Bachelor- and Master Seminar CISPA Staff

Registration for this course is open until Thursday, 30.06.2022 23:59.

News

06.05.2021

Next Seminar on 12.5.2021

Dear All,
 

Please use this new page for your submissions from now on!
Hope you're all having a good semester.
The next seminar(s) take place on 12.5. at 14:00./14:30


Session A 14:00-15:00:
Pit Jost - Joshua... Read more

Dear All,
 

Please use this new page for your submissions from now on!
Hope you're all having a good semester.
The next seminar(s) take place on 12.5. at 14:00./14:30


Session A 14:00-15:00:
Pit Jost - Joshua Sonnet

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B 14:30-15:30:
Robin Gärtner - Bachir Bendrissou

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$


Session A:

14:00-14:30 

Speaker: Pit Jost
Type of talk: Bachelor Final
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Dr. Rafael Dutra
Title: Automated generation of format-aware Fuzzers using FormatFuzzer

Abstract: Fuzzing is an automated testing technique used to execute computer programs with a high number of automatically generated, often ill-formed inputs in order to trigger unexpected behavior such as hangs, crashes or undesired outputs which can be a sign for the presence of vulnerabilities that can be exploited. As file formats tend to be very complex, programs often validate the structure of their inputs at an early parsing stage. Randomly generated files will likely not match the expected structure, thus are discarded during this early stage. Due to this, purely random fuzzing only reaches low code coverage, making it inefficient.

In this thesis, the novel fuzzing technique FormatFuzzer is used. FormatFuzzer uses a structure-aware approach that works by compiling descriptions of binary file formats, referred to as binary templates, into executables that can be used to parse, generate and mutate binary files compliant to their respective format specifications. These binary templates contain all information required to generate and parse structurally valid files of a given format. The files generated by FormatFuzzer are expected to perform better than conventional fuzzing approaches, as due to their structure-awareness, the files are most likely to pass the parsing stage of a given program, thus reaching higher code coverage.

The main focus in this thesis will be on developing reliable binary templates in order to support formats for which no binary templates optimized for generation with FormatFuzzer exist. As a starting point, existing templates made publicly available by 010 Editor are used. These templates work fine for parsing, but are not intended for file generation, as they are missing important information about specific values that need to be present at specific positions in the generated files in order for them to be valid, such as magic bytes. To tackle this issue, this information is added to the existing templates. Furthermore, the process of developing binary templates will be facilitated for future work by the introduction of new features into the binary template language, by automating parts of the process or by using new procedures. The efficiency of the resulting templates will finally be evaluated, and the results will be compared with related work.

14:30-15:00

Speaker: Joshua Sonnet
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Towards Decentralised Access Control in Thread-based Home IoT

Abstract: With the ever-emerging smart home systems today, convenience is the main aspect for IoT (Internet of Things) devices. But this oftentimes excludes contextual factors for authorisation of the respective device. This includes policies like children should only be allowed to control the TV, when parents are nearby to supervise them on what they are watching or remotely controlled lights should only be allowed to be turned on when someone is present in that room.
The goal of this thesis is to implement an access control layer for IoT devices build on Thread. Due to it being a mesh powered network without a true central hub, the authorisation of each device will also be decentralised, s.t. each one will decide about its own access control policy. As Thread allows for concurrent application layers, this model will run beside Thread and the controlling application of the device.

 

 
15:00-15:30

No talk this week.

 

Session B:

14:00-14:30

no talk this week.

 

 

14:30-15:00

Speaker:          Robin Gärtner
Type of talk:     Bachelor Intro
Advisor:           Nico Döttling
Title:                Multiparty Cardinality Testing for Threshold Private Set Intersection

Abstract: Threshold Private Set Intersection (PSI) allows multiple parties to compute the intersection of their
input sets if the intersection is larger than (n − t), where n is the size of the sets and t is some threshold.
The main appeal of the new protocol is that, in contrast to standard PSI, upper-bounds on the communication
complexity only depend on the threshold t and not on the sizes of the input sets. This way we can reduce the
communication complexity especially in the multiparty case.
The goal of this bachelor thesis is to implement this protocol for the first time so it can be used in
research studies. Additionally implementing the protocol might lead to a better understanding of it,
which could lead to further improvements in efficiency of the protocol.

