News
Next Seminar on 12.5.2021
Written on 06.05.2021 12:13 by Stella Wohnig
Dear All,
Please use this new page for your submissions from now on!
Hope you're all having a good semester.
The next seminar(s) take place on 12.5. at 14:00./14:30
Session A 14:00-15:00:
Pit Jost - Joshua Sonnet
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B 14:30-15:30:
Robin Gärtner - Bachir Bendrissou
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00-14:30
Speaker: Pit Jost
Type of talk: Bachelor Final
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Dr. Rafael Dutra
Title: Automated generation of format-aware Fuzzers using FormatFuzzer
Abstract: Fuzzing is an automated testing technique used to execute computer programs with a high number of automatically generated, often ill-formed inputs in order to trigger unexpected behavior such as hangs, crashes or undesired outputs which can be a sign for the presence of vulnerabilities that can be exploited. As file formats tend to be very complex, programs often validate the structure of their inputs at an early parsing stage. Randomly generated files will likely not match the expected structure, thus are discarded during this early stage. Due to this, purely random fuzzing only reaches low code coverage, making it inefficient.
In this thesis, the novel fuzzing technique FormatFuzzer is used. FormatFuzzer uses a structure-aware approach that works by compiling descriptions of binary file formats, referred to as binary templates, into executables that can be used to parse, generate and mutate binary files compliant to their respective format specifications. These binary templates contain all information required to generate and parse structurally valid files of a given format. The files generated by FormatFuzzer are expected to perform better than conventional fuzzing approaches, as due to their structure-awareness, the files are most likely to pass the parsing stage of a given program, thus reaching higher code coverage.
The main focus in this thesis will be on developing reliable binary templates in order to support formats for which no binary templates optimized for generation with FormatFuzzer exist. As a starting point, existing templates made publicly available by 010 Editor are used. These templates work fine for parsing, but are not intended for file generation, as they are missing important information about specific values that need to be present at specific positions in the generated files in order for them to be valid, such as magic bytes. To tackle this issue, this information is added to the existing templates. Furthermore, the process of developing binary templates will be facilitated for future work by the introduction of new features into the binary template language, by automating parts of the process or by using new procedures. The efficiency of the resulting templates will finally be evaluated, and the results will be compared with related work.
14:30-15:00
Speaker: Joshua Sonnet
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Towards Decentralised Access Control in Thread-based Home IoT
Abstract: With the ever-emerging smart home systems today, convenience is the main aspect for IoT (Internet of Things) devices. But this oftentimes excludes contextual factors for authorisation of the respective device. This includes policies like children should only be allowed to control the TV, when parents are nearby to supervise them on what they are watching or remotely controlled lights should only be allowed to be turned on when someone is present in that room.
The goal of this thesis is to implement an access control layer for IoT devices build on Thread. Due to it being a mesh powered network without a true central hub, the authorisation of each device will also be decentralised, s.t. each one will decide about its own access control policy. As Thread allows for concurrent application layers, this model will run beside Thread and the controlling application of the device.
15:00-15:30
No talk this week.
Session B:
14:00-14:30
no talk this week.
14:30-15:00
Speaker: Robin Gärtner
Type of talk: Bachelor Intro
Advisor: Nico Döttling
Title: Multiparty Cardinality Testing for Threshold Private Set Intersection
Abstract: Threshold Private Set Intersection (PSI) allows multiple parties to compute the intersection of their
input sets if the intersection is larger than (n − t), where n is the size of the sets and t is some threshold.
The main appeal of the new protocol is that, in contrast to standard PSI, upper-bounds on the communication
complexity only depend on the threshold t and not on the sizes of the input sets. This way we can reduce the
communication complexity especially in the multiparty case.
The goal of this bachelor thesis is to implement this protocol for the first time so it can be used in
research studies. Additionally implementing the protocol might lead to a better understanding of it,
which could lead to further improvements in efficiency of the protocol.
15:00-15:30Speaker: Bachir Bendrissou
Advisor: Rahul Gopinath, Andreas Zeller
Type of talk: Master Intro talk
Title: Sample-Free Blackbox Grammar Synthesis
Abstract:
Having a program input specification is crucial in various fields such as vulnerability analysis, reverse engineering, and software testing. However, in many cases, a formal input specification may be un-available, incomplete, or obsolete. When the program source is available, one may be able to mine the input specification from the source code itself. However, when the source code is unavailable, a blackbox approach becomes necessary.
Unfortunately, blackbox approaches to learning context free grammars are bounded in theory, and was shown to be as hard as reversing RSA. Hence, general context-free grammar recovery is thought to be computationally hard. Glade is a recent blackbox grammar synthesizer, which claims it can recover an accurate context-free input grammar of any given subject using only a small set of seed inputs, and a general oracle able to distinguish between valid and invalid inputs. It also claims to be fast for all programs tested. While an implementation of GLADE is available, the input grammar is produced is in an undocumented format that is hard to reverse engineer. Furthermore, GLADE also uses custom parsers and fuzzers which are hard to verify.
This thesis attempts to first replicate GLADE independently by first implementing the GLADE algorithm in Python and using this implementation to verify the reported GLADE experiments, and further evaluate GLADE using new context-free grammars. This will provide us with precise information and insights about the limits and suitability of GLADE in diverse circumstances.
The second part of our thesis will extend GLADE by pairing it with our bFuzzer tool. Bfuzzer generates and monotonically extends syntactically valid input prefixes until it finds valid inputs. Hence, in this pairing, bFuzzer will provide the syntactically valid sample inputs that GLADE requires to infer the grammar. We will evaluate the combined fuzzer against diverse subjects.