Ulrich Flegel

[ up | Information Engineering | IS and Security ]

Publications and Documents

Papers which are submitted for review but are not yet accepted are not listed.

Book

Ulrich Flegel. Privacy-Respecting Intrusion Detection, volume 35 in Advances in Information Security, 2007, Springer, New York, 325 pages, ISBN-10 0-387-34346-6, ISBN-13 978-0-387-34346-4, e-ISBN-13 978-0-387-68254

Book Chapters

Ulrich Flegel, Florian Kerschbaum, Philip Miseldine, Ganna Monakova, Richard Wacker, and Frank Leymann. Insider Threats in Cyber Security, volume 49 of Advances in Information Security, chapter Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection, pages 139–171. Springer, New York, 2010.
Ulrich Flegel, Julien Vayssière, and Gunter Bitz. Insider Threats in Cyber Security, volume 49 of Advances in Information Security, chapter A State of the Art Survey of Fraud Detection Technology, pages 73–84. Springer, New York, 2010.

Journals

Ulrich Flegel, Oliver Raabe, and Richard Wacker. Technischer Datenschutz für IDS und FDS durch Pseudonymisierung. Datenschutz und Datensicherheit (DuD), 33(12):735–741, December 2009.
Ulrich Flegel. Datenschutzfreundliche Missbrauchsentdeckung (in German). Digma Vol. 5, No. 4, pages 168-171, December 2005, Schulthess.
Ulrich Flegel. Mit Affen-Spielzeug etwas über Haustiere lernen - Evaluierung von PETs mittels APES-Bausteinen (in German). Datenschutz und Datensicherheit Vol. 29, No. 7, pages 410-414, July 2005, Vieweg.
Ulrich Flegel. Anonyme Audit-Daten im Überblick (in German). Datenschutz und Datensicherheit, Vol. 27, No. 5, pages 278-281, May 2003, Vieweg.
Christian Altenschmidt and Joachim Biskup and Ulrich Flegel and Yücel Karabulut. Secure Mediation: Requirements, Design and Architecture. Journal of Computer Security, Vol. 11, No. 3, pages 365-398, June 2003, IOS Press.

