Bachelor- and Master Seminar

Dear All,
 

Due to limited avaiability of the advisors we will sadly not be able to make a nice block of talks this week, so there will be a break in one of the blocks. If any of the participants still change their mind and want to opt for 14.30 please inform me ASAP at bamaseminar@cispa.saarland - I think this will greatly increase the chance that people will listen to your talks!
The next seminar(s) take place on 26.5. at 14:00/15:00

Session A 14:00-15:30: (break 14:30-15:00)
Dominic Troppman - Xaver Fabian

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B 15:00-15:30:
Abhilash Gupta

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$

Session A:

14:00-14:30 

Speaker: Dominic Troppmann
Type of talk: Bachelor Intro    
Advisor: Dr. Ing. Cristian-Alexandru Staicu
Title: On the Prevalence of Native Extensions in Scripting Languages

Abstract:
Native extensions are modules written in low-level C/C++ code that one can conveniently invoke from higher-level scripting languages like JavaScript, Python, or Ruby. Using native extensions offers several benefits such as superior performance and access to functionality otherwise unavailable in these scripting languages. Unfortunately, they also allow developers to break certain safety guarantees present in the higher-level languages, such as memory- and crash-safety. Thus, if not implemented correctly, native extensions can quickly turn into a security risk, acting as a backdoor for entire categories of -particularly nasty- bugs and vulnerabilities. Examples include but are not limited to buffer overflows, use-after-free vulnerabilities, or even hard crashes, which would not occur under normal circumstances.
The main goal of this thesis is to measure the prevalence of native extensions in JavaScript, Python, and Ruby. Furthermore, we want to understand the role they play in the ecosystems surrounding these three languages. To this end, we aim to conduct a comprehensive study of npm, PyPI, and RubyGems, the three largest software ecosystems backing up the scripting languages mentioned above. To detect usage of native extensions APIs, we perform static analysis on each packages' source code. Finally, we will use this information in combination with package metadata to answer our research questions.
 

 

14:30-15:00

coffee break

 

 

15:00-15:30

Speaker: Xaver Fabian
Type of talk: Master Intro
Advisor: Prof. Jan Reineke und Dr. Marco Patrignani
Title: Detecting (more) Spectre vulnerabilities

Abstract:
Speculative Execution is an optimization technique of processors that gives a significant speed-up by
predicting the outcome of branching (and other) instructions and continues execution based on these predictions.
If a prediction was incorrect, the processor rolls back the effect of the speculated instructions on the CPU
architectural state, which consists of registers and main memory. However, side effects on the microarchitectural state,
e.g., cache content, are not rolled back.
The Spectre attacks demonstrated how an attacker can exploit the side effects of these speculatively-executed instructions
by abusing different prediction mechanisms of the CPU. Several tools were developed to automatically detect Spectre vulnerabilities,
but most tools can only detect up to one or two variants of Spectre.
We want to extend one of these tools, called Spectector, to detect more Spectre vulnerabilities.
In this talk, I give an overview of Spectre and explain how Spectector finds these speculative vulnerabilities.
I then present our approach to extending Spectector to support additional Spectre variants and give an outlook
of what further is possible with this extended version of the tool.

 

Session B:

14:00-14:30

no talk this week.

 

 

14:30-15:00

15:00-15:30

Speaker: Abhilash Gupta
Type of Talk: Master Intro
Advisor: Dr. Rahul Gopinath
Supervisor: Prof. Dr. Andreas Zeller
Title: Grammar Fuzzing Command lineutilities in Linux
Abstract: The execution of command-line (CLI) utilities is determined by both configuration options and arguments passed in its invocation. Configuration options activate specific code segments in the utility while arguments are the utility’s input. It is imperative to utilise both arguments and configuration options to fuzz these utilities.

We describe a method to integrate configuration options and arguments into the fuzzing process via the use of context-free grammars (CFG). We present a general technique that takes any utility and automatically constructs a readable CFG capturing the syntax of its invocation. We use these grammars in our fuzzing tool to fuzz command-line utilities to search for failures. We plan to evaluate the results obtained by our fuzzer and inspect its results with respect to previously observed fuzzing results.  We will also evaluate the coverage attained by our fuzzer compared to other fuzzing attempts on CLI utilities.