@article{LorenzClemensSchroetteretal.2022,
  author    = {Lorenz, Claas and Clemens, Vera Elisabeth and Schr{\"o}tter, Max and Schnor, Bettina},
  title     = {Continuous verification of network security compliance},
  series = {IEEE transactions on network and service management},
  volume    = {19},
  journal   = {IEEE transactions on network and service management},
  number    = {2},
  publisher = {Institute of Electrical and Electronics Engineers},
  address   = {New York},
  issn      = {1932-4537},
  doi       = {10.1109/TNSM.2021.3130290},
  pages     = {1729 -- 1745},
  year      = {2022},
  abstract  = {Continuous verification of network security compliance is an accepted need. Especially, the analysis of stateful packet filters plays a central role for network security in practice. But the few existing tools which support the analysis of stateful packet filters are based on general applicable formal methods like Satifiability Modulo Theories (SMT) or theorem prover and show runtimes in the order of minutes to hours making them unsuitable for continuous compliance verification. In this work, we address these challenges and present the concept of state shell interweaving to transform a stateful firewall rule set into a stateless rule set. This allows us to reuse any fast domain specific engine from the field of data plane verification tools leveraging smart, very fast, and domain specialized data structures and algorithms including Header Space Analysis (HSA). First, we introduce the formal language FPL that enables a high-level human-understandable specification of the desired state of network security. Second, we demonstrate the instantiation of a compliance process using a verification framework that analyzes the configuration of complex networks and devices - including stateful firewalls - for compliance with FPL policies. Our evaluation results show the scalability of the presented approach for the well known Internet2 and Stanford benchmarks as well as for large firewall rule sets where it outscales state-of-the-art tools by a factor of over 41.},
  language  = {en}
}
@article{SchefflerSchnor2004,
  author    = {Scheffler, Thomas and Schnor, Bettina},
  title     = {Securing Next generation Mobile Networks},
  isbn      = {0-86341-388-9},
  year      = {2004},
  language  = {en}
}
@misc{SahlmannClemensNowaketal.2020,
  author    = {Sahlmann, Kristina and Clemens, Vera and Nowak, Michael and Schnor, Bettina},
  title     = {MUP},
  series = {Postprints der Universit{\"a}t Potsdam : Mathematisch-Naturwissenschaftliche Reihe},
  journal   = {Postprints der Universit{\"a}t Potsdam : Mathematisch-Naturwissenschaftliche Reihe},
  number    = {1094},
  issn      = {1866-8372},
  doi       = {10.25932/publishup-48901},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-489013},
  pages     = {23},
  year      = {2020},
  abstract  = {Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.},
  language  = {en}
}
@article{SahlmannClemensNowaketal.2020,
  author    = {Sahlmann, Kristina and Clemens, Vera and Nowak, Michael and Schnor, Bettina},
  title     = {MUP},
  series = {Sensors},
  volume    = {21},
  journal   = {Sensors},
  number    = {1},
  publisher = {MDPI},
  address   = {Basel},
  issn      = {1424-8220},
  doi       = {10.3390/s21010010},
  pages     = {21},
  year      = {2020},
  abstract  = {Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.},
  language  = {en}
}
@article{LiskeRebensburgSchnor2007,
  author    = {Liske, Stefan and Rebensburg, Klaus and Schnor, Bettina},
  title     = {SPIT-Erkennung, -Bekanntgabe und -Abwehr in SIP-Netzwerken},
  isbn      = {978-3-540-69961-3},
  year      = {2007},
  abstract  = {SPAM ist in den letzten Jahren zur großten Bedrohung der E-Mail-Kommunikation herangewachsen - jedoch nicht nur auf diesen Kommunikationsweg beschrankt. Mit steigender Anzahl von VoIP-Anschl{\"u}ssen werden auch hier die teilnehmenden Benutzer mit SPAM-Anrufen (SPIT) konfrontiert werden. Neben derzeit diskutierten juristischen Maßnahmen m{\"u}ssen auch technische Abwehrmaßnahmen geschaffen werden, welche SPAM erkennen und vermeiden k{\"o}nnen. Dieser Beitrag stellt zwei Erweiterungen f{\"u}r das VoIP-Protokoll SIP vor, welche es erstens den Providern erm{\"o}glichen, SPIT-Einsch{\"a}tzungen {\"u}ber den Anrufer zum angerufenen Benutzer zu {\"u}bermitteln und zweitens den Angerufenen die M{\"o}glichkeit geben, mit einer Kostenanforderung auf potentielle SPIT-Anrufe zu reagieren.},
  language  = {de}
}
@article{FriedrichKrahmerSchneidenbachetal.2006,
  author    = {Friedrich, Sven and Krahmer, Sebastian and Schneidenbach, Lars and Schnor, Bettina},
  title     = {Loaded: Server Load Balancing for IPv6},
  isbn      = {0-7695-2622-5},
  year      = {2006},
  abstract  = {With the next generation Internet protocol IPv6 at the horizon, it is time to think about how applications can migrate to IPv6. Web traffic is currently one of the most important applications in the Internet. The increasing popularity of dynamically generated content on the World Wide Web, has created the need for fast web servers. Server clustering together with server load balancing has emerged as a promising technique to build scalable web servers. The paper gives a short overview over the new features of IPv6 and different server load balancing technologies. Further, we present and evaluate Loaded, an user-space server load balancer for IPv4 and IPv6 based on Linux.},
  language  = {en}
}
@article{SchneidenbachSchnor2007,
  author    = {Schneidenbach, Lars and Schnor, Bettina},
  title     = {Design Issues in the Implementation of MPI2 One Sided Communication in Ethernet based Networks},
  isbn      = {978-0-88986-637-9},
  year      = {2007},
  abstract  = {In current research, one sided communication of the MPI2 standard is pushed as a promising technique [6, 7, 10, 18]. But measurements of applications and MPI2 primitives show a different picture [17]. In this paper we analyze de sign issues of MPI2 one sided communication and its im plementations. We focus on asynchronous communication for parallel applications in Ethernet cluster environments. Further, one sided communication is compared to two sided communication. This paper will prove that the key problem to performance is not only the implementation of MPI2 one sided communication - it is the design.},
  language  = {en}
}
@article{HoheiselMuellerSchnor2007,
  author    = {Hoheisel, A. and M{\"u}ller, S. and Schnor, Bettina},
  title     = {Fine-grained Security Management in a Service-oriented Grid Architecture},
  isbn      = {978-0-387-72811-7},
  year      = {2007},
  language  = {en}
}
@article{SchefflerSchnor2005,
  author    = {Scheffler, Thomas and Schnor, Bettina},
  title     = {Privacy Requirements for Embedded Sensor Devices},
  isbn      = {978-3-800729-09-8},
  year      = {2005},
  abstract  = {This paper analyses data privacy issues as they arise from different deployment scenarios for networks that use embedded sensor devices. Maintaining data privacy in pervasive environments requires the management and implementation of privacy protection measures close to the data source. We propose a set of atomic privacy parameters that is generic enough to form specific privacy classes and might be applied directly at the embedded sensor device.},
  language  = {en}
}
@article{HallamaLuckowSchnor2006,
  author    = {Hallama, Nicole and Luckow, Andr{\´e} and Schnor, Bettina},
  title     = {Grid Security for Fault Tolerant Grid Applications},
  isbn      = {978-1-880843-60-4},
  year      = {2006},
  language  = {en}
}