April 2008 Archives

NASK announces participation to WOMBAT

|

Symantec announces participation to the WOMBAT project

|

Hispasec announces participation to WOMBAT on its blog

|

Contribution of NASK

|
Partner description
The Research and Academic Computer Network (NASK) is a research and development unit active in Poland since March 1991. It was set up to connect Poland and the scientific-academic community to the Internet. Currently, NASK is one of the main Internet Service Providers in Poland and operator of the '.pl' country top level domain. The primary NASK group that will take part in the project is CERT (Computer Emergency Response Team) Polska, a team within NASK, set up to handle Internet security incidents for the '.pl' constituency. It will be supported by members of the NASK Research Division. CERT Polska has been operational since 1996 (until 2000 known as CERT NASK). The team cooperates with other IRTs from around the world under the auspices of FIRST (Forum of Incident Response Security Teams) and with many ISPs, banks and government institutions in Poland. It also runs ARAKIS, a nation-wide early warning system, that uses a large distributed network of sensors located in various Polish institutions to collect and analyze network activity to detect new threats. CERT Polska has contributed to EU funded projects, under FP5 (eCSIRT.net) and the Safer Internet Action Plan (SpotSpam and NIFC Hotline Polska). Representatives from NASK, including CERT Polska team members play active roles (Management Board member, National Liaison Officer and Working Group members) in cooperation with ENISA.
Partner specific involvement in the wombat project
NASK has extensive practical experience in the area of honeypot technology achieved through the design, implementation, deployment and maintenance of a wide network of honeypot based sensors (one of the initial data sources for WOMBAT). The CERT contribution will be unique as it will be based on over a 10 year practical experience in security incident handling. The team will focus on the development of threat intelligence acquisition from a CERT perspective (WP5). Moreover, it will engage in state of the art analysis, formulation of requirements (WP2), design of interfaces between WOMBAT and the ARAKIS system (WP3), testing of new sensors (WP3), as well as the evaluation of the proposed data enrichment and malware characterization methods (WP4). Dissemination will also be handled, in particular in the IRT community (WP6).

Contribution of France Télécom R&D

|
Partner description
France Télécom R&D is the corporate research and development arm of France Télécom, in charge of specifying, implementing and testing advanced services for the company. The group involved in the project is the Network and Services Security (NSS) laboratory of the Middleware and Advanced Platforms (MAPS) research and development center. The NSS laboratory is 65 people strong and covers all areas of research and development in information systems security. Beyond security engineering, the laboratory has a strong focus on research, funding more than 12 man-years on research issues, hosting 10 PhD students and managing external research contracts with leading French research institutions such as Supélec or the Groupement des Ecoles de Telecommunications (GET). The laboratory also contributes to several European projects, such as Ecrypt (NoE), Artist (NoE), Resist (NoE), Diadem (STREP) and Daidalos (IP).
Partner specific involvement in the wombat project
France Télécom R&D is the project coordinator; it has exhaustive experience in handling collaborative research projects at the European level. Furthermore, France Télécom R&D has significant research contributions in the project related to malware collection and analysis. As a participant to several honeypot alliances and an operator of specific wireless honeypot technologies, France Télécom will produce scientific research results for the project. As an industrial partner, France Télécom wishes to exploit the project results during the development of the LiveboxTM home or SME Internet gateway, and the hardening of its networking infrastructure. In WP3, France Télécom will contribute alternative honeypot technologies, related to wireless networks and to clientside honeypots. In WP4, France Télécom will develop new malware models using grammars to describe their behavior, and will use these grammars in WP5 to evaluate the detection capabilities of the tools we have in place for detecting malware propagation.

WOMBAT Workshop, April 21st-22nd, Amsterdam, NL

|
On April 21st-22nd, the WOMBAT project will organize an invitation-only workshop (located in Amsterdam, Netherlands) to address the difficulties in collaboration and attack data sharing. The discussion will address standards for data exchange, infrastructural challenges, and the resolution of privacy and competition issues in data sharing. The project partners will present the vision of the project, and a draft version of our requirements analysis. The invited participants will share their own technical infrastructures and research directions. Some of the revised papers presented at the workshop will be released in a volume of proceedings.

Update: The proceedings are published by IEEE in their electronic library.
http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=4627300