Bachelor- and Master-Seminar

Dear All,

the next seminar(s) take place on 14.10. at 14:00 or 14:30 respectively, as described below.

Update: We consider offering Sessions A and B not in parallel, but after each other (maybe with a 30 minute break) This change will naturally not affect the already planned dates, but would be for the future. This would allow to take part in two sessions in one day, however we want to check, whether this change works with your schedules time-wise, so please fill out the following form:
https://forms.gle/qch5hs86tZFNu5Sc8

Session A takes places 14:30-15:30 just this once:
Priyasha Chatterjee - Matthias Michels

Zoom-Meeting beitreten
https://cispa-de.zoom.us/j/91374615292?pwd=b3pHRVZ2NHRNSlIyc3VIK3BmL2RvUT09

Meeting-ID: 913 7461 5292
Kenncode: 4R#TUW

Session B takes place 14:00-15:30 as usually:
Guido Battiston - Omar Renawi - Robin Ohs

Zoom-Meeting beitreten
https://cispa-de.zoom.us/j/98624092269?pwd=aVg1Rk1yUUYvTnpJNy9yelZVRFBzUT09

Meeting-ID: 986 2409 2269
Kenncode: 3u.euk

Session A:

14:00-14:30 

No talk in this slot this week.

14:30-15:00

Speaker: Priyasha Chatterjee
Type of talk: Master Thesis Intro Talk
Advisor: Prof. Dr. Katharina Krombholz
Title: Usable Privacy Enhancement in the context of Smart Home Systems

Abstract: As ubiquitous computing becomes more widespread, so does the market for voice-controlled smart devices which afford a convenience that did not exist before. Voice control is still developing, but the major players in the market have already made substantial progress, leading to large-scale adoption and interest in voice-controlled technology and particularly in smart home systems. Smart home systems allow smart devices to connect to a hub, such as Amazon's Alexa, or Google Nest, which are essentially smart speakers allowing users to control them by voice. The global smart speaker market is currently worth 7.5bn USD and is projected to grow at 34% per year for the next five years, which means more and more people are going to be adopting the use of these systems and devices. However, while these systems provide users with great convenience, users have also found that they need to settle on a trade-off between security and convenience. Smart speakers are listening constantly and potentially recording sensitive information, which is then at risk of falling into the hands of malicious actors. There is evidence of smart speakers performing unrequested actions that lead to compromise of users' sensitive data, of data from smart speakers being used to triangulate and locate users from these recordings, of companies not being 100% transparent with their policies about such smart speakers. In fact, in 2019, 41% of all smart home users were found to have been apprehensive about privacy around their devices.
While there already exist two commercially available devices to deal with some of these concerns, by allowing users to prevent themselves from being constantly recorded, neither of these have been developed taking users’ ideas into consideration. This thesis proposes to find an effective solution that is designed with the users in mind. The goal is to have a prototype based on recommendations for what is found to be usable by the users. This shall be approached in the following way: the first stage comprises a basic questionnaire and interview, including a drawing task, to ascertain how users feel about the need for privacy enhancement around smart home systems, and to gain some creative insight into what users feel is the most convenient form factor for them. The next stage involves coding and analysing user responses to answer the research questions, and then creating a database of suggested design ideas. These design ideas are then used for the next stage, which is the participatory design stage. Here, the participants brainstorm further, work with low-fidelity prototypes, and provide their valuable inputs. The expected outcome of this stage is the development of refined ideas for usable privacy enhancement tools that can be developed for future use.

 

15:00-15:30

Speaker: Matthias Michels
Type of talk: Bachelor Thesis Final Talk
Advisor: Ben Stock
Title: Revisiting vulnerability notifications
Abstract:

New security vulnerabilities in websites are discovered daily. One way
to decrease the number of vulnerable websites is to notify the
respective website operator about the issue. However, prior research
has shown that security issues often do not get resolved, even after
sending notifications.

In this thesis, we investigate how the effectivity of such
notifications can be increased. We especially look into how different
incentives affect the number of fixed websites. We do this by
automatically checking over 10 million domains for known security
problems in their websites and notifying their respective operator in
the case we found a vulnerability. By using differently phrased
notifications, we hope to find characteristics, which lead to more
successful notifications.

Session B:

14:00-14:30

Speaker:Guido Battiston
Type of talk:Master Intro Talk
Advisor:Dr. Robert Künnemann
Title:Playing CATSS and MAUS: a theory of privilege escalation and applications to simulated pentesting

Abstract: Companies use risk estimation techniques to analyze their net-
works, prioritize problems and compute mitigation strategies. These
techniques operate on a model of the network, which is acquired by
scanning for known vulnerabilities from public databases. Naturally,
information about the effect of an exploit is scarce, so most models
feature adversaries that advance hop by hop without taking into consideration the security lattice of the individual host.
This master thesis presents the implementation and evaluation of a fully comprehensive system for
network scanning and risk analysis based on host-level privileges, called CATSS/MAUS. Not only
can CATSS/MAUS determine the vulnerability of a network, it can
also propose countermeasures, specifically those that ‘break a chain’
of privilege escalations.

14:30-15:00

Speaker:Omar Renawi
Type of talk: Intro Talk
Advisor: Nico Döttling and Stella Wohnig
Title: The Relationship between Verifiable Delay Function (VDF) And Time-Lock Puzzle (TLP)

Abstract: The question of whether Verifiable Delay Function (VDF) implies Time-Lock Puzzle (TLP) or whether Time-Lock Puzzle implies Verifiable Delay Function has been investigated for a while, but this seems to be a hard problem. In this work, we will investigate this problem further by making stronger assumptions. In particular, we will assume the existence of Witness Encryption and show that Verifiable Delay Function and Witness Encryption imply Time-Lock Puzzle.

15:00-15:30

Speaker: Robin Ohs
Type of talk: Bachelor Final Talk
Advisor: Prof. Dr. Andreas Zeller, Nataniel P. Borges Jr.
Title:Testing apps with probabilisticgrammars

Abstract: In the past, users interacted with applications by typing program
     names with parameters into the command-line or bash. This command
     line apps could easily and systematically be tested by attaching
     different command-line arguments to the call of the program.
     Nowadays the interaction with modern applications is different.
     Instead of command-line arguments, applications create graphical
     user interfaces (GUI) which give users the ability to interact with
     visible elements on their screen via click, hold and swipe or even
     fill out input elements by typing text into them. Specifically,
     applications or operating systems for touch devices in the mobile
     field, like apps for Android make use of this approach.
     Without automation in the testing of an app, an app developer needs
     to write tests for every element of his UI with all its possible
     interactions that a user could use to interact with the application.
     An approach to automate test generating for apps are UI grammars.
     Originally mostly used to test compilers, context-free grammars can
     also be used to create tests for Android applications by mining the
     GUI of the application. In this thesis, the objective is to find a
     way to combine automatically mined grammars for the same application
     and find useful rules which decide how these grammars are getting
     merged.