Steffen Wendzel/My Computer Science Research Topics

My research subjects are network covert channels, network protocol engineering, network security, and building automation security.

Publications: see here

• Teaching and supervision of theses and student projects
• Working for the IT4SE research project
• attending as a guest researcher for two times (in total for three months) at the University of Waikato, NZ via project IT4SE (Prof. Dr. Rist, Dr. Masoodian)
• Co-organizing the 1st and the 3rd IT4SE workshop in Augsburg
• Currently working on first research funding applications (BMBF, EU)
• Writing reviews for journals/books, cf. publications section

My main research subject are covert channels. Here is a list of covert channel-related work already done:

i-a) Theses

• In progress: Ph.D. student in the area of network covert channels and protocol engineering at the chair of parallel computing and VLSI (University of Hagen).
• 2010/2011: Master's Thesis (in German): 'Analyse der Detektions- und Präventionsmethoden für verdeckte Kanäle', Augsburg University of Applied Sciences.
• 2008/2009: Diploma Thesis (in German): 'Protokollwechselbasierte Covert Channels und Headerstrukturveränderungen zur Vermeidung von Covert Channels' (see publications). This thesis covers protocol channels as well as protocol hopping covert channels and introduces a technique called 'Headerstrukturveränderung' used to prevent covert storage channels.

i-b) Scientific publications

• see publications/#scientific

i-c) Some covert channel research topics

• 2012: Detecting and discussing the two-army problem for network covert channel's network environment learning phase (cf. publications section for the paper at SICHERHEIT 2012)
• 2011: Paper with J. Keller: " Low-attention forwarding for mobile network covert channels" (see publications) on upgradable covert channel overlay network infrastructure, protocol switching capabilites based on a covert channel's use-case, and optimized forwarding in covert channel proxy chains for keeping a low profile.
• 2008/2009: Protocol Channels (Network covert channels; as good as undetectable; they signal information by only changing a protocol).
• 2007/2008: Protocol Hopping Covert Channels (Network covert channels able to switch their underlying protocol at runtime in a transparent way).

ii) Software Projects

My covert channel-related proof of concept codes as well as the Open Covert Channel Detector (OpenCCD) can be found here.

iii) Misc

I created a mailing list for covert channel discussions (can be found here). The archive of the old version of this mailing list can be found here.

• 2008: KSPIDS -- kernel service profile intrusion detection system; a user profile IDS like FUPIDS but for the Linux Kernel
• 2008: pct -- a proof of concept implemtation of a 'protocol channel'
• 2007: phcct -- a proof of concept implementation of a 'protocol hopping covert channel'
• 2007: Hardened Linux Hardening Scripts (HLHS) -- hardening assistant scripts for the Hardened Linux security distribution.
• 2006-2008: Hardened Linux -- a Slackware Linux based security distribution I founded and lead. This distribution is secured by default (contains a hardened configuration, security restrictions, GRSecurity/PAX kernel patch, gcc stack smashing protected packages, hardening scripts, ...). I had to stop the project due to a lack of time and developers.
• 2006: very strange tunneling tool -- tunneling tool able to use different protocols as well as different inputs (socket, fifo)
• 2006: openportd -- port knocking service for OpenBSD
• 2003: FUPIDS -- a user profile IDS patch for the OpenBSD kernel

See list of publications.

• 2006: OpenBSD pscan port (pscan is a source code security scanner)
• 2005/2006: different source code patches for OpenBSD, tcpdump, icmpinfo and some Linux distributions ...
• a number of bug-reports for open source software projects (mainly Slackware, Debian, ...)