stability. Digital shadows enable a more comprehensive understanding and monitoring of processes on shop floor level. Thus, process information becomes available between decision levels, and the aforementioned criteria regarding quality, cost, or safety can be included in control decisions for production processes. The contextual data for digital shadows typically arises from heterogeneous sources. At shop floor level, the proximity to the process requires usage of available data as well as domain knowledge. Data sources need to be selected, synchronized, and processed. Especially high-frequency data requires algorithms for intelligent distribution and efficient filtering of the main information using real-time devices and in-network computing. Real-time data is enriched by simulations, metadata from product planning, and information across the whole process chain. Well-established analytical and empirical models serve as the base for new hybrid, gray box approaches. These models are then applied to optimize production process control by maximizing the productivity under given quality and safety constraints. To store and reuse the developed models, ontologies are developed and a data lake infrastructure is utilized and constantly enlarged laying the basis for a World Wide Lab (WWL). Finally, closing the control loop requires efficient quality assessment, immediately after the process and directly on the machine. This chapter addresses works in a connected job shop to acquire data, identify and optimize models, and automate systems and their deployment in the Internet of Production (IoP). Process control; Model-based control; Data aggregation; Model identification; Model optimization internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-rueppel-iop-b2.i.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_7 1 Adrian KarlRüppel MuzafferAy BenediktBiernat IkeKunze MarkusLandwehr SamuelMann JanPennekamp PascalRabe Mark P.Sanders DominikScheurenberg SvenSchiller TiandongXi DirkAbel ThomasBergs ChristianBrecher UweReisgen Robert H.Schmitt KlausWehrle incollection 2023_klugewilkes_crd-b2.iv 2023 2 8 303-328 The increasing product variability and lack of skilled workers demand for autonomous, flexible production. Since assembly is considered a main cost driver and accounts for a major part of production time, research focuses on new technologies in assembly. The paradigm of Line-less Mobile Assembly Systems (LMAS) provides a solution for the future of assembly by mobilizing all resources. Thus, dynamic product routes through spatiotemporally configured assembly stations on a shop floor free of fixed obstacles are enabled. In this chapter, we present research focal points on different levels of LMAS, starting with the macroscopic level of formation planning, followed by the mesoscopic level of mobile robot control and multipurpose input devices and the microscopic level of services, such as interpreting autonomous decisions and in-network computing. We provide cross-level data and knowledge transfer through a novel ontology-based knowledge management. Overall, our work contributes to future safe and predictable human-robot collaboration in dynamic LMAS stations based on accurate online formation and motion planning of mobile robots, novel human-machine interfaces and networking technologies, as well as trustworthy AI-based decisions. Lineless mobile assembly systems (LMAS); Formation planning; Online motion planning; In-network computing; Interpretable AI; Human-machine collaboration; Ontology-based knowledge management internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-klugewilkes-iop-b2.iv.pdf Springer Interdisciplinary Excellence Accelerator Series Internet of Production: Fundamentals, Applications and Proceedings 978-3-031-44496-8 10.1007/978-3-031-44497-5_13 1 AlineKluge-Wilkes RalphBaier DanielGossen IkeKunze AleksandraMüller AmirShahidi DominikWolfschläger ChristianBrecher BurkhardCorves MathiasHüsing VerenaNitsch