Conferences and Workshops

Asadul Islam, Malcolm Corney, George Mohay, Andrew Clark, Shane Bracher, Tobias Raub, and Ulrich Flegel. Detecting collusive fraud in enterprise resource planning systems. In Gilbert Peterson and Sujeet Shenoi, editors, Proceedings of the seventh International IFIP Conference on Digital Forensics (DF 2011), Orlando, Florida, USA, January 2011. IFIP, Springer. To appear.
Ulrich Flegel. Privacy compliant internal fraud screening. In Norbert Pohlmann, Helmut Reimer, and Wolfgang Schneider, editors, Proceedings of the 12th international Conference on Information Security Solutions Europe (ISSE 2010), pages 191–199, Berlin, Germany, October 2010. EEMA, TeleTrust, Vieweg-Teubner.
Asadul Islam, Malcolm Corney, George Mohay, Andrew Clark, Shane Bracher, Tobias Raub, and Ulrich Flegel. Fraud detection in ERP systems using scenario matching. In Kai Rannenberg, Vijay Varadharajan, and Christian Weber, editors, Proceedings of the 25th International Information Security Conference (SEC 2010): Security & Privacy - Silver Linings in the Cloud, pages 112–123, Brisbane, Australien, September 2010. IFIP, Springer.
Ulrich Flegel, Johannes Hoffmann, and Michael Meier. Cooperation enablement for centralistic early warning systems. In Sung Y. Shin and Sascha Ossowski, editors, Proceedings of the 25th International ACM Symposium on Applied Computing (SAC 2010), pages 2001–2008, Sierre, Schweiz, March 2010. ACM, ACM Press.
Martin Apel, Joachim Biskup, Ulrich Flegel, and Michael Meier. Early warning system on a national level - Project AMSEL. In Till Dörges, editor, Proceedings of the International Workshop on Internet Early Warning and Network Intelligence (EWNI 2009), Hamburg, Germany, January 2010. GI.
Stanislaus Stelle and Ulrich Flegel. Towards automatic generation of separation of duty fraud scenarios. In Ulrich Flegel, editor, Proceedings of the Fourth GI Graduate Workshop on Reactive Security (SPRING), number SR-2009-01 in GI SIG SIDAR Technical Reports, Stuttgart, Germany, September 2009. GI SIG SIDAR. To appear.
Cristina Fortu and Ulrich Flegel. Modeling fraud scenarios for a RETE-based stateful rule engine with first-order capabilities. In Ulrich Flegel, editor, Proceedings of the Fourth GI Graduate Workshop on Reactive Security (SPRING), number SR-2009-01 in GI SIG SIDAR Technical Reports, Stuttgart, Germany, September 2009. GI SIG SIDAR. To appear.
Martin Apel, Joachim Biskup, Ulrich Flegel, and Michael Meier. Towards early warning systems - challenges, technologies and architectures. In Robin Bloomfield and Erich Rome, editors, Proceedings of the Fourth IFIP International Workshop on Critical In- formation Infrastructures Security (CRITIS 2009), Lecture Notes in Computer Science, pages 151–164, Bonn, Germany, September 2010. IFIP, Springer.
Luca Compagna, Ulrich Flegel, and Volkmar Lotz. Towards validating security protocol deployment in the wild. In Elisa Bertino, Vladimir Getov, and Lin Liu, editors, Proceedings of the 33rd International IEEE Computer Software and Applications Conference (COMPSAC 2009), volume 2, pages 434–438, Seattle, Washington, USA, July 2009. IEEE Computer Society.
Andreas Schaad, Philip L. Miseldine, Ulrich Flegel, and Christian Wolter. A framework for seamless and compliant service consumption in outsourcing scenarios. In Shazia Sadiq, Marta Indulska, zur Muehlen, Eric Michael, Dubois, and Paul Johannesson, editors, Proceedings of the Second International Workshop on Governance, Risk and Compliance - Applications in Informations Systems (GRCIS 2009), number 459 in CEUR Workshop Proceedings, Amsterdam, The Netherlands, June 2009.
Sebastian Schmerl, Ulrich Flegel, and Michael Meier. Systematic Signature Engineering by Re-use of Snort Signatures. In Pierangela Samarati and Charles Payne, editors, Proceedings of the 24th International IEEE Annual Computer Security Applications Conference (ACSAC 2008), pages 23–32, Anaheim, California, USA, December 2008. ACSA, IEEE Computer Society.
Philip L. Miseldine, Ulrich Flegel, and Andreas Schaad. Supporting Evidence-based Compliance Evaluation for Partial Business Process Outsourcing Scenarios. In Tetsuo Tamai, editor, Proceedings of the 16th IEEE International Requirements Engineering Conference (RE 2008), pages 31–34, Barcelona, Spanien, September 2008. IEEE Computer Society.
Ulrich Flegel, Florian Kerschbaum, and Richard Wacker. Collaborative Fraud Detection in Outsourcing Scenarios: Issues of and solutions for Privacy and Confidentiality. In Matt Bishop, Dieter Gollmann, Jeffrey Hunker, and Christian W. Probst, editors, Proceedings of the International Workshop on Countering Insider Threats, number 08302 in Dagstuhl Seminar Proceedings, Dagstuhl, Germany, December 2008. Castle Dagstuhl - Leibniz Computer Science Center, Germany.
Ulrich Flegel, Julien Vayssière, and Gunter Bitz. Fraud Detection from a Business Perspective: Future Directions and Challenges. In Matt Bishop, Dieter Gollmann, Jeffrey Hunker, and Christian W. Probst, editors, Proceedings of the International Workshop on Countering Insider Threats, number 08302 in Dagstuhl Seminar Proceedings, Dagstuhl, Germany, December 2008. Castle Dagstuhl - Leibniz Computer Science Center, Germany.
Khaled Gaaloul, Andreas Schaad, Ulrich Flegel, and Francois Charoy. A Secure Task Delegation Model for Workflows. In Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2008), pages 10-15, Cap Esterel, France, August 2008. IEEE Computer Society.
Marc Dacier, Ulrich Flegel, Ralph Holz, and Norbert Luttenberger. Intrusion and Fraud Detection for Web Services. In Georg Carle, Falko Dressler, Richard A. Kemmerer, Hartmut König, and Christopher Krügel, editors, Proceedings of the International Perspectives Workshop on Network Attack Detection and Defense, number 08102 in Dagstuhl Seminar Proceedings, Dagstuhl, Germany, May 2008. Castle Dagstuhl - Leibniz Computer Science Center, Germany.
Michael Meier, Ulrich Flegel, Sebastian Schmerl. Efficiency Issues of Rete-based Expert Systems for Misuse Detection. In Pierangela Samarati and Charlie Payne, editors, Proceedings of the 23rd International IEEE Annual Computer Security Applications Conference (ACSAC 2007), pages 151-160, Miami Beach, Florida, USA, December 2007, IEEE Computer Society.
