Bachelor- and Master-Seminar

Dear All,

the next seminar(s) take place on 16.9. at 14:00.

Session A:
Christian Becker - Nils Michael - Nicolas Müller

https://zoom.us/j/96243458340?pwd=WVdzSEJNdmk1Z0JOL2E3UjVZc1EvUT09

Meeting-ID: 962 4345 8340
Kenncode: 7G=Lsi

Session B:
Xhelal Likaj - Tom Fischer

https://zoom.us/j/96804078593?pwd=VnZ1RFoxa1Z3Y2VjSW5rei83aEtiZz09

Meeting-ID: 968 0407 8593
Kenncode: 1f@p*^

Session A:

14:00-14:30 

Speaker: Christian Becker    
Type of talk: Master final talk
Advisor: Dr. Sven Bugiel
Title: Mapping the Multi-Layer Attack Surface of Android’s Native System Libraries

Abstract:

Android is wide spread, and by far the most used operating system for mobile devices.
Providing a wide range of functionality like the calendar, a camera, banking, or messaging
apps these devices store a lot of private sensitive data. Therefore protecting those should
be and is a top priority. Not only the Android Open Source Project (AOSP) but also many
researchers investigated and improved the security. Recent approaches are proposing
solutions in order to protect apps from being compromised, but privacy protection also
relies on the integrity of Android itself, especially of its middleware including Java
(Framework) and native (C/C++ libraries) code. Native code, directly consuming
user input, has been already exploited in the past (e.g. stagefright) which showed the
tremendous impact of vulnerabilities at this point as they can immediately affect every
Android user. However, often users can only pass data to Android’s framework (i.e.
APIs). Therefore the goal of this thesis is to evaluate whether vulnerabilities in native
code can be exploited through passing malicious data to API calls. Due to the range
of functionality Android comes with a huge code base and is a very complex system to
investigate. To overcome this challenge, we present a static analysis tool to automate
and support this investigation. It consists of several exchangeable modules: A pattern
based vulnerability scanner (Joern) for native code, a backwards slicer for native and
Java code and a linker to enable backwards slicing across the Java Native Interface (JNI).
Since apps usually need to access libraries via the Framework, which is implementing the
policy enforcement point and redirecting the calls to the libraries via the JNI, the results
of this tool map the attack surface from native to Java code meaning whenever there is a
bug in native code, it can be derived whether this can be exploited through an API call
from an app and thus poses an actual vulnerability with a high impact. The results can
also be used for fuzzing as it highly reduces the targets by locating the attack surface
and thus increase efficiency

 

14:30-15:00

Speaker: Nils Michael
Type of talk: Bachelor Thesis Final Talk
Advisor: Prof. Dr. Sven Bugiel
Title:  Exploiting Humans to Create Covert-Channels on Mobile Devices

Abstract:

Covert Channels have been researched both on traditional computing systems as well
as on mobile devices. While for the former there are more than four decades worth
of research including defense mechanisms to prevent data leaks, for the latter these
advancements are still ongoing. More and more attack vectors are being discovered which
make the use of mobile-specific entities like light-sensors or third-party libraries and
SDKs used in mobile apps. With these, there is a vast number of possible channel carriers
used in so called "collusion attacks". These attacks circumvent the Android permission
system and process-isolation without being detected in order to communicate secretly
between two applications with different permissions. That way, the two applications
can unite their respective permissions which are needed to, e.g., leak user data to the
attacker.
For the sensor-based channels, which make the use of different motion sensors (like the
accelerometer or gyroscope as the channel carriers), most related work automates the
process of the covert data transmission through the channels, as the transmission is
independent of user interaction. This thesis focuses on the transmission which is caused
by the user without her knowing, e.g., simply by playing a game. By exploiting the users
for the transmission over covert channels, this will make it even harder to detect. Since
users are error-prone, various aspects like transmission error-detection and -correction
have to be taken into account.