15:00-15:30
Speaker:          Bachir Bendrissou
Advisor: Rahul Gopinath, Andreas Zeller
Type of talk: Master Intro talk

Title: Sample-Free Blackbox Grammar Synthesis

Abstract:
Having a program input specification is crucial in various fields such as vulnerability analysis, reverse engineering, and software testing.  However, in many cases, a formal input specification may be un-available, incomplete, or obsolete. When the program source is available, one may be able to mine the input specification from the source code itself. However, when the source code is unavailable, a blackbox approach becomes necessary.

Unfortunately, blackbox approaches to learning context free grammars are bounded in theory, and was shown to be as hard as reversing RSA. Hence, general context-free grammar recovery is thought to be computationally hard. Glade is a recent blackbox grammar synthesizer, which claims it can recover an accurate context-free input grammar of any given subject using only a small set of seed inputs, and a general oracle able to distinguish between valid and invalid inputs. It also claims to be fast for all programs tested. While an implementation of GLADE is available, the input grammar is produced is in an undocumented format that is hard to reverse engineer. Furthermore, GLADE also uses custom parsers and fuzzers which are hard to verify.

This thesis attempts to first replicate GLADE independently by first implementing the GLADE algorithm in Python and using this implementation to verify the reported GLADE experiments, and further evaluate GLADE using new context-free grammars. This will provide us with precise information and insights about the limits and suitability of GLADE in diverse circumstances.

The second part of our thesis will extend GLADE by pairing it with our bFuzzer tool. Bfuzzer generates and monotonically extends syntactically valid input prefixes until it finds valid inputs. Hence, in this pairing, bFuzzer will provide the syntactically valid sample inputs that GLADE requires to infer the grammar. We will evaluate the combined fuzzer against diverse subjects.
22.04.2021

Next Seminar on 28.4.2020

Dear All,
 

Great that you found the new semesters page :)
The next seminar(s) take place on 28.4. at 14:00.


Session A 14:00-15:00:
Muhammad Bilal Latif - John... Read more

Dear All,
 

Great that you found the new semesters page :)
The next seminar(s) take place on 28.4. at 14:00.


Session A 14:00-15:00:
Muhammad Bilal Latif - John Schmitt

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B 14:00-15:00:
Peter Stolz - Marc Katz

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$


Session A:

14:00-14:30 

Speaker: Muhammad Bilal Latif.
Type of talk: Master Intro.
Advisor: Dr. Ing. Cristian-Alexandru Staicu.
Title: Empirical Study of Full-Stack JavaScript Web Applications.
Abstract: Traditionally, most web applications were using Java or PHP on the server-side and JavaScript on the client-side. However, in recent years, we have seen a rise of interest in running JavaScript on the server-side as well, i.e., full-stack JavaScript web applications. The reason for this shift is multifold, e.g., uniform tools usage, easier skills transfer across the stack, etc. Recent work warns about the security practices in server-side JavaScript and in particular in its package manager, npm, supposedly the largest software ecosystem in the world.
However, judging the security of a given dependency in isolation is hard and it often leads to over-reporting security vulnerabilities. For example, let us consider the CVE-2019-1010266 vulnerability, which affects the method camelCase of the popular lodash package. In the associated bug report, it is speculated that an attacker can take advantage of the input to this method, without providing any empirical evidence, e.g., a GitHub project in which this is indeed possible. As a result of the issued CVE, all the clients of lodash were warned that they are at risk and that they should upgrade to the newest library version, independent of whether in their particular case, user input can reach the vulnerable method or even the package. To provide a more realistic view of the security of full-stack JavaScript web applications, one should consider the entire code of the application, i.e., client-side and server-side code together with third-party code.
The goal of this project is to perform an empirical study of open-source, full-stack JavaScript web applications. To this end, a testing infrastructure should be developed that allows both dynamic and static program analysis of realistic web applications. The infrastructure should be used to answer various research questions about (the security of) the analyzed web applications.

14:30-15:00

Speaker: John Schmitt
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Implementing Certificate Transparency Into Android Open Source Project

Abstract: To verify the identity of a web server, a web client has to rely on the validity of the provided certificate. As a result, web clients blindly trust in the integrity of the certificate authority to properly issue certificates. But what happens if a certificate authority is compromised, goes rogue, or issues flawed certificates? In case of such a certificate misissuance, certificate transparency helps by providing a secure append-only log that documents every certificate issuance and thus enforces accountability for certificate authorities. Mobile devices are a major source of network traffic to web servers. Additionally, Android currently holds the biggest market share of mobile operating systems but does not present any solution to a certificate transparency implementation. Our goal is to provide a proof of concept for an implementation of certificate transparency in the Android Open Source Project and make use of its benefits to protect Android users from certificate misissuance and thus man-in-the-middle attacks.

