Christian Schanes


Image
Projektass. Dipl.-Ing. Dr.techn.

Christian Schanes

  • About:
  • Orcid:
  • Keywords:
  • Roles: PostDoc Researcher

Publications

Voice calls for free: How the black market establishes free phone calls - Trapped and uncovered by a VoIP honeynet
Markus GruberChristian SchanesFlorian FankhauserThomas GrechenigJordi Castellà-Roca

View .bib

Handle: 20.500.12708/55055; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: The number of Voice over IP systems and the number of Session Initiation Protocol users is constantly increasing. The new Voice over IP infrastructures are connected with the traditional Public Switched Telephone Network and attacks against the phone infrastructure are becoming more imaginative. The attacks can cause financial losses, e.g., attackers steal money or incur costs for the victim. We analyze the current status of toll fraud attacks by analyzing real-world attacks collected in a Voice over IP honeynet solution. Based on the detailed data about real attacks, the creation or adaption of existing prevention mechanisms is possible in order to avoid toll fraud attacks in live environments.

Gruber, M., Schanes, C., Fankhauser, F., & Grechenig, T. (2013). Voice calls for free: How the black market establishes free phone calls - Trapped and uncovered by a VoIP honeynet. In J. Castellà-Roca (Ed.), Proceedings of the International Conference on Privacy, Security and Trust (pp. 205–212). IEEE. http://hdl.handle.net/20.500.12708/55055
Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests
Christian SchanesAndreas HüblerFlorian FankhauserThomas Grechenig

View .bib

Handle: 20.500.12708/55058; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security requirements in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. In the presented approach, we observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This is a generic method for different test targets which improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Schanes, C., Hübler, A., Fankhauser, F., & Grechenig, T. (2013). Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests. In Proceedings of the Sixth IEEE International Conference on Software Testing, Verification and Validation (pp. 453–460). IEEE. http://hdl.handle.net/20.500.12708/55058
Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models
Christian SchanesFlorian FankhauserAndreas HüblerThomas Grechenig

View .bib

Handle: 20.500.12708/55059; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security problems in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. We observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Schanes, C., Fankhauser, F., Hübler, A., & Grechenig, T. (2013). Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models. In Proceedings of the Fourth International Workshop on Security Testing (SECTEST 2013). The Fourth International Workshop on Security Testing (SECTEST 2013), Luxembourg, EU. IEEE. http://hdl.handle.net/20.500.12708/55059
Security test approach for automated detection of vulnerabilities of sip-based voip softphones.
Christian SchanesStefan TaberKarin PoppFlorian FankhauserThomas Grechenig

View .bib

Handle: 20.500.12708/163156; Year: 2011; Issued On: 2011-01-01; Type: Publication; Subtype: Article;

Keywords:
Astract: Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.

Schanes, C., Taber, S., Popp, K., Fankhauser, F., & Grechenig, T. (2011). Security test approach for automated detection of vulnerabilities of sip-based voip softphones. International Journal On Advances in Security, 4(1 & amp;2), 95–105. http://hdl.handle.net/20.500.12708/163156
Security test environment for voip research
Florian FankhauserMaximilian RonnigerChristian SchanesThomas Grechenig

View .bib

Handle: 20.500.12708/163157; Year: 2011; Issued On: 2011-01-01; Type: Publication; Subtype: Article;

Keywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn't considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes

Fankhauser, F., Ronniger, M., Schanes, C., & Grechenig, T. (2011). Security test environment for voip research. International Journal for Information Security Research, 1(1), 53–60. http://hdl.handle.net/20.500.12708/163157

Team

Business Informatics Group, TU Wien

Head


Team member

Henderik Proper

Univ.Prof. PhD

Professors


Team member

Christian Huemer

Ao.Univ.Prof. Mag.rer.soc.oec.
Dr.rer.soc.oec.

Team member

Dominik Bork

Associate Prof. Dipl.-Wirtsch.Inf.Univ.
Dr.rer.pol.

Team member

Gerti Kappel

O.Univ.Prof.in Dipl.-Ing.in
Mag.a Dr.in techn.

Team member

Henderik Proper

Univ.Prof. PhD

Visiting Scientists


Team member

Christiane Floyd

Hon.Prof.in Dr.in phil.

Team member

Johanna Barzen

Dr. phil.

Administration



Researchers


Team member

Aleksandar Gavric

Univ.Ass. MEng. B.Eng.


Team member

Galina Paskaleva

Projektass.in Dipl.-Ing.in
Dipl.-Ing.in BSc

Team member

Marianne Schnellmann

Univ.Ass.in BSc MSc

Team member

Marion Murzek

Senior Lecturer Mag.a rer.soc.oec.
Dr.in rer.soc.oec.

Team member

Marion Scholz

Senior Lecturer Dipl.-Ing.in
Mag.a rer.soc.oec.

Team member

Miki Zehetner

Univ.Ass. DI Bakk.rer.soc.oec. MSc

Team member

Syed Juned Ali

Univ.Ass. BSc MSc

External Researchers




Team member

Marco Huymajer

Univ.Ass. Dipl.-Ing.