% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-27 % Creation time: 00-31-15 % --- Number of references % 6 % @Inproceedings { 2023-dahlmanns-docker, title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact}, year = {2023}, month = {7}, day = {10}, pages = {797-811}, abstract = {Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5\% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.}, keywords = {network security; security configuration; secret leakage; container}, tags = {ven2us, internet-of-production,}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_name = {ASIA CCS '23}, event_date = {July 10-14, 2023}, ISBN = {979-8-4007-0098-9/23/07}, DOI = {10.1145/3579856.3590329}, reviewed = {1}, author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus} } @Inproceedings { 2021_mangel_reshare, title = {Data Reliability and Trustworthiness through Digital Transmission Contracts}, year = {2021}, month = {6}, day = {8}, volume = {12731}, pages = {265-283}, abstract = {As decision-making is increasingly data-driven, trustworthiness and reliability of the underlying data, e.g., maintained in knowledge graphs or on the Web, are essential requirements for their usability in the industry. However, neither traditional solutions, such as paper-based data curation processes, nor state-of-the-art approaches, such as distributed ledger technologies, adequately scale to the complex requirements and high throughput of continuously evolving industrial data. Motivated by a practical use case with high demands towards data trustworthiness and reliability, we identify the need for digitally-verifiable data immutability as a still insufficiently addressed dimension of data quality. Based on our discussion of shortcomings in related work, we thus propose ReShare, our novel concept of digital transmission contracts with bilateral signatures, to address this open issue for both RDF knowledge graphs and arbitrary data on the Web. Our quantitative evaluation of ReShare’s performance and scalability reveals only moderate computation and communication overhead, indicating significant potential for cost-reductions compared to today’s approaches. By cleverly integrating digital transmission contracts with existing Web-based information systems, ReShare provides a promising foundation for data sharing and reuse in Industry 4.0 and beyond, enabling digital accountability through easily-adoptable digitally-verifiable data immutability and non-repudiation.}, note = {Lecture Notes in Computer Science (LNCS), Volume 12731}, keywords = {Digital transmission contracts; Trust; Data immutability; Non-repudiation; Accountability; Data dynamics; Linked Data; Knowledge graphs}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mangel-eswc-reshare.pdf}, publisher = {Springer}, booktitle = {Proceedings of the 18th Extended Semantic Web Conference (ESWC '21), June 6-10, 2021, Heraklion, Greece}, event_place = {Heraklion, Greece}, event_date = {June 6-10, 2021}, ISBN = {978-3-030-77384-7}, ISSN = {0302-9743}, DOI = {10.1007/978-3-030-77385-4_16}, reviewed = {1}, author = {Mangel, Simon and Gleim, Lars and Pennekamp, Jan and Wehrle, Klaus and Decker, Stefan} } @Inproceedings { 2021_gleim_factstack, title = {FactStack: Interoperable Data Management and Preservation for the Web and Industry 4.0}, year = {2021}, month = {5}, day = {31}, volume = {P-312}, pages = {371-395}, abstract = {Data exchange throughout the supply chain is essential for the agile and adaptive manufacturing processes of Industry 4.0. As companies employ numerous, frequently mutually incompatible data management and preservation approaches, interorganizational data sharing and reuse regularly requires human interaction and is thus associated with high overhead costs. An interoperable system, supporting the unified management, preservation and exchange of data across organizational boundaries is missing to date. We propose FactStack, a unified approach to data management and preservation based upon a novel combination of existing Web-standards and tightly integrated with the HTTP protocol itself. Based on the FactDAG model, FactStack guides and supports the full data lifecycle in a FAIR and interoperable manner, independent of individual software solutions and backward-compatible with existing resource oriented architectures. We describe our reference implementation of the approach and evaluate its performance, showcasing scalability even to high-throughput applications. We analyze the system's applicability to industry using a representative real-world use case in aircraft manufacturing based on principal requirements identified in prior work. We conclude that FactStack fulfills all requirements and provides a promising solution for the on-demand integration of persistence and provenance into existing resource-oriented architectures, facilitating data management and preservation for the agile and interorganizational manufacturing processes of Industry 4.0. Through its open source distribution, it is readily available for adoption by the community, paving the way for improved utility and usability of data management and preservation in digital manufacturing and supply chains.