15:00-15:30

Speaker: Nicolas Müller
Type of talk: Bachelor Intro Talk
Advisor: Dr.-Ing. Sven Bugiel
Title: App Piracy in Android

Abstract:
The world of mobile apps is consistently increasing, more and more apps are published in diverse Android app markets. With these increasing stats, apps might get pirated and plagiarism in those markets, especially in unofficial app markets, is often the case. It is also not uncommon that original apps get copied and used to spread most Android malware. Apps get copied with their original functionality, but an attacker might include malicious code and republish those apps to spread the malware. Users often do not recognize those pirated apps and are mostly unaware of a different behavior of the app. Furthermore, commercial apps may get copied and republished for free without the original author's permission to do so, or advertisement of an app might get stripped both shrinking developer's income.
This thesis will study common procedures on how an app is pirated. It will also investigate different defense mechanisms developers include in their apps and how app developers usually try to mitigate piracy and plagiarism of their apps.

Session B:

14:00-14:30

Speaker: Xhelal Likaj
Type of talk: Master thesis final talk
Advisor: Giancarlo Pellegrino
Title: A field study of anti-CSRF countermeasures used in practice

Abstract: Cross-Site Request Forgery (CSRF) is one of the most popular web vulnerabilities, which has been referred by many as the "Sleeping Giant".
It is a severe attack that allows an attacker to trick the victim’s browser into (unintentionally) submitting a request to a vulnerable web application.
Most web frameworks nowadays offer protection(s) against CSRF to ease the efforts of web developers. However, writing secure code is not an easy task.
Although an anti-CSRF countermeasure might be theoretically bulletproof, if it is not implemented correctly in the code, then the security falls apart.
The research question we want to tackle in this work is whether anti-CSRF countermea-sures are implemented in a robust and secure way by frameworks.
A thorough search in the literature indicates a lack of scientific research in this direction. Therefore, through this scientific work, we aim to fill this gap.
Our main contribution is conducting a fieldstudy on the implementation of anti-CSRF countermeasures by popular web frameworks.
In this work, we analyze 44 popular web frameworks of the top 5 programming languages (JS, Python, Java, PHP, C#).
The overall results of the field study showed that the implemented countermeasures are secure from most common attack vectors.
Nevertheless, it also showed that there are some attack vectors that most frameworks overlook, such as cookie tossing, Replay attacks, etc.
In some cases (e.g. Vert.x-Web, CakePHP), a trivial attack was enough to easily bypass the CSRF defense.
Furthermore, we provide a detailed explanation of how anti-CSRF countermeasures work in each framework in an attempt to help developers facing insufficient documentation.
This includes a thorough explanation, a commented source code, and many web appli-cations that can be used to test the CSRF defense further.
We conclude our work by providing some recommendations and best practices that address the implementation mistakes identified during the field study.

14:30-15:00

Speaker: Tom Fischer
Type of talk: Bachelor Thesis Intro Talk
Advisor: Dr. Nico Döttling
Title: Efficient Field Extension for Oblivious Linear Evaluation

Abstract: Secure multi-party computation is a subfield of cryptography, where participants want to evaluate a joint function over their private data without sharing their data. The Oblivious linear function evaluation (OLE) is an inportant building block in such cryptographic protocols and lets two parties jointly evaluate y=ax+b. The difficulty here lies in the fact, that one party sends a and b and learns nothing about the other parties input, and the other party sends x and learns y and nothing about a and b. As of lately, several UC-secure OLE protocols have been published under both semi-honest and malicious adversarial settings. But to the best of my knowledge all of these recently proposed protocols focused on input values over prime fields and none for extension fields. In this work, I propose a UC-secure OLE protocol for extension fields in a semi-honest setting that reduces its security to prime field OLE primitives.

 

15:00-15:30

No talk due to cancellation - you may still register last-minute by mailing bamaseminar@cispa.saarland