Exploring Docker Security – Part 3: Docker Content Trust


In terms of security, obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and also that he or she actually got the latest version of the image. In order to provide its users with that guarantees, Docker ships with a feature called Docker Content Trust since version 1.8.
This third and last part of this series intends to give an overview of Docker Content Trust, which in fact combines different frameworks and tools, namely Notary and Docker Registry v2,  into a rich and powerful feature set making Docker images more secure.

Continue reading

WhatsApp encrypts !?


The majority of the 1 billion monthly whatsapp users may be a little confused about the tiny yellow info-box in their familiar chat. End-to-end encryption? Is this one of these silly annoying whatsapp-viruses or maybe something good?

The first big question is “why”. Why do we need a (so complicated) whatsapp end-to-end encryption? The most important answer is obvious: cause the sent messages are highly personal and worthy to protect against third-party attackers or facebook/ whatsapp itself. From facebook’s point of view there are some more reasons like pressure caused by competitors or loss of trust by the users.

Continue reading

Secure Systems 2016 – An Overview, Walter Kriha


This is an attempt to provide an overview of the topics in “Secure Systems”, a seminar held during the summer term 2016 at the Stuttgart Media University HdM. Presentations have been given and blog entries into our new MI blog were made. With the chosen topics we have been quite lucky, as some of them turned out to be in the headlines sometimes only a few weeks after the presentation. Examples were the Dark Web, wireless car keys, side channel attacks, operating systems security, software supported racism and last but not least the threat of attacks on critical infrastructures like power grids and airports.

Open research questions about the topics will be discussed as well and you can find blog entries at blog.mi.hdm-stuttgart.de

The seminar structure was roughly as follows:
1. current topics and developments (what is happening in IT-Security, Capability approaches compared to ACLs)
2. infrastructure security (IT-Sec in critical infrastructures like power grids, car production etc.)
3. IT-Security problems in other areas and branches (Satellites, company infrastructures, Law, Data Sciences, Movies and Literature, Dark Web, Botnets etc.)
4. Ways to improve Security:
– Basic problems (psychological factors)
– New languages (Rust, Elixir)
– new operating systems and containers (MirageOS, ChromeOS)
– new protocols (secure end-to-end messaging)

Continue reading

Botnets – Structural analysis, functional principle and general overview

wiat wektorThis paper provides an overview on the most important types of botnets in terms of network topology, functional principle as well as a short definition on the subject matter. By exploring the motivation of botnet operators, the reader will gain more insight into business models and course of actions of key players in the field. Furthermore, essential botnet modules, major important roles and infection vectors will be discussed in order to provide an overview. This paper will also treat the hiding, detection, as well as the decommissioning of botnets. Moreover, it will be discussed in what sense botnets may be considered as resilient systems and what estimations about countermeasures can be taken in order to tackle future developments in the field of botnets.

Continue reading