Robert H.Schmitt KlausWehrle inproceedings 2022-kunze-coin-transport 2022 11 https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kunze-coin-transport.pdf Proceedings of the 1st Workshop on New IP and Beyond, co-located with the 30th IEEE International Conference on Network Protocols Lexington, Kentucky, USA 1st Workshop on New IP and Beyond, co-located with the 30th IEEE International Conference on Network Protocols 30 October, 2022 10.1109/ICNP55882.2022.9940379 1 IkeKunze DirkTrossen KlausWehrle inproceedings 2022-sander-h3-prio-hol 2022 6 27 legato https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-sander-h3-prio-hol.pdf https://tma.ifip.org/2022/wp-content/uploads/sites/11/2022/06/tma2022-paper28.pdf IFIP Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '22) Enschede Network Traffic Measurement and Analysis Conference 27.06.22-30.06.22 978-3-903176-47-8 1 ConstantinSander IkeKunze KlausWehrle article 2022_brauner_iop ACM Transactions on Internet of Things 2022 5 1 3 2 The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality. Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf ACM 2691-1914 10.1145/3502265 1 PhilippBrauner ManuelaDalibor MatthiasJarke IkeKunze IstvánKoren GerhardLakemeyer MartinLiebenberg JudithMichael JanPennekamp ChristophQuix BernhardRumpe Wilvan der Aalst KlausWehrle AndreasWortmann MartinaZiefle techreport draft-irtf-coinrg-use-cases-02 2022 3 draft-irtf-coinrg-use-cases-02 expires: 8 September 2022 (work in progress) https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/draft-irtf-coinrg-use-cases-02.pdf https://datatracker.ietf.org/doc/draft-irtf-coinrg-use-cases/ Online IETF Trust Internet Drafts Internet Engineering Task Force Internet Engineering Task Force IkeKunze KlausWehrle DirkTrossen Marie-JoséMontpetit Xavierde Foy DavidGriffin MiguelRio inproceedings 2021_pennekamp_laser 2021 12 21 Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work. internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf ACSA Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA Austin, TX, USA Learning from Authoritative Security Experiment Results (LASER '20) December 8, 2020 978-1-891562-81-5 10.14722/laser-acsac.2020.23088 1 JanPennekamp ErikBuchholz MarkusDahlmanns IkeKunze StefanBraun EricWagner MatthiasBrockmann KlausWehrle MartinHenze inproceedings 2021-krude-nfp-pred 2021 12 7 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-krude-nfp-pred.pdf ACM The 17th International Conference on emerging Networking EXperiments and Technologies (CoNEXT '21) 978-1-4503-9098-9/21/12 10.1145/3485983.3494842 1 JohannesKrude JanRüth DanielSchemmel FelixRath Iohannes-HeorhFolbort KlausWehrle inproceedings 2021-kunze-spin-tracker 2021 12 7 15–21 https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-spin-tracker.pdf ACM Proceedings of the 2021 Workshop on Evolution, Performance and Interoperability of QUIC (EPIQ '21) 9781450391351 10.1145/3488660.3493804 1 IkeKunze ConstantinSander KlausWehrle JanRüth inproceedings 2021-sander-shardingrevisited 2021 11 2 legato /fileadmin/papers/2021/2021-sander-sharding-revisited.pdf https://arxiv.org/abs/2110.14239 ACM Proceedings of the Internet Measurement Conference (IMC '21) Internet Measurement Conference 2021 02.11.21 - 04.11.21 978-1-4503-9129-0/21/11 10.1145/3487552.3487832 1 ConstantinSander LeoBlöcher KlausWehrle JanRüth techreport draft-kunze-coinrg-transport-issues-05 2021 10 draft-kunze-coinrg-transport-issues-05 Expires: 28 April 2022 (work in progress) https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/draft-kunze-coinrg-transport-issues-05.pdf https://datatracker.ietf.org/doc/draft-kunze-coinrg-transport-issues/ IETF Trust Internet Drafts Internet Engineering Task Force Internet Engineering Task Force IkeKunze KlausWehrle DirkTrossen inproceedings 2021-kunze-efm-evaluation 2021 7 22 - 28 /fileadmin/papers/2021/2021-kunze-efm-evaluation.pdf ACM ANRW '21: Proceedings of the Applied Networking Research Workshop Virtual