Wien, Wien, Österreich
1850 Follower:innen 500+ Kontakte

Anmelden, um das Profil zu sehen

Serviceleistungen

Angebot anfordern

Aktivitäten

Anmelden, um alle Aktivitäten zu sehen

Berufserfahrung und Ausbildung

  • Offensive.one

Gesamte Berufserfahrung von Andreas Happe anzeigen

Jobbezeichnung, Beschäftigungsdauer und mehr ansehen.

oder

Wenn Sie auf „Weiter“ klicken, um Mitglied zu werden oder sich einzuloggen, stimmen Sie der Nutzervereinbarung, der Datenschutzrichtlinie und der Cookie-Richtlinie von LinkedIn zu.

Bescheinigungen und Zertifikate

Mitglied werden, um alle Zertifikate anzuzeigen

Veröffentlichungen

  • Getting pwn'd by AI: Penetration Testing with Large Language Models

    ESEC/FSE ’23, December 3–9, 2023, San Francisco, CA, USA

    The field of software security testing, more specifically penetration testing, requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential use of
    large-language models, such as GPT3.5, to augment penetration testers with AI sparring partners. We explore two distinct use cases: high-level task planning for security testing assignments and low-
    level vulnerability hunting within a vulnerable virtual machine.

    For the latter,…

    The field of software security testing, more specifically penetration testing, requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential use of
    large-language models, such as GPT3.5, to augment penetration testers with AI sparring partners. We explore two distinct use cases: high-level task planning for security testing assignments and low-
    level vulnerability hunting within a vulnerable virtual machine.

    For the latter, we implemented a closed-feedback loop between LLM-generated low-level actions with a vulnerable virtual machine (connected through SSH) and allowed the LLM to analyze the machine state for vulnerabilities and suggest concrete attack vectors which were automatically executed within the virtual machine. We discuss promising initial results, detail avenues for improvement,
    and close deliberating on the ethics of AI sparring partners.

    Andere Autor:innen
    Veröffentlichung anzeigen

  • Understanding Hackers' Work: An Empirical Study of Offensive Security Practitioners

    ESEC/FSE ’23, December 3–9, 2023, San Francisco, CA, USA

    Offensive security-tests are commonly employed to pro-actively discover potential vulnerabilities. They are performed by specialists, also known as penetration-testers or white-hat hackers. The chronic
    lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve
    this, researchers and tool builders need a solid understanding of how hackers…

    Offensive security-tests are commonly employed to pro-actively discover potential vulnerabilities. They are performed by specialists, also known as penetration-testers or white-hat hackers. The chronic
    lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve
    this, researchers and tool builders need a solid understanding of how hackers work, their assumptions, and pain points.

    In this paper, we present a first data-driven exploratory qualitative study of twelve security professionals, their work and problems occurring therein. We perform a thematic analysis to gain insights into the execution of security assignments, hackers’ thought processes and encountered challenges. This analysis allows us to conclude with recommendations for researchers and tool builders, to increase the efficiency of their automation and identify novel areas
    for research.

    Andere Autor:innen
    Veröffentlichung anzeigen

  • Enhancing Cloud Security and Privacy: Time for a New Approach?

    The Sixth International Conference on Innovative Computing Technology (INTECH 2016)

    Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of unikernel based…

    Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of unikernel based systems. The main thrust of this paper is to discuss the key issues which need to be addressed, noting which of those might be covered by our proposed approach. We discuss how our proposed approach may help better address the key security issues we have identified.

    Andere Autor:innen

  • PBFT and Secret-Sharing in Storage Settings

    Twenty-fourth International Workshop on Security Protocols, At Brno, Czech Republic

    Recent publications combine secret-sharing with byzantine fault-tolerant distribution schemes into safe and secure storage systems. To our knowledge current publications describe chosen algorithms and implementations but do not highlight areas of conflict between secret-sharing and BFT algorithms in a systematic fashing. This paper presents different concrete problem areas and suggests possible solutions.

