Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy

TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009. [pdf]

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

2009 - Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy

Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009. [pdf]

MalOffice - Detecting malicious documents with combined static and dynamic analysis

2009 - Markus Engelberth, Carsten Willems, Thorsten Holz

Virus Bulletin Conference, Geneva, Switzerland, September 2009 [Presentation]

Sichere Webanwendungen

2008 - Mario Heiderich, Christian Matthies, Johannes Dahse, fukami

GALILEO PRESS, Auflage 1, ISBN-10: 3836211947, ISBN-13: 978-3836211949

Towards Next-Generation Botnets

2008 - Ralf Hund, Matthias Hamann, Thorsten Holz

European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008 [PDF]

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

2008 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger

STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008. [pdf]

Analyzing Mobile Malware

2008 - Michael Becher, Ralf Hund

Chapter 8 in "Mobile Malware Attacks and Defense", Syngress Media, October 2008

As the Net Churns: Fast-Flux Botnet Observations

2008 - Jose Nazario, Thorsten Holz

International Conference on Malicious and Unwanted Software, October 2008 [pdf]

Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing

2008 - Felix Freiling, Thorsten Holz, Martin Mink

In­ter­na­tio­nal Con­fe­rence on IT Se­cu­ri­ty In­ci­dent Ma­nage­ment & IT Fo­ren­sics (IMF), Mannheim, Ger­ma­ny, September 2008 [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008. [pdf] [bibtex]

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

2008 - Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy

INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Learning and Classification of Malware Behavior

2008 - Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, July 2008 [PDF]

Studying Malicious Websites and the Underground Economy on the Chinese Web

2008 - Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou

Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008 [pdf]

Kernel-Level Interception and Applications on Mobile Devices

2008 - Michael Becher, Ralf Hund

Technical Report TR-2008-003, Universität Mannheim, May 2008 [PDF]

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

2008 - Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling

USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008 [pdf]

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

2008 - Ali Ikinci, Thorsten Holz, Felix Freiling

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award** [pdf]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008. [PDF]

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

2008 - Jan Göbel, Thorsten Holz

DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008 [pdf]

Measuring and Detecting Fast-Flux Service Networks

2008 - Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling

Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008 [pdf]

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

2007 - Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou

International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007 [pdf]

Virtual Honeypots - From Botnet Tracking to Intrusion Detection

2007 - Niels Provos, Thorsten Holz

Addison-Wesley Professional; 1. edition, 440 pages [Link]

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

2007 - Thorsten Holz, Jan Goebel, Carsten Willems

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007 [PDF]

Trusted User-Aware Web Authentication

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy,

Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007. [PDF]

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

2007 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007. [pdf]

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

2007 - Jan Göbel, Thorsten Holz

USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 2007 [pdf]

Toward Automated Dynamic Malware Analysis Using CWSandbox

2007 - Carsten Willems, Thorsten Holz, Felix C. Freiling

IEEE Security & Privacy, Volume 5, Number 2, Pages 32-39, March/April 2007 [PDF]

Compartmented Security for Browsers

2007 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007. [pdf]

Advanced Honeypot-based Intrusion Detection

2006 - Jan Göbel, Jens Hektor, Thorsten Holz

USE­NIX ;login:, Vo­lu­me 31, Issue 6, Pages 18-23, De­cem­ber 2006 [Link] [pdf]

Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

2006 - Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

TCG Inside? - A Note on TPM Specification Compliance

2006 - Ahmad-Reza Sadeghi, Christian Wachsmann, Marcel Selhorst, Christian Stüble, Marcel Winandy

In Proceedings of the first ACM Workshop on Scalable Trusted Computing (ACMSTC), Alexandria, Virginia, USA, November 3, 2006, pages 47-56. ACM Press, 2006.

A Comparative Study of Teaching Forensics at a University Degree Level

2006 - Philip Anderson, Maximillian Dornseif, Felix Freiling, Thorsten Holz, Alastair Irons, Christopher Laing, Martin Mink

International Conference on IT Security Incident Management & IT Forensics (IMF), Stuttgart, Germany, October 2006 [pdf]

Security Architecture for Device Encryption and VPN

2006 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Ammar Alkassar, Michael Scheibel

Accepted for ISSE (Information Security Solution Europe) 2006 [Springer Link]

The Nepenthes Platform: An Efficient Approach to Collect Malware

2006 - Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling

9th International Symposium on Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, September 2006 [pdf]

The Effect of Stock Spam on Financial Markets

2006 - Rainer Böhme, Thorsten Holz

Workshop on the Economics of Information Security (WEIS), University of Cambridge, June 2006 [SSRN Link]

Design and Implementation of the Honey-DVD

2006 - Maximillian Dornseif, Felix Freiling, Nils Gedicke, Thorsten Holz

IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2006 [pdf]

Design and Implementation of a Secure Linux Device Encryption Architecture

2006 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel

LinuxTag 2006. [pdf]

Safety, Liveness, and Information Flow: Dependability Revisited

2006 - Zinaida Benenson, Felix Freiling, Thorsten Holz, Dogan Kesdogan, Lucia Draque Penso

ARCS Workshop on Dependability and Fault-Tolerance, Frankfurt am Main, Germany, March 2006 [pdf]

Effektives Sammeln von Malware mit Honeypots

2006 - Thorsten Holz, Georg Wicherski

DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, March 2006 [pdf]

New Threats and Attacks on the World Wide Web

2006 - Thorsten Holz, Simon Marechal, Frédéric Raynal

IEEE Security & Privacy Volume 4, Issue 2, Pages 72-75, March 2006 [pdf]

Learning More About Attack Patterns With Honeypots

2006 - Thorsten Holz

GI Sicherheit - Schutz und Zuverlässigkeit, Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik, Magdeburg, February 2006 [pdf]

Spying With Bots

2005 - Thorsten Holz

USENIX ;login:, Volume 30, Issue 6, Pages 18-23, December 2005 [Link] [pdf]

Security Measurements and Metrics for Networks

2005 - Thorsten Holz

Dependability Metrics (Lecture Notes in Computer Science 4909, Advanced Lectures), pages 157-165, 2005 [Link]

Multilateral Security Considerations for Adaptive Mobile Applications

2005 - Adrian Spalka, Armin B. Cremers, Marcel Winandy

Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), pp. 133-137, INSTICC, 2005.

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

2005 - Felix Freiling, Thorsten Holz, Georg Wicherski

European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 2005 [pdf]

A Pointillist Approach for Comparing Honeypots

2005 - Fabien Pouget, Thorsten Holz

Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Vienna, Austria, July 2005 [pdf]

Detecting Honeypots and Other Suspicious Environments

2005 - Thorsten Holz, Frederic Raynal

IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2005 [pdf]

A Short Visit to the Bot Zoo

2005 - Thorsten Holz

IEEE Security & Privacy, Volume 3, Issue 3, Pages 76-79, May 2005 [pdf]

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy

2005 - Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Marcel Selhorst, Oska Senft

DuD Heft 9-05, Trusted Computing News.

Vulnerability Assessment using Honeypots

2004 - Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz

PIK - Praxis der Informationsverarbeitung und Kommunikation, Volume 27, Issue 4, Pages 195-201, December 2004 [pdf]

NoSEBrEaK - Attacking Honeynets

2004 - Maximillian Dornseif, Thorsten Holz, Christian N. Klein

IEEE Information Assurance Workshop (IAW), West Point, NY, June 2004 [pdf]