Ulrich Flegel, Michael Meier. Authorization Architectures for Privacy-respecting Surveillance. In Javier Lopez, Pierangela Samarati and Josep L. Ferrer, editors, Proceedings of the Fourth European Workshop: Theory and Practice (EuroPKI 2007), number 4582 in Lecture Notes in Computer Science, pages 1-17, Palma de Mallorca, Spain, June 2007, Springer.
Ulrich Flegel, Michael Meier. Herausforderungen für eine effektive, effiziente und datenschutzgerechte IT-Frühwarnung. In Proceedings of the BSI Workshop on "IT-Frühwarnsysteme", pages 39-42, Bonn, Germany, July 2006, Bundesamt für Sicherheit in der Informationstechnik.
Ulrich Flegel, Joachim Biskup. Requirements of Information Reductions for Cooperating Intrusion Detection Agents. In Günter Müller, editor, Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), number 3995 in Lecture Notes in Computer Science, pages 466-480, Freiburg, Germany, June 2006, Springer.
Sebastian Schmerl, Hartmut König, Ulrich Flegel, Michael Meier. Simplifying Signature Engineering by Reuse. In Günter Müller, editor, Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), number 3995 in Lecture Notes in Computer Science, pages 436-450, Freiburg, Germany, June 2006, Springer.
Sebastian Schmerl, Ulrich Flegel, Michael Meier. Vereinfachung der Signaturentwicklung durch Wiederverwendung. In Jana Dittmann, editor, Proceedings of the Third GI Conference on "Sicherheit - Schutz und Zuverlässigkeit", number P-77 in Lecture Notes in Informatics, pages 201-212, Magdeburg, Germany, February 2006, Köllen.
Ulrich Flegel. Evaluating the Design of an Audit Data Pseudonymizer Using Basic Building Blocks for Anonymity. In Hannes Federrath, editor, Proceedings of the Second GI Conference on "Sicherheit - Schutz und Zuverlässigkeit", number P-62 in Lecture Notes in Informatics, pages 221-232, Regensburg, Germany, April 2005, Köllen; see also longer version in a technical report.
Ulrich Flegel. Ein Architektur-Modell für anonyme Autorisierungen und Überwachungsdaten (in German). In Rüdiger Grimm, Hubert B. Keller and Kai Rannenberg, editors, Proceedings of the First GI Conference on "Sicherheit - Schutz und Zuverlässigkeit", Mit Sicherheit Informatik, number P-36 in Lecture Notes in Informatics, pages 293-304, Frankfurt, Germany, September/October 2003, Köllen; see also longer version in a technical report.
Ulrich Flegel and Markus Kommnick. Integration von Verwundbarkeits-Analyse und Netzwerk-Management mittels Vulture (in German). In Rolf Schaumburg and Marco Thorbrügge, editors, Proceedings of the 10th Workshop on "Sicherheit in vernetzten Systemen", pages K1-K12, Hamburg, Germany, February 2003, Books on Demand.
Ulrich Flegel. Praktikabler Datenschutz für Log-Daten (in German). In Rolf Schaumburg and Marco Thorbrügge, editors, Proceedings of the 10th Workshop on "Sicherheit in vernetzten Systemen", pages F1-F20, Hamburg, Germany, February 2003, Books on Demand.
Ulrich Flegel. Pseudonyme für Datenschutz und Überwachung: Anforderungen, Ansatz, Implementierung und Analyse (in German). In Proceedings of the Informatiktage 2002, pages 307-311, Bad Schussenried, Germany, November 2002, Konradin.
Ulrich Flegel. Pseudonymizing Unix Log Files. In George Davida, Yair Frankel and Owen Rees, editors, Proceedings of the International Conference on Infrastructure Security (InfraSec2002), number 2437 in Lecture Notes in Computer Science, pages 162-179, Bristol, United Kingdom, October 2002, Springer; see also longer version.
Joachim Biskup and Ulrich Flegel. Ausgleich von Datenschutz und Überwachung mit technischer Zweckbindung am Beispiel eines Pseudonymisierers (in German). In Sigrid Schubert, Bernd Reusch and Norbert Jesse, editors, Informatik bewegt, Proceedings of the 32nd Conference of the Gesellschaft für Informatik e.V.(GI) (Informatik 2002), number P-19 in Lecture Notes in Informatics, pages 488-494, Dortmund, Germany, October 2002, Köllen; see also longer version.
Joachim Biskup and Ulrich Flegel. On Pseudonymization of Audit Data for Intrusion Detection. In Hannes Federrath, editor, Designing Privacy Enhancing Technologies, number 2009 in Lecture Notes in Computer Science, pages 161-180, Berkeley, California, USA, July 2000, Springer, Heidelberg, 2001; see also longer version.
Joachim Biskup and Ulrich Flegel. Threshold-based Identity Recovery for Privay Enhanced Applications. In Sushil Jajodia and Pierangela Samarati, editors, Proceedings of the 7th International ACM Conference on Computer and Communications Security (CCS 2000), pages 71-79, Athens, Greece, November 2000, ACM Press.
Joachim Biskup and Ulrich Flegel. Transaction-Based Pseudonyms in Audit-Data for Privacy Respecting Intrusion Detection. In Hervé Debar, Ludovic Mé and S. Felix Wu, editors, Proceedings of the Third International Symposium on Recent Advances in Intrusion Detection (RAID 2000), number 1907 in Lecture Notes in Computer Science, pages 28-48, Toulouse, France, October 2000, Springer.
Joachim Biskup and Ulrich Flegel. On Pseudonymization of Audit Data for Intrusion Detection. In Hannes Federrath, editor, Preproceedings of the International Workshop on Design Issues in Anonymity and Unobservability, pages 147-164, Berkeley, California, USA, July 2000, TR-00-011, International Computer Science Institute, 1947 Center St., Suite 600, Berkeley, California 94704-1198, USA.
Joachim Biskup, Ulrich Flegel and Yücel Karabulut. Secure Mediation: Requirements and Design. In Sushil Jajodia, editor, Database Security XII - Status and Prospects, pages 127-140, Chalkidiki, Greece, July 1998. Kluwer Academic Publishers, 1999; see also longer version in preproceedings.
Joachim Biskup, Ulrich Flegel and Yücel Karabulut. Towards Secure Mediation. In Alexander Böhm, Dirk Fox, Rüdiger Grimm and Detlef Schoder, editors, Sicherheit und Electronic Commerce - Konzepte, Modelle, technische Möglichkeiten, DuD-Fachbeiträge, pages 93-106, Essen, Germany, October 1998, Vieweg.
Joachim Biskup, Ulrich Flegel and Yücel Karabulut. Secure Mediation: Requirements and Design. In Preproceedings of the 12th International IFIP WG 11.3 Working Conference on Database Security, Chalkidiki, Greece, July 1998.