}, note = {Lecture Notes in Informatics (LNI), Volume P-312}, keywords = {Web Technologies; Data Management; Memento; Persistence; PID; Industry 4.0}, tags = {internet-of-production}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2021/2021-gleim-btw-iop-interoperability-realization.pdf}, publisher = {Gesellschaft f{\"u}r Informatik}, booktitle = {Proceedings of the 19th Symposium for Database Systems for Business, Technology and Web (BTW '21), September 13-17, 2021, Dresden, Germany}, event_place = {Dresden, Germany}, event_date = {September 13-17, 2021}, ISBN = {978-3-88579-705-0}, ISSN = {1617-5468}, DOI = {10.18420/btw2021-20}, reviewed = {1}, author = {Gleim, Lars and Pennekamp, Jan and Tirpitz, Liam and Welten, Sascha and Brillowski, Florian and Decker, Stefan} } @Inproceedings { 2020_gleim_factdag_provenance, title = {Expressing FactDAG Provenance with PROV-O}, year = {2020}, month = {11}, day = {1}, volume = {2821}, pages = {53-58}, abstract = {To foster data sharing and reuse across organizational boundaries, provenance tracking is of vital importance for the establishment of trust and accountability, especially in industrial applications, but often neglected due to associated overhead. The abstract FactDAG data interoperability model strives to address this challenge by simplifying the creation of provenance-linked knowledge graphs of revisioned (and thus immutable) resources. However, to date, it lacks a practical provenance implementation. In this work, we present a concrete alignment of all roles and relations in the FactDAG model to the W3C PROV provenance standard, allowing future software implementations to directly produce standard-compliant provenance information. Maintaining compatibility with existing PROV tooling, an implementation of this mapping will pave the way for practical FactDAG implementations and deployments, improving trust and accountability for Open Data through simplified provenance management.}, keywords = {Provenance; Data Lineage; Open Data; Semantic Web Technologies; Ontology Alignment; PROV; RDF; Industry 4.0; Internet of Production; IIoT}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-factdag-provenance.pdf}, publisher = {CEUR Workshop Proceedings}, booktitle = {Proceedings of the 6th Workshop on Managing the Evolution and Preservation of the Data Web (MEPDaW '20), co-located with the 19th International Semantic Web Conference (ISWC '20), November 1-6, 2020, Athens, Greece,}, event_place = {Athens, Greece}, event_date = {November 1-6, 2020}, ISSN = {1613-0073}, reviewed = {1}, author = {Gleim, Lars and Tirpitz, Liam and Pennekamp, Jan and Decker, Stefan} } @Article { 2020_gleim_factDAG, title = {FactDAG: Formalizing Data Interoperability in an Internet of Production}, journal = {IEEE Internet of Things Journal}, year = {2020}, month = {4}, day = {14}, volume = {7}, number = {4}, pages = {3243-3253}, abstract = {In the production industry, the volume, variety and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of IoT advances. While hundreds of isolated solutions exist to utilize this data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified data handling and exchange mechanism hinders the implementation of approaches to improve the quality of decisions and processes in such an interconnected environment. The vision of an Internet of Production promises the establishment of a Worldwide Lab, where data from every process in the network can be utilized, even interorganizational and across domains. While numerous existing approaches consider interoperability from an interface and communication system perspective, fundamental questions of data and information interoperability remain insufficiently addressed. In this paper, we identify ten key issues, derived from three distinctive real-world use cases, that hinder large-scale data interoperability for industrial processes. Based on these issues we derive a set of five key requirements for future (IoT) data layers, building upon the FAIR data principles. We propose to address them by creating FactDAG, a conceptual data layer model for maintaining a provenance-based, directed acyclic graph of facts, inspired by successful distributed version-control and collaboration systems. Eventually, such a standardization should greatly shape the future of interoperability in an interconnected production industry.}, keywords = {Data Management; Data Versioning; Interoperability; Industrial Internet of Things; Worldwide Lab}, tags = {internet-of-production}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-gleim-iotj-iop-interoperability.pdf}, publisher = {IEEE}, ISSN = {2327-4662}, DOI = {10.1109/JIOT.2020.2966402}, reviewed = {1}, author = {Gleim, Lars and Pennekamp, Jan and Liebenberg, Martin and Buchsbaum, Melanie and Niemietz, Philipp and Knape, Simon and Epple, Alexander and Storms, Simon and Trauth, Daniel and Bergs, Thomas and Brecher, Christian and Decker, Stefan and Lakemeyer, Gerhard and Wehrle, Klaus} } @Inproceedings { 2019_pennekamp_securityConsiderations, title = {Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs}, year = {2019}, month = {12}, day = {4}, abstract = {The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.}, keywords = {secure industrial collaboration; interconnected cyber-physical systems; stakeholders; Internet of Production}, tags = {internet-of-production; iotrust}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-pennekamp-security-considerations.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT '19), December 4–7, 2019, Dubai, United Arab Emirates}, event_place = {Dubai, United Arab Emirates}, event_date = {December 4–7, 2019}, ISBN = {978-1-7281-4873-1}, DOI = {10.1109/GCIoT47977.2019.9058413}, reviewed = {1}, author = {Pennekamp, Jan and Dahlmanns, Markus and Gleim, Lars and Decker, Stefan and Wehrle, Klaus} }