    Andere Autor:innen

  • Quantum Key Distribution Software maintained by AIT

    QCMC 2012

    Andere Autor:innen
    Veröffentlichung anzeigen

  • Timing synchronization with photon pairs for quantum communications

    QCMC 2012

    Andere Autor:innen
    Veröffentlichung anzeigen

  • The SECOQC quantum key distribution network in Vienna

    New Journal of Physics

    In this paper, we present the quantum key distribution (QKD) network designed and implemented by the European project SEcure COmmunication based on Quantum Cryptography (SECOQC) (2004–2008), unifying the efforts of 41 research and industrial organizations. The paper summarizes the SECOQC approach to QKD networks with a focus on the trusted repeater paradigm. It discusses the architecture and functionality of the SECOQC trusted repeater prototype, which has been put into operation in Vienna in…

    In this paper, we present the quantum key distribution (QKD) network designed and implemented by the European project SEcure COmmunication based on Quantum Cryptography (SECOQC) (2004–2008), unifying the efforts of 41 research and industrial organizations. The paper summarizes the SECOQC approach to QKD networks with a focus on the trusted repeater paradigm. It discusses the architecture and functionality of the SECOQC trusted repeater prototype, which has been put into operation in Vienna in 2008 and publicly demonstrated in the framework of a SECOQC QKD conference held from October 8 to 10, 2008.

    Andere Autor:innen
    Veröffentlichung anzeigen

  • ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing

    IEEE CloudCom 2015

    Cloud based collaboration give rise to many new applications and business opportunities in both domains, business and private. However building such systems in a secure and robust manner is a challenging tasks. We present a new architecture and prototype implementation for secure data sharing called ARCHISTAR, which is based on distributed storage technology and avoids any single point of trust or failure. It protects user data for confidentiality, integrity and availability – even from cloud…

    Cloud based collaboration give rise to many new applications and business opportunities in both domains, business and private. However building such systems in a secure and robust manner is a challenging tasks. We present a new architecture and prototype implementation for secure data sharing called ARCHISTAR, which is based on distributed storage technology and avoids any single point of trust or failure. It protects user data for confidentiality, integrity and availability – even from cloud providers – and resist active attacks or failures in a resilient way.

    Andere Autor:innen

  • Exchanging Database Writes with modern Cryptography

    The First International Conference on Advances in Cyber-Technologies and Cyber-Systems CYBER2016, At Italy

    Modern cryptography provides for new ways of solving old problems. This paper details how HMACs or AEAD can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical ``forgot password'' use-cases. As…

    Modern cryptography provides for new ways of solving old problems. This paper details how HMACs or AEAD can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical ``forgot password'' use-cases. As there is no temporary data stored within the server database system, there is no possibility of creating orphaned or abandoned data records. However, this new approach is not generic and can only be applied if implemented use-cases fulfill requirements. This requirements and implications are also detailed within this paper. All examples are based upon common ``user sign-up''- and ``password forgotten/reset''-functionalities.

    Andere Autor:innen

  • New release of an open source QKD software: design and implementation of new algorithms, modularization and integration with IPSec

    -

    Quantum Key Distribution (QKD) involves in a first step a physical exchange of quantum signals between a pair of devices, which can be carried out in numerous different ways. Whatever the realization of this ”physical layer” of QKD is, it outputs a pair of strongly correlated bit strings. The latter have then to be distilled by a fundamentally universal classical, post-processing protocol to yield Information Theoretically Secure (ITS)
    keys. Post-processing communication requires…

    Quantum Key Distribution (QKD) involves in a first step a physical exchange of quantum signals between a pair of devices, which can be carried out in numerous different ways. Whatever the realization of this ”physical layer” of QKD is, it outputs a pair of strongly correlated bit strings. The latter have then to be distilled by a fundamentally universal classical, post-processing protocol to yield Information Theoretically Secure (ITS)
    keys. Post-processing communication requires communication channel authentication, itself using key material. Key management in well defined crypto contexts is therefore a must for ITS post processing operation. Moreover real world QKD systems need to be seamlessly integrated in standard communication and to inter-operate with higher level applications providing communication security.

    Andere Autor:innen
    Veröffentlichung anzeigen

Sprachen

  • German

    Muttersprache oder zweisprachig

  • English

    Verhandlungssicher

Erhaltene Empfehlungen

1 Person hat Andreas Happe empfohlen

Jetzt anmelden und ansehen

Weitere Aktivitäten von Andreas Happe

Andreas Happes vollständiges Profil ansehen

  • Herausfinden, welche gemeinsamen Kontakte Sie haben
  • Sich vorstellen lassen
  • Andreas Happe direkt kontaktieren
Mitglied werden. um das vollständige Profil zu sehen

Weitere Beiträge entdecken

Entwickeln Sie mit diesen Kursen neue Kenntnisse und Fähigkeiten

Alle Kurse anzeigen