 

 
15:00-15:30

No talk this week.

 

Session B:

14:00-14:30

Speaker: Peter Stolz
Type of talk: Bachelor Intro
Advisor: Ben Stock
Title: To hash or not to hash
Abstract:
Content Security Policy (CSP) is a great way to mitigate Cross-site scripting (XSS) if used correctly. CSP has the experimental directive "unsafe-hashes" to whitelist certain inline event handlers and style attributes.
Before more browsers than chromium add support for it we want to analyse how many event handlers can be abused to trigger XSS if an attacker reuses them on a malicious tag.
This allows us to determine if it is a useful feature or if it should be abandoned because it implies a false sense of security for the most part.
How would the results change if we add a none to each tag, so an attacker can't inject arbitrary tags.

 

 

14:30-15:00
Speaker: Marc Katz
Type of talk: Bachelor Final
Advisor: Ben Stock
Title: Malicious Tag Soup: How the HTML standard undermines web security
Abstract: The HyperText Markup Language (HTML) is one of the first technologies that came with the invention of the internet and evolved around the last 30 years, sometimes in more than one direction. Today, with HTML 5 as the current version, the standard itself acknowledges that faulty implementations are common and can even influence the specification itself.
Modern browsers, on the one hand, feel the need to deliver a great user experience, including the ability to display very old or faulty webpages, while on the other hand, need to keep pace with the fast development of today’s web technologies.
The goal of this bachelor’s thesis is to analyze how this dilemma between backward-compatibility, gracious HTML parsing, and the implementation of new features affects web security. We use example attack vectors to investiage how different aspects negatively impact web security and propose a new parsing mode to create a benefit for security aware web developers.
15:00-15:30
No talk this week.
13.04.2021

New page for summer term

Dear all,

this will be the new page for the new summer term 2021.
The migration will also be announced in the old group in due time, so do not worry.

 

Bachelor- and Master-Seminar

The bachelor/master seminar is a stage for all talks related to bachelor or master theses at CISPA.

The seminar is currently held bi-weekly on Wednesdays in odd-numbered calendar weeks. It takes place throughout the year, regardless of the lecture periods. You can join at any time. There are two parallel Zoom sessions from 14:00 to 15:30 with three talks each. The upcoming talks will be announced in the News section above.

Requirements for the course certificate

To pass the seminar, you have to

  • give an introductory talk where you present your thesis proposal and
  • attend at least five seminar sessions in total (including the session with your intro talk).

You get a certificate and a grade for this course from your advisor. The advisor can contact us (bamaseminar@cispa.saarland) to check whether you meet all the passing conditions and to get a template for the certificate.

Further, you are required to hold a final talk about the results when you finished the thesis. While this talk is technically not part of the seminar but of the thesis work, it is still presented in the seminar.

Attending a seminar session

Simply join one of the two parallel Zoom sessions. Choose the session with the talks you are most interested in. We welcome active participation and encourage you to ask questions and give helpful comments in the discussion after each talk.

During the seminar, we will share a link to an attendance sheet. Make sure to add your name to this document. We use these documents to track how many sessions you attended.

Giving a talk in the seminar

Each talking slot is 30 minutes long. Your presentation should last about 20 minutes, so we have about 10 minutes left for discussion.

If you want to give a talk, you can book a time slot in one of the sessions. Use one of the following links for booking:

Please coordinate time and date with your advisor so that no two students of the same advisor present at the same time.

If you don't need a specific time slot, you can try to book 14:30, as some students either need the 14:00 or 15:00 slot. In rare cases, we will have to move the talks in a day, so please indicate which times you would be available. The final schedule will be announced in the News section a few days before the sessions take place.

To list your talk in the announcement, you will have to hand in some information about it, namely:

  • Speaker: Your name.
  • Type of talk: Bachelor Intro, Bachelor Final, Master Intro, or Master Final.
  • Advisor: The name of your advisor. If multiple advisors wish to attend the session, please list all of them so we can make sure that there are no collisions.
  • Title: Title of your talk.
  • Abstract: Abstract of your talk.

Refer to previous announcements for examples.

Please submit this information at least one week in advance (until 23:59 on the Wednesday before your talk). Upload your information as a submission to CMS (see Personal Status), preferably as a plain text file (.txt). You can find a template in the materials section.

Contact the organizers

If there are any questions left, please use the mail address bamaseminar@cispa.saarland to contact the organizers.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators