5th SIMU project meeting at Fraunhofer SIT in Darmstadt
The 5th SIMU project meeting took place at the new building of Fraunhofer SIT in Darmstadt Sept 24. All partners presented their research results. Additionally, the meta data scheme for the SIEM environment was discussed and brought forward.The project managed by DECOIT GmbH is on schedule. Next step is the junction of different partner developments.
The third work package (conception of future SIEM components) is progressing well and intermeshes seamlessly with the fourth work package which is aimed at the development of security components. The fourth work package has already been approached in order to be able to present first results soon. The conceptional phase is planned to have passed into the development phase until October. Additionally, first tasks of the fifth work package have been approached so that the project proceeds well on schedule.
The project was already represented by different project partners on several conferences and came up with several publications. SIMU will even be presented during a panel discussion at the symposia "KMU Innovativ - gemeinsam zu intelligenten Lösungen" organized by the German Federal Ministry of Education and Research which will take place in Berlin November 17-18, 2014. Furthermore, there will be a SIMU poster session and a first demonstrator.
The project has made great progress regarding the development of SIEM-collectors. Both the IF MAP clients by DECOIT GmbH (conducting complete refactoring) as well as the IF MAP clients by the University of Applied Sciences and Arts Hannover, NCP engineering and macmon secure record further progress. Additionally, University Hannover developed the irondemo tool which can be used to test different meta data. DECOIT GmbH also works on the graphic interface so that all, but only relevant, SIEM events can be visualized consistently. The Pattern-Matching-Engine, which will provide the system's intelligence and is worked on by the University Hannover, still needs great amount of development. The visualization of communication also implies open issues that will be solved during the work process. Fraunhofer SIT mainly takes care of its ontology based IO-Tool, which amongst other things can collect infrastructure automatically and the CBOR proxy development in order to enable a slim connection of IF MAP.
Finally, the new meta data scheme that was available as basic proposal was discussed. It contains extensions that are not yet part of the current IF MAP standard and therefore would need to be introduced via Trusted Computing Group (TCG). Since TCG already works on the following IF MAP version, Fraunhofer SIT already takes active part in the discussion aiming to bring in the CBOR specification as alternative to the overhead-intensive SOAP communication.