Bachelor- and Master-Seminar

Dear All,

the next seminar(s) take place on 30.9. at 14:00.

Session A:
Florian Nawrath - Marvin Moog - David Schäfer

https://cispa-de.zoom.us/j/93234867227?pwd=dDFYOEVQbWYxOEM5STAvU1l1UUdJZz09

Meeting-ID: 932 3486 7227
Kenncode: 6H@Tmh

Session B:
Markus Demmel - Andreas Hanuja - Florian Grün

https://cispa-de.zoom.us/j/97895494427?pwd=WHlRUU13dXFFMHFNWkJyaFU0SkFRdz09

Meeting-ID: 978 9549 4427
Kenncode: 2m+1e6

 

Session A:

14:00-14:30 

Speaker: Florian Nawrath
Type of talk: Bachelorthesis Intro Talk
Advisor: Sven Bugiel
Title: Already logged in or still looking for your password? Quantitative testing of the users FIDO 2 infrastructure

Abstract:
With the release of FIDO 2 (Fast Identity Online) integration of passwordless authentication methods has become easier to use. The general problem is the users acceptance and adaption of this password alternatives. Even when being properly integrated the problem is still the availability of suitable authenticators on the users side. This study aims to unveil the users possibility to make use of FIDO 2 authentication methods, when forced to on an exemplary site. Therefore the goal is to provide insights into technical as well as hardware limitations and restrictions from every-day end users.

 

14:30-15:00

Speaker: Marvin Moog

Title: Evaluating Adoption and Obstacles of NSC in Android
Kind of talk: Bachelor, final
Advisor: Dr. Sven Bugiel
Abstract:
Nowadays, almost every app needs to be connected to the Internet to serve a useful purpose and therefore has to protect potentially sensitive data during transit. However, several studies in the past have shown that many Android apps are vulnerable to Man-in-the-Middle attacks. In order to simplify the handling of SSL/TLS, and thus increase security, the Network Security Config (NSC) was introduced in Android 7.0, and allows developers to customize their network security settings without modifying the app code.

This bachelor thesis investigates how much the Android market has accepted NSC, if there are obstacles to use it, and whether security has improved as a result, by automatically analyzing the 1,500 most downloaded apps. It highlights that NSC is used by 41.22% of the apps, where every second NSC is used to allow cleartext traffic app-wide. Other security-relevant features of NSC are rarely used and are still frequently implemented manually. A manual analysis of 10 seemingly insecure apps found half of them to have connections that could be MITM attacked.

15:00-15:30

Speaker: David Schäfer
Type of talk: Bachelor Final Talk
Advisor: Dr.-Ing. Sven Bugiel
Title: System Support for Attesting Apps to Services

Abstract:
Already for a long time, mobile applications have become a lucrative business for many companies. Frequently, these just implement basic functionalities and provide the full range of functions only with an active remote service interaction. Particularly in paid apps, it is important for service providers that the information exchanged are only available to certain applications. But, because dynamic authentication is hard to realize in a distributed system, this can be quite challenging. Additionally, because application installation packages can be signed by self-signed certificates and therefore do not provide a chain-of-trust, they can be manipulated and published by everyone. In such a case, it is hard to determine for the remote service whether it is communicating with the genuine application or a compromised version. Therefore, app attestation has become an important concept of today's application development. In this bachelor thesis, I have designed and implemented a system-internal solution for attesting apps to services, which, in contrast to many existing approaches, operates independently from external support. It is based on existing security features of current Android versions and, in combination with hardware-protected security, can provide verifiable and reliable evidence about the integrity of an application and the underlying system.

Session B:

14:00-14:30

Speaker: Markus Demmel
Type of talk: Bachelor Final Talk
Advisor: Rahul Gopinath
Title: Differential Testing

Abstract: We live in a well-connected world in which almost any device is connected to the internet and able to communicate with other devices. This exchange of communication is based on standards like different protocols and data exchange formats. One of these exchange formats is JavaScript Object Notation (JSON). JSON is a popular way to exchange data due to it being very efficient and language independently. That means that any developer can use JSON easily to exchange data with others regardless of the program language or the operating system. The first specification of JSON was published by Douglas Crockford at the beginning of this millennium. Meanwhile, there are several specifications that describe how JSON should be parsed. However, developers do not hold onto these specifications. As a result, there are JSON parsers that parse invalid JSON. This bachelor thesis investigated the consequences of this on the most popular and widespread parsers.

14:30-15:00

Speaker: Andreas Hanuja
Type of talk: Bachelor Thesis Intro Talk
Advisor: Prof. Dr. Andreas Zeller
Title: Generating andParsing Binary File Formats with FormatFuzzer

Abstract:

Modern fuzzers are used worldwide for automated software testing and to regularly find weak points in common programs. Many randomly generated inputs are used to search for errors in the program flow. But if the input files expected by the target program must have a complex structure, it is hardly possible to generate useful input by pure chance.
Thus, current research tries to modify the fuzzer, by giving it background knowledge about the expected input structure.

In contrast to previous proposals, we use a novel framework called FormatFuzzer. FormatFuzzer automatically compiles high-efficiency generators and parsers from a file format specification. In this work, we propose how we can extend existing specifications to support new formats. We use the synthesized generators to evaluate different metrics, like their speed, the correctness of the outputs, and the variety of generated files. If we combine our generators with American Fuzzy Lop (AFL), we expect that we can increase the efficiency of AFL in fuzzing programs that parse binary files.

15:00-15:30

Speaker: Florian Grün
Type of talk: Bachelor Thesis Final Talk
Advisor: Rahul Gopinath
Title: ARM Processor Fuzzing via QEMU

Abstract:

Each processor manufacturer hands out documentation of all usable processor instructions for their specific processor architectures. However, not all possible sequences of instructions are well-defined in those documentations; hence, their execution is undefined. This bachelor thesis describes the implementation of a tool capable of testing a QEMU-emulated ARM architecture. It is used to investigate if there appears any recognizable misbehavior when trying to execute undefined sequences of instructions.
    
To do so, the grammar-based F1 prototype fuzzer, combined with a self-written instruction grammar manually derived from an instruction set description, is used. Being able to create a massive amount of instruction inputs, they are executed on the emulated ARM processor architecture. The target of this fuzzing campaign is a QEMU-emulated ARM Cortex-A9 processor, and it is tested in user as well as in supervisor execution mode.