News
Next Seminar on 22.7.2020
Written on 17.07.2020 16:20 by Stella Wohnig
Dear All,
the next seminar(s) take place on 22.7. at 14:00. There will now be two sessions run in parallel. (Updated date and zoom links!)
Session A:
Aftab Alam - Tsvetelina Ilieva - Askar Zaitov
Session B:
Finn Hermeling - Vladislav Skripniuk - Virab Gevorgyan
Session A:
14:00-14:30
Speaker: Aftab Alam
Type of talk: Final Master thesis Talk
Advisor: Dr.-Ing. Sven Bugiel
Title: Studying and improving WebAuthn Usability
Abstract:
FIDO2 or FIDO2.0 is a new project that supersedes the previous U2F open standard,
developed jointly by the FIDO Alliance and the W3C to promote simpler and stronger
authentication on the web using public-key cryptography. WebAuthn — short for Web
Authentication, being a W3C standard, is the core component of FIDO2 protocol that
found rapid adoption among the major browser vendors as well as among the top web
services, like Google, Microsoft, Dropbox, and GitHub. Thus, FIDO2 is a very strong
contender for finally tackling the problem of insecure user authentication on the web.
However, there remain several open questions to be answered for FIDO2 to succeed
as expected. The past has, unfortunately, shown that software developers struggle
with correctly implementing or using security-critical APIs, such as TLS/SSL, password
storage, or cryptographic APIs. Based on our prior work which also resulted in a poster
CCS’19; we identified some of the perilous usability issues from the developers’ perspective.
As a result, these findings and developers’ problems in other domains motivated us of
studying and improving WebAuthn usability.
In this thesis, we present the first qualitative usability study with seven developers who
were recruited online and they attempted to configure the registration and authentication
parameters for a 2FA use case for WebAuthn. Through the collected data, we identified
potential usability issues that hindered them in this task. Our results show that the
usability issues are related to the scarcity of proper documentation and misconceptions
that developers have. They perceived that WebAuthn deployment is not an easy task
and demanded to have better developer support in terms of documentation, high-level
open-source libraries and additional tool support for establishing FIDO2 as a de-facto
authentication solution.
14:30-15:00
Speaker: Tsvetelina Ilieva
Type of talk: Intro Talk
Advisor: Prof. Andreas Zeller
Title: Accessible Classifier Decisions using SHAP
Abstract: Being able to fully interpret a classifier’s prediction has many benefits - increasing trust in the model, improving the model and last but not least extracting previously unknown patterns from the data. Luckily, during the last few years a lot of progress has been made in the field of Explainable AI. Especially approaches like SHAP have took us one step closer to solving the difficult but crucial task of explaining a model’s decision. It is however just as important to have an easily understandable but still informative visualization of the model’s explanation. In this work, we identify the shortcomings and potential pitfalls in the existing visualization of SHAP and propose a new, more intuitive and more informative visualization. Our goal is to make the visualization easier to understand for non-professionals, and professionals alike in order to help them during feature engineering and pattern mining.
15:00-15:30
Speaker: Askar Zaitov
Title: Mitigating test flakiness through Record & Replay
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Jenny Rau
Talk type: Master Proposal talk
Abstract:
Flakiness is one of the most challenging problems in the test field. Dealing with the test flakiness can be annoying to any developer due to an unpredictable outcome (pass or fail) despite executing unaltered code. The reasons for flaky tests may be different: from problems with Android OS version or library compatibility to differences in environmental conditions (Advertisement, location, random numbers, some elements triggering on specific dates, with specific network responses, etc.) In this master thesis, we will try to address test flakiness using a record and replay approach, which focuses on non-deterministic behavior of Android application and environmental changes as factors causing test flakiness. Our approach suggests to record and save the environmental conditions and then replay trying to mock the previously recorded environment to see if applications' models changed between different runs.
Session B:
14:00-14:30
Speaker: Finn Hermeling
Type of talk: Bachelor Thesis Intro Talk
Advisor: Dr. Stefan Nürnberger
Title: Automated Semantic Labeling For Unstructured And Unknown CAN Traffic
Abstract:
In automotive networking the Controller Area Network (CAN) standard is widely used. Car manufacturers use secret protocols to let devices communicate over this bus. Since all devices (including infotainment systems or telemetric units) are physically connected to the same bus, attack vectors are being exposed and privacy concerns raised. In order to estimate the gravity of the situation and to solve these problems, it is necessary to reveal the obscure contents of CAN messages. The thesis will discuss challenges an automated labeling system for data in CAN messages faces and analyze the possibilities to solve them using machine learning. Furthermore a software is developed, that given segmented CAN messages, is able to correlate fields in messages of different cars.
14:30-15:00
Speaker: Vladislav Skripniuk
Type of talk: Introductory
Advisor: Prof. Dr. Mario Fritz
Title: Black-box Watermarking for Generative Adversarial Networks
Abstract: As companies start using deep learning to provide value to their customers, the demand for solutions to protect the ownership of trained models becomes evident. Several watermarking approaches have been proposed for protecting discriminative models. However, rapid progress in the task of photorealistic image synthesis, boosted by Generative Adversarial Networks (GANs), raises an urgent need for extending protection to generative models.
We propose the first watermarking solution for GAN models. We leverage steganography techniques to watermark GAN training dataset, transfer the watermark from the dataset to GAN models, and then verify the watermark from generated images. In the experiments, we show that the hidden encoding characteristic of steganography allows preserving generation quality and supports the watermark secrecy against steganalysis attacks. We validate that our watermark verification is robust in wide ranges against several image perturbations. Critically, our solution treats GAN models as an independent component: watermark embedding is agnostic to GAN details and watermark verification relies only on accessing the APIs of black-box GANs.
We further extend our watermarking applications to generated image detection and attribution, which delivers a practical potential to facilitate forensics against deep fakes and responsibility tracking of GAN misuse.
15:00-15:30
Speaker: Virab Gevorgyan
Type of talk: Introductory
Advisor: PD Dr. Swen Jacobs
Title: Cutoffs for Parameterized Broadcast Protocols
Abstract: The occurrence of growingly complex reactive systems in increasingly critical areas induce the necessity of automated verification techniques (e.g. model checking). Furthermore, the correctness of some designs needs to be verified independently of the system size. An important subclass of such designs used in a lot of distributed and parallel applications are the Parameterized Broadcast Protocols (PBPs): systems composed of a finite, but arbitrarily large number of identical processes that communicate with each other via broadcast messages.
We develop a software, to compute cutoffs (number of processes sufficient to prove or disprove a property of a parameterized system) for PBPs. We generate random samples of processes of different number of states and investigate their cutoffs for reachability and mutual exclusion properties. We see, though in general, cutoffs can be quite large, for most applications they are small. Moreover, we identify sufficient conditions and necessary conditions to achieve small cutoffs in PBPs.