Theses

Ulrich Flegel. Pseudonymizing Audit Data for Privacy Respecting Misuse Detection, Dissertation / Ph.D. Thesis, Dortmund, January 2006.
Ulrich Flegel. Sicherheitsaspekte in TCP/IP-Rechnernetzen (in German), Diploma Thesis, Braunschweig, June 1997.

Edited Books, Proceedings and Journal Issues

Ulrich Flegel, editor. Proceedings of the Fourth GI Graduate Workshop on Reactive Security (SPRING), number SR-2009-01 in GI SIG SIDAR Technical Reports, Stuttgart, Germany, September 2009. GI SIG SIDAR. To appear.
Ulrich Flegel, Danilo Bruschi, editors. Proceedings of the Sixth GI International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2009), Lecture Notes in Computer Science, Milan, Italy, July 2009. GI SIG SIDAR, Springer.
Ulrich Flegel, editor. Special Issue on Reactive Security – Worm Detection and Vulnerability Assessment, Journal in Computer Virology, (4)3, August 2008.
Ulrich Flegel, Thorsten Holz, editors, Proceedings of the Third GI Graduate Workshop on Reactive Security (SPRING), Technical Report SR-2008-01, Mannheim, Germany, August 2008, GI SIG SIDAR.
Ulrich Flegel, editor, Proceedings of the Second GI Graduate Workshop on Reactive Security (SPRING), Technical Report SR-2007-01, Berlin, Germany, July 2007, GI SIG SIDAR.
Ulrich Flegel, editor, Proceedings of the First GI Graduate Workshop on Reactive Security (SPRING), Technical Report SR-2006-01, Berlin, Germany, July 2006, GI SIG SIDAR.
Ulrich Flegel, Marit Hansen, Michael Meier, guest editors, Special Issue on Incident Management. Datenschutz und Datensicherheit, (29)7, July 2005, Vieweg.
Michael Meier, Ulrich Flegel, Hartmut König, guest editors, Special Issue on Reactive Security - Intrusion Detection, Honeypots, and Vulnerability Assessment. Praxis der Informationsverarbeitung und Kommunikation, (27)4, December 2004, K. G. Saur.
Ulrich Flegel, Michael Meier, editors, Proceedings of the First GI Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004), number P-46 in Lecture Notes in Informatics, Dortmund, Germany, July 2004, GI SIG SIDAR, Köllen.

