Ulrich Flegel - Böcker

Computer and network security is an issue that has been studied for many years. The Ware Report, which was published in 1970, pointed out the need for c- puter security and highlighted the di?culties in evaluating a system to determine if it provided the necessary security for particular applications. The Anderson Report, published in 1972, was the outcome of an Air Force Planning Study whose intent was to de?ne the research and development paths required to make secure computers a reality in the USAF. A major contribution of this report was the de?nition of the reference monitor concept, which led to security kernel architectures. In the mid to late 1970s a number of systems were designed and implemented using a security kernel architecture. These systems were mostly sponsored by the defense establishment and were not in wide use. Fast forwarding to more recent times, the advent of the world-wide web, inexp- sive workstations for the o?ce and home, and high-speed connections has made it possible for most people to be connected. This access has greatly bene?ted society allowing users to do their banking, shopping, and research on the Int- net. Most every business, government agency, and public institution has a public facing web page that can be accessed by anyone anywhere on the Internet. - fortunately, society’s increased dependency on networked software systems has also given easy access to the attackers, and the number of attacks is steadily increasing.

Computer and network security is an issue that has been studied for many years. The Ware Report, which was published in 1970, pointed out the need for c- puter security and highlighted the di?culties in evaluating a system to determine if it provided the necessary security for particular applications. The Anderson Report, published in 1972, was the outcome of an Air Force Planning Study whose intent was to de?ne the research and development paths required to make secure computers a reality in the USAF. A major contribution of this report was the de?nition of the reference monitor concept, which led to security kernel architectures. In the mid to late 1970s a number of systems were designed and implemented using a security kernel architecture. These systems were mostly sponsored by the defense establishment and were not in wide use. Fast forwarding to more recent times, the advent of the world-wide web, inexp- sive workstations for the o?ce and home, and high-speed connections has made it possible for most people to be connected. This access has greatly bene?ted society allowing users to do their banking, shopping, and research on the Int- net. Most every business, government agency, and public institution has a public facing web page that can be accessed by anyone anywhere on the Internet. - fortunately, society’s increased dependency on networked software systems has also given easy access to the attackers, and the number of attacks is steadily increasing.

On behalf of the Program Committee, it is our pleasure to present the p- ceedings of the 6th GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Since 2004, DIMVA annually brings together leading researchers and practitioners from academia, government and industry to present and discuss novel security research. DIMVA is organized by the Special Interest Group Security-Intrusion Detection and Response (SIDAR)-of the German Inf- matics Society (GI). The DIMVA 2009 Program Committee received 44 submissions from ind- trial and academic organizations from 17 di?erent countries. Each submission was carefully reviewed by at least three Program Committee members or ext- nal experts. The submissions were evaluated on the basis of scienti?c novelty, importance to the ?eld and technical quality. The ?nal selection took place at the Program Committee meeting held on March 23, 2009, in Brussels, Belgium. Ten full papers and three extended abstracts were selected for presentation and publication in the conference proceedings. TheconferencetookplaceduringJuly9-10,2009,atVillaGallia,LakeComo, Italy, with the program grouped into ?ve sessions.Two keynote speeches were presented by Richard A. Kemmerer (University of California, Santa Barbara) and HenryStern (Ironport/ Cisco).The conferenceprogramwascomplemented by the Capture-the-Flag contest CIPHER (Challenges in Informatics: Progr- ming, Hosting and ExploRing) organized by Lexi Pimenidis (iDev GmbH) and a rump session organized by Sven Dietrich (Stevens Institute of Technology). A successful conference is the result of the joint e?ort of many people. In particular, we would like to thank all the authors who submitted contributions.