Bachelor- and Master-Seminar

Dear All,

the next seminar(s) take place on 5.8. at 14:00.
As a reminder: If you hold a talk you have to upload your information one week in advance which means on *Wednesday* before the talk.

Session A:
Annika Carolin Grieser - Finn Hermeling - Johannes Lampel

https://zoom.us/j/95592194795?pwd=MUpKZHFoU0RUM05ZMjZUNldjUUJGQT09

Meeting-ID: 955 9219 4795
Kenncode: 0s^udk

Session B:
Daniel Weber - Noah Mauthe - Niklas Medinger

https://zoom.us/j/93291128233?pwd=UTJhU05PbXRhWmU0MWlXZDZEYk5EQT09

Meeting-ID: 932 9112 8233
Kenncode: 2z^GF+

Session A:

14:00-14:30 

Speaker: Annika Carolin Grieser

Title: Exploratory evaluation of a methodology of in-situ data collection using a modified Mycroft

Kind of Talk: Bachelor Thesis Intro Talk

Advisor: Dr. Katharina Krombholz

Abstract:

Artificial Intelligence is almost everywhere included in daily life. You can ask smart
speakers to do some shopping for you, to control smart homes or even to tell you some
news. This technique not only brings advantages but also carries some risks. Several
studies have shown possible attacks and privacy lacks of these devices. In-situ studies are
often conducted, to shed light on user behaviour in this context. The data collection is a
challenge for each in-situ study. It becomes even harder in smart speaker in-situ studies.
The huge challenge is the sensitivity of the data. Logging every user conversation is
inconceivable for ethical reasons. Other methodologies are not satisfactory either because
they have disadvantages such as a large time gap between usage and survey or the need
to artificially intervene in the in-situ process.
The presented Bachelor thesis performs an exploratory evaluation of a new tool which
should ease the data collection process in an in-situ study with a smart speaker. This
tool is integrated in an open-source smart speaker called ’Mycroft’. It offers the ability of
surveying the user in between his usage process with the smart speaker. The goal of this
thesis is to evaluate this tool with respect to its abilities, capabilities and configurations
in a security and privacy context.

 

14:30-15:00

Speaker: Finn Hermeling
Type of talk: Bachelor Thesis Outro Talk
Advisor: Stefan Nürnberger
Title: Automated Semantic Labeling For Unstructured And Unknown CAN Traffic

Abstract:
In automotive networking the Controller Area Network (CAN) standard is widely used. Car manufacturers use secret protocols to let devices communicate over this bus. Since all devices (including infotainment systems or telematic units) are physically connected to the same bus, attack vectors are being exposed and privacy concerns raised. In order to estimate the gravity of the situation and to solve these problems, it is necessary to reveal the obscure contents of CAN messages. The thesis will discuss challenges an automated labeling system for data in CAN messages faces and analyze the possibilities to solve them using machine learning. In this talk different aspects of solving these challenges are shown and various approaches evaluated and compared using both qualitative and quantitative methods.

 

15:00-15:30

Speaker: Johannes Lampel
Type of talk: Master Inro
Advisor: Sascha Just
Supervisor: Andreas Zeller
Title: Run Flake Run

Abstract:
Flaky tests and their manifestation in intermittent failures plaque the continuous integration process in small and large projects alike. In big companies like Google or Microsoft, the manifestation of an intermittent failure is especially costly since it causes builds, which can take several hours, to fail. To combat this problem, research and industry have come up with several approaches. Reruns, meaning a failing test is automatically rerun when it fails, are most commonly used in big companies today. In this talk, I will talk about our ideas on how we want to investigate the effectiveness of reruns in combatting intermittent failures, as well as ideas on how to make reruns more effective.

Session B:

14:00-14:30

Speaker: Daniel Weber
Type of talk: Bachelor Introduction
Advisor: Ahmad Ibrahim
Title:
Using Fuzzing to Identify x86 Leak Sequences for Timing Side Channels

Abstract:
In 2017 Meltdown and Spectre showed that we must not rely on the assumption that computer hardware is without vulnerabilities. Since then we saw various other attacks against CPU microarchitectures. These so-called transient execution attacks often rely on a covert or side channel to make microarchitectural state observable from the architectural world.

While mainly the CPU cache is abused as a side channel in such attacks, we are aware of the existence of other side channels.
Each new channel is a new way for adversaries to hide their traces and mitigate existing work to detect and prevent transient execution attacks. Therefore, identifying side channels is a key element to reliably defend against their exploitation.
To aid the ultimate goal of mitigating the threat coming from such attacks, this work tries to find
more microarchitectural side channels in an automated manner.
We develop a fuzzer that instead of testing a software component directly fuzzes the hardware it is running on.
Our fuzzer will execute various combinations of instructions from the x86 ISA and observe the behavior of these
with the ultimate goal of finding instructions that span novel timing side channels.

14:30-15:00

Speaker: Noah Mauthe
Type of talk: Bachelor Thesis final talk
Advisor: Ulf Kargén, Christian Rossow
Title:Studying the Prevalence of Anti-Decompilation Techniques in Malicious and Benign Android Applications

Abstract:

Android applications are comparatively easy to reverse engineer and are thus often
plagiarized. To protect against this threat, recent years have seen an overall increase
in obfuscation deployment in the Android ecosystem as well as numerous studies on
the subject. As most of these studies target obfuscation techniques that harden an
app against manual analysis, but not against decompilation per se, we investigate the
prevalence of anti-decompilation measures in Android applications in its current state
by employing decompilability as a proxy. By analyzing, respectively, commercial, open-
source and malware applications, we provide a comprehensive overview on the subject.
We discovered noticeable differences in decompilation failure rates between the three data
sources. Specifically, we note an increase in failure rates from open-source to commercial
and from commercial to malware applications. Nevertheless, our findings show an
unexpectedly small discrepancy in decompilability for all three datasets, warranting
further investigation in future work.

15:00-15:30

Speaker: Niklas Medinger

Title: Exploring Automatic Lemma Generation for the Tamarin Prover
Thesis Type: Bachelor Thesis
Talk Type: Intro Talk
Supervisor: Cas Cremers
Abstract:

Security protocols are all around us. Their applications range from securing the messages
we sent via Apps to protecting the passwords we use to log into our bank accounts.
As a result, these protocols need to be reliable and secure. One way to achieve this
is to formally model and verify protocols with verification tools such as ProVerif or
the Tamarin prover. Unfortunately, modeling a protocol and verifying its desired
security properties takes---depending on its complexity---up to months of work.
Since the desired security properties are often not automatically provable by the
tool, a major part of this process involves the step-wise refinement of intermediate
statements that, ultimately, imply the desired security properties. Aiming to cut down
the time and manual work needed to formally verify a protocol, this thesis identifies
common patterns in lemmas needed to verify protocols with the Tamarin prover, develops
an algorithm to automatically generate these lemmas, and evaluates its effect on the
time needed to prove the security properties of protocols.