Hanno Langweg

Learn More
Software for the creation of digital signatures performs a delicate task. The signatory has to trust the manufacturer of the software that it will work in the intended way. Signing a document electronically will have legal consequences in a growing number of countries, therefore the security of the signing software is an important issue. In the past, Trojan(More)
velopers profit from a classification as it helps them to This paper presents a classification of attacks by malicious software. Unlike previous schemes, it focuses on application software instead of operating systems. We classify attacks pertaining to input, processing, and output of an application. Our scheme can be used to adapt testing strategies and is(More)
Digital signatures are a key technology for many Internet-based commercial and administrative applications and, therefore, an increasingly popular target of attacks. Due to their strong cryptographic properties an attacker is more likely to subvert them with malicious software, ie Trojan horse programs. We show that by fusing two techniques, our(More)
We survey existing security metrics in software architecture and software engineering. Metrics are adapted to indicate resistance of an application against local malicious software (malware) attacks. A repository of generic attacks is presented as well as the concept of resistance classes for software products.
Electronic signatures are introduced by more and more countries as legally binding means for signing electronic documents with the primary hope of boosting e-commerce and e-government. Given that the underlying cryptographic methods are sufficiently strong, attacks by Trojan horse programs on electronic signatures are becoming increasingly popular. Most of(More)
Technology aimed at making life easier for game developers is an issue of controversy among security experts. Objections arise out of concerns of stability of a gamefriendly platform. However, this kind of programming interfaces can be used to promote security as well. We use Microsoft’s DirectX platform to access input and output devices directly. Thereby(More)
To ensure that the potential evidence is readily available in an acceptable form when an incident or a crime occurs, we propose a resource-based event reconstruction prototype that corresponds to different phases of digital forensics framework, and demonstrate its feasibility by assessing the applicability of existing open-source applications to the(More)