Event Applied Networking Research Workshop (ANRW '21) July 2021 10.1145/3472305.3472319 1 IkeKunze KlausWehrle JanRüth inproceedings 2021-kunze-signal-detection 2021 6 10 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-signal-detection.pdf IEEE Proceedings of the 2021 IEEE 30th International Symposium on Industrial Electronics (ISIE) 978-1-7281-9023-5 2163-5145 10.1109/ISIE45552.2021.9576221 1 IkeKunze PhilippNiemietz LiamTirpitz RenéGlebke DanielTrauth ThomasBergs KlausWehrle inproceedings 2021-glebke-service-based-forwarding 2021 6 10 reflexes /fileadmin/papers/2021/2021-glebke-service-based-forwarding.pdf IEEE Proceedings of the 2021 IEEE International Conference on High Performance Switching and Routing: Workshop on Semantic Addressing and Routing for Future Networks (SARNET-21) 978-1-6654-4005-9 2325-5609 10.1109/HPSR52026.2021.9481814 1 RenéGlebke DirkTrossen IkeKunze DavidLou JanRüth MirkoStoffers KlausWehrle inproceedings 2021-kunze-coordinate-transformation 2021 5 11 334-340 in-network computing; latency; approximation internet-of-production,reflexes https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-coordinate-transformation.pdf IEEE Proceedings of the 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '21) 978-1-7281-6207-2 10.1109/ICPS49255.2021.9468247 1 IkeKunze RenéGlebke JanScheiper MatthiasBodenbenner Robert H.Schmitt KlausWehrle article 2021_buckhorst_lmas Procedia CIRP 2021 5 3 99 448-453 Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike. Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf Elsevier Gulf of Naples, Italy July 14-17, 2020 2212-8271 10.1016/j.procir.2021.03.064 1 Armin F.Buckhorst BenjaminMontavon DominikWolfschläger MelanieBuchsbaum AmirShahidi HenningPetruck IkeKunze JanPennekamp ChristianBrecher MathiasHüsing BurkhardCorves VerenaNitsch KlausWehrle Robert H.Schmitt inproceedings 2021-kunze-aqm-tofino-p4 2021 5 72-80 internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-aqm-tofino-p4.pdf IFIP/IEEE Proceedings of the International Symposium on Integrated Network Management (IM '21) Virtual Event International Symposium on Integrated Network Management (IM '21) May 2021 978-1-7281-9041-9 1 IkeKunze MoritzGunz DavidSaam KlausWehrle JanRüth inproceedings 2021-sander-zoom-cc 2021 3 internet-of-production /fileadmin/papers/2021/2021-sander-zoom-fairness-aqm.pdf https://arxiv.org/abs/2107.00904 Springer Proceedings of the Passive and Active Measurement Conference (PAM '21) Passive and Active Measurement Conference (PAM 2021) 10.1007/978-3-030-72582-2_1 1 ConstantinSander IkeKunze KlausWehrle JanRüth article 2020_niemietz_stamping Procedia Manufacturing 2020 7 11 49 61-68 Sharing data between companies throughout the supply chain is expected to be beneficial for product quality as well as for the economical savings in the manufacturing industry. To utilize the available data in the vision of an Internet of Production (IoP) a precise condition monitoring of manufacturing and production processes that facilitates the quantification of influences throughout the supply chain is inevitable. In this paper, we consider stamping processes in the context of an Internet of Production and the preliminaries for analytical models that utilize the ever-increasing available data. Three research objectives to cope with the amount of data and for a methodology to monitor, analyze and evaluate the influence of available data onto stamping processes have been identified: (i) State detection based on cyclic sensor signals, (ii) mapping of in- and output parameter variations onto process states, and (iii) models for edge and in-network computing approaches. After discussing state-of-the-art approaches to monitor stamping processes and the introduction of the fineblanking process as an exemplary stamping process, a research roadmap for an IoP enabling modeling framework is presented. Proceedings of the 8th International Conference on Through-Life Engineering Service (TESConf '19), October 