Technical Reports

Ulrich Flegel. Evaluating the Design of an Audit Data Pseudonymizer Using Basic Building Blocks for Anonymity, Dortmund, January 2005.
Ulrich Flegel. Ein Architektur-Modell für anonyme Autorisierungen und Überwachungsdaten (in German), Dortmund, June 2003.
Joachim Biskup and Ulrich Flegel. Ausgleich von Datenschutz und Überwachung mit technischer Zweckbindung am Beispiel eines Pseudonymisierers (in German), Dortmund, August 2002.
Ulrich Flegel. Pseudonymizing Unix Log Files, Dortmund, May 2002.
Ulrich Flegel. Gesine - Gesicherter Netzwerkzugang: Technische und administrative Aspekte zum Vorhaben (in German), internal paper concerning technical and administrative aspects for restructuring the chair networks, August 2001.
Ulrich Flegel. Gesine - Gesicherter Netzwerkzugang: Strategische Aspekte zum Vorhaben (in German), paper for the department of computer science concerning strategic aspects for restructuring the chair networks, March 2001.
Ulrich Flegel. Vulcano 1 - Vulnerability Catalogue No. 1: Verwundbarkeiten der IT-Infrastruktur des Lehrstuhls (in German), internal technical report (confidential), November 1998.
Ulrich Flegel. Polisi - Politik zur Sicherheit der Informationssysteme am Lehrstuhl 6 (in German), internal security policy, June 1998, under revision.
Ulrich Flegel. The Interaction between SSH and X11 - thoughts on the Security of the Secure Shell, Braunschweig, September 1997.

Press

Jan Friese. Schwarmbasierte Anti-Viren-Software (in German), Logo - Das Wissenschaftsmagazin, October 9, 2009, NDR.
Kirsten Seegmüller. IT-Sicherheitszertifikate sind gerade in der Beratung wichtig (in German), Computer Zeitung, 40(19), page 21, May 4, 2009, Konradin.
Dirk Knop. Successful flag thieves from the honeypot / Erfolgreiche Fahnendiebe vom Honigtopf (in German), heise Security UK / DE, News Ticker 92834 / 92789, July 17, 2007, heise.
Armin Barnitzke. Flegel spricht für Sicherheit (in German), Computer Zeitung, 37(50), page 6, December 11, 2006, Konradin.
Lothar Lochmaier. Intrusion-Schutz kämpft mit Technik und Management (in German), Computer Zeitung, 37(34), page 14, August 28, 2006, Konradin.
Armin Barnitzke. Forscher spüren Attacken auf (in German), Computer Zeitung, 37(24), page 9, June 12, 2006, Konradin.
Christiane Rütten. Sicherheitskonferenz DIMVA mit Capture-The-Flag-Wettbewerb (in German), heise Security, News Ticker 73620, May 29, 2006, heise.
Klaus-Peter Kossakowski. Datenschutz auch bei CERTs (in German), kes, 21(3), page 61, July 2005, Secumedia.
Armin Barnitzke. Pseudonymisierung schützt (in German), Computer Zeitung, 36(20), page 10, March 17, 2005, Konradin.
Werner Metterhausen. DIMVA 2004 - Sicherheit bei der Gesellschaft für Informatik (in German), Sicherheits-Berater, 31(15/16), page 265, August 1, 2004, TeMedia.
Armin Barnitzke. Hacker kommt nach 20 Minuten ins Netz (in German), Computer Zeitung, 35(32), page 9, August 2, 2004, Konradin.
Armin Barnitzke. Sicherheitslethargie bedroht die deutsche Volkswirtschaft (in German), Computer Zeitung, 35(31), page 2, July 26, 2004, Konradin.
Achim Leitner. Security-Workshop (in German), Linux Magazin, 10(5), May 2003, Linux New Media.
Rochus Rademacher. Pseudonym macht Überwachung fair (in German), Computer Zeitung, 33(49), page 8, December 2, 2002, Konradin.