1st Kassel Student Workshop on Security in Distributed Systems

With this document, we provide a compilation of in-depth discussions on some of the most current security issues in distributed systems. The six contributions have been collected and presented at the 1st Kassel Student Workshop on Security in Distributed Systems (KaSWoSDS’08). We are pleased to present a collection of papers not only shedding light on the theoretical aspects of their topics, but also being accompanied with elaborate practical examples. In Chapter 1, Stephan Opfer discusses Viruses, one of the oldest threats to system security. For years there has been an arms race between virus producers and anti-virus software providers, with no end in sight. Stefan Triller demonstrates how malicious code can be injected in a target process using a buffer overflow in Chapter 2. Websites usually store their data and user information in data bases. Like buffer overflows, the possibilities of performing SQL injection attacks targeting such data bases are left open by unwary programmers. Stephan Scheuermann gives us a deeper insight into the mechanisms behind such attacks in Chapter 3. Cross-site scripting (XSS) is a method to insert malicious code into websites viewed by other users. Michael Blumenstein explains this issue in Chapter 4. Code can be injected in other websites via XSS attacks in order to spy out data of internet users, spoofing subsumes all methods that directly involve taking on a false identity. In Chapter 5, Till Amma shows us different ways how this can be done and how it is prevented. Last but not least, cryptographic methods are used to encode confidential data in a way that even if it got in the wrong hands, the culprits cannot decode it. Over the centuries, many different ciphers have been developed, applied, and finally broken. Ilhan Glogic sketches this history in Chapter 6.

Smallholder group certification in Uganda - Analysis of internal control systems in two organic export companies

The organic agricultural sector of Uganda is among the most developed in Africa in terms of its professional institutional network and high growth rates of number of certified farmers and land area. Smallholder farmers are certified organic through contract production for export companies using a group certification scheme (internal control system - ICS). The ICS is a viable and well-accepted tool to certify small-scale producers in developing countries all over the world. Difficulties in certification are still stated to be among the main constraints for Uganda’s organic sector development. Therefore, this paper reports a qualitative case study comprising 34 expert interviews in two organic fresh-produce export companies in central Uganda, aiming to explore the challenges which underlie organic certification with ICS. The study shows that farmers cannot be labelled as ‘organic by default’ but deliberately engage in organic production as a marketing strategy. The small quantities purchased by the organic companies lead to a difficult marketing situation for the farmers, causing production and infiltration risks on the farm level. These risks require increased control that challenges the companies organizationally. The risks and control needs are a reason to involve farmers in ICS procedures and innovatively adapt the ICS by means of a bypass around formal perspective restrictions. The paper discusses different perspectives on risks, risk control and certification.