27-29, 2019, Cleveland, OH, USA Stamping Process; Industry 4.0; Fine-blanking; Internet of production; Condition monitoring; Data analytics internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-niemietz-stamping-modelling.pdf Elsevier Cleveland, OH, USA October 27-29, 2019 2351-9789 10.1016/j.promfg.2020.06.012 1 PhilippNiemietz JanPennekamp IkeKunze DanielTrauth KlausWehrle ThomasBergs inproceedings 2020-mann-ur-weldseamstudy 2020 6 https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-mann-weld-seam-geometry-control.pdf Proceedings of the 2020 Internal Conference on Ubiquitous Robots Internal Conference on Ubiquitous Robots June 22-26, 2020 10.1109/UR49135.2020.9144839 1 SamuelMann RenéGlebke IkeKunze DominikScheurenberg RahulSharma UweReisgen KlausWehrle DirkAbel article 2019-kunze-ccwild-tnsm IEEE Transactions on Network and Service Management 2019 12 27 17 2 1224 - 1238 https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-kunze-ccwild-tnsm.pdf 1932-4537 10.1109/TNSM.2019.2962607 1 IkeKunze JanRüth OliverHohlfeld inproceedings 2019-krude-online-reprogramming 2019 12 9 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-krude-online-reprogramming.pdf ACM 1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19) 978-1-4503-7000-4/19/12 10.1145/3359993.3366643 1 JohannesKrude JacoHofmann MatthiasEichholz KlausWehrle AndreasKoch MiraMezini inproceedings 2019-glebke-in-network-cv 2019 12 9 reflexes,maki,internet-of-production https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-in-network-cv.pdf Online ACM 1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19) en 978-1-4503-7000-4/19/12 10.1145/3359993.3366646 1 RenéGlebke JohannesKrude IkeKunze JanRüth FelixSenger KlausWehrle inproceedings 2019-krude-chain-opt 2019 8 23 With the move of Software-defined networking from fixed to programmable data planes, network functions are written with P4 or eBPF for targets such as programmable switches, CPU based flow processors and commodity CPUs. These data plane programs are, however, limited in per-packet time budget (e.g., 67.2 ns at 10GbE) and program size, making program optimization imperative. Existing approaches focus on optimizing the distribution of flow rules in fixed data planes or they are limited to a single switch. We see great potential in integrating the network topology into program optimization. maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-krude-chain-opt.pdf ACM NetPL '19: ACM SIGCOMM Workshop on Networking and Programming Languages Beijing, China 978-1-4503-6877-3/19/08 10.1145/3341561.3349590 1 JohannesKrude MatthiasEichholz MaximilianWinck KlausWehrle MiraMezini inproceedings 2019-sander-depcci 2019 8 18 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-sander-deepcci.pdf https://arxiv.org/abs/1907.02323 ACM In Proceedings of the ACM SIGCOMM Workshop on Network Meets AI & ML (NetAI '19) Beijing, China Workshop on Network Meets AI & ML 18.08.2019 10.1145/3341216.3342211 1 ConstantinSander JanRüth OliverHohlfeld KlausWehrle inproceedings 2019-hohlfeld-bpfperf 2019 6 25 maki,reflexes https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-bpfperf.pdf IEEE IEEE International Conference on Network Softwarization (NetSoft) IEEE International Conference on Network Softwarization 10.1109/NETSOFT.2019.8806651 1 OliverHohlfeld JohannesKrude Jens HelgeReelfs JanRüth KlausWehrle inproceedings 2019-rueth-ccfness 2019 6 19 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-ccfness.pdf https://arxiv.org/abs/1905.07152 IFIP/IEEE In Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '19) Paris, France Network Traffic Measurement and Analysis Conference 19.06.2019 - 21.06.2019 10.23919/TMA.2019.8784684 1 JanRüth IkeKunze OliverHohlfeld article rueth:iw:TNSM19 IEEE Transactions on Network and Service Management 2019 1 30 16 2 389--402 maki http://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-iwtnsm.pdf 1932-4537 10.1109/TNSM.2019.2896335 1 JanRüth IkeKunze OliverHohlfeld