Thomas Grechenig


Image
Ao.Univ.Prof. Dipl.-Ing. Dr.techn.

Thomas Grechenig

  • About:
  • Orcid: 0009-0000-5622-8598
  • Keywords:
  • Roles: Associate Professor

Publications

Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests
Christian SchanesAndreas HüblerFlorian FankhauserThomas Grechenig

View .bib

Handle: 20.500.12708/55058; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security requirements in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. In the presented approach, we observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This is a generic method for different test targets which improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Schanes, C., Hübler, A., Fankhauser, F., & Grechenig, T. (2013). Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests. In Proceedings of the Sixth IEEE International Conference on Software Testing, Verification and Validation (pp. 453–460). IEEE. http://hdl.handle.net/20.500.12708/55058
Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models
Christian SchanesFlorian FankhauserAndreas HüblerThomas Grechenig

View .bib

Handle: 20.500.12708/55059; Year: 2013; Issued On: 2013-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: The increasing complexity of software and IT systems creates the necessity for research on technologies addressing current key security challenges. To meet security problems in IT infrastructures, a security engineering process has to be established. One crucial factor contributing to a higher level of security is the reliable detection of security vulnerabilities during security tests. We observe the behavior of the system under test and introduce machine learning methods based on derived behavior metrics. This improves the accuracy of the security test result of an automated security testing approach. Reliable automated determination of security failures in security test results increases the security quality of the tested software and avoids costly manual validation.

Schanes, C., Fankhauser, F., Hübler, A., & Grechenig, T. (2013). Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models. In Proceedings of the Fourth International Workshop on Security Testing (SECTEST 2013). The Fourth International Workshop on Security Testing (SECTEST 2013), Luxembourg, EU. IEEE. http://hdl.handle.net/20.500.12708/55059
Security test approach for automated detection of vulnerabilities of sip-based voip softphones.
Christian SchanesStefan TaberKarin PoppFlorian FankhauserThomas Grechenig

View .bib

Handle: 20.500.12708/163156; Year: 2011; Issued On: 2011-01-01; Type: Publication; Subtype: Article;

Keywords:
Astract: Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.

Schanes, C., Taber, S., Popp, K., Fankhauser, F., & Grechenig, T. (2011). Security test approach for automated detection of vulnerabilities of sip-based voip softphones. International Journal On Advances in Security, 4(1 & amp;2), 95–105. http://hdl.handle.net/20.500.12708/163156
Security test environment for voip research
Florian FankhauserMaximilian RonnigerChristian SchanesThomas Grechenig

View .bib

Handle: 20.500.12708/163157; Year: 2011; Issued On: 2011-01-01; Type: Publication; Subtype: Article;

Keywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn't considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes

Fankhauser, F., Ronniger, M., Schanes, C., & Grechenig, T. (2011). Security test environment for voip research. International Journal for Information Security Research, 1(1), 53–60. http://hdl.handle.net/20.500.12708/163157
Trapping and analyzing malicious voip traffic using a honeynet approach.
Markus GruberFlorian FankhauserStefan TaberChristian SchanesThomas Grechenig

View .bib

Handle: 20.500.12708/54037; Year: 2011; Issued On: 2011-01-01; Type: Publication; Subtype: Inproceedings; Peer Reviewed:

Keywords:
Astract: Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.

Gruber, M., Fankhauser, F., Taber, S., Schanes, C., & Grechenig, T. (2011). Trapping and analyzing malicious voip traffic using a honeynet approach. In Proceedings of the 6th International Conference on Internet Technology and Secured Transactions (pp. 442–447). IEEE. http://hdl.handle.net/20.500.12708/54037

Team

Business Informatics Group, TU Wien

Head


Team member

Henderik Proper

Univ.Prof. PhD

Professors


Team member

Christian Huemer

Ao.Univ.Prof. Mag.rer.soc.oec.
Dr.rer.soc.oec.

Team member

Dominik Bork

Associate Prof. Dipl.-Wirtsch.Inf.Univ.
Dr.rer.pol.

Team member

Gerti Kappel

O.Univ.Prof.in Dipl.-Ing.in
Mag.a Dr.in techn.

Team member

Henderik Proper

Univ.Prof. PhD

Visiting Scientists


Team member

Christiane Floyd

Hon.Prof.in Dr.in phil.

Team member

Johanna Barzen

Dr. phil.

Administration



Researchers


Team member

Aleksandar Gavric

Univ.Ass. MEng. B.Eng.

Team member

Galina Paskaleva

Projektass.in Dipl.-Ing.in
Dipl.-Ing.in BSc

Team member

Marianne Schnellmann

Univ.Ass.in BSc MSc

Team member

Marion Murzek

Senior Lecturer Mag.a rer.soc.oec.
Dr.in rer.soc.oec.

Team member

Marion Scholz

Senior Lecturer Dipl.-Ing.in
Mag.a rer.soc.oec.

Team member

Miki Zehetner

Univ.Ass. DI Bakk.rer.soc.oec. MSc

Team member

Syed Juned Ali

Univ.Ass. BSc MSc

External Researchers




Team member

Marco Huymajer

Univ.Ass. Dipl.-Ing.