inproceedings 2018-krude-circuit 2018 8 20 1-7 maki https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-krude-xocks.pdf ACM Proceedings of the 2018 Afternoon Workshop on Kernel Bypassing Networks (KBNets'18) Budapest, Hungary Afternoon Workshop on Kernel Bypassing Networks 20.8.2018 10.1145/3229538.3229539 1 JohannesKrude MirkoStoffers KlausWehrle inproceedings 2017-teubert-secuware-hugin 2017 9 168-176 Mobile operating systems are a prime target of today’s malware authors and cyber criminals. In particular, Google’s Android suffers from an ever increasing number of malware attacks in the form of malicious apps. These typically originate from poorly policed third-party app stores that fail to vet the apps prior to publication. In this paper, we present Hugin, a machine learning-based app vetting system that uses features derived from dynamic, as well as static analysis and thus falls into the scarcely studied class of hybrid approaches. Hugin is unique with respect to using IPC/RPC monitoring as source for dynamically extracted features. Furthermore, Hugin uses a short (and yet effective) feature vector that leads to a high efficiency in training as well as classification. Our evaluation shows that Hugin achieves a detection accuracy of up to 99.74% on an up-to- date data set consisting of more than 14,000 malware samples and thus, is easily capable of competing with other current systems. mobile malware detection; app vetting; machine learning http://www.thinkmind.org/download.php?articleid=securware_2017_10_20_30067 IARIA SECUWARE 2017 The Eleventh International Conference on Emerging Security Information, Systems and Technologies Hugin: A Scalable Hybrid Android Malware Detection Syste September 2017 978-1-61208-582-1 1 1 DominikTeubert JohannesKrude SamuelSchüppen UlrikeMeyer proceedings 2017-SymPerfPoster 2017 8 21 spp,erc,symbiosys,reflexes https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-rath-sym-perf-poster.pdf ACM Los Angeles, USA ACM SIGCOMM 2017 Poster 21.8.2017 - 25.8.2017 en 978-1-4503-5057-0/17/08 10.1145/3123878.3131977 1 FelixRath JohannesKrude JanRüth DanielSchemmel OliverHohlfeld Jó AgilaBitsch Link KlausWehrle article 2017-ziegeldorf-bmcmedgenomics-bloom BMC Medical Genomics 2017 7 26 10 Suppl 2 29-42 Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude. Proceedings of the 5th iDASH Privacy and Security Workshop 2016 Secure outsourcing; Homomorphic encryption; Bloom filters sscilops; mynedata; rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf Online BioMed Central Chicago, IL, USA November 11, 2016 en 1755-8794 10.1186/s12920-017-0277-y 1 Jan HenrikZiegeldorf JanPennekamp DavidHellmanns FelixSchwinger IkeKunze MartinHenze JensHiller RomanMatzutt KlausWehrle inproceedings 2013-krude-ccsw-sandbox 2013 11 1-10 In PaaS architectures, code execution needs to be isolated to protect tenants from unauthorized access to their data by other tenants and to protect the host system from any type of intrusion by other tenants. In this paper we propose a simple and lightweight framework that provides such code execution isolation units. All design decisions taken for our framework follow well-established design principles for protection mechanisms, such that in our design we put security first. Our framework uses the process barrier and the seccomp filter mechanism to restrict access to memory and to the system call interface. For access to additional resources a request delegation scheme is used. We evaluate our implementation on a small PaaS example architecture. For plain computations, the applied techniques do not introduce any overhead. In general, setup time for isolation units is negligible and the framework achieves acceptable throughput for broad network access. Our work brings tight and versatile isolation units to current unmodified Linux operating systems. ACM Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13) 978-1-4503-2490-8 10.1145/2517488.2517499 1 1 JohannesKrude UlrikeMeyer