Bachelor- and Master Seminar

Dear All,

The next seminar(s) take place on 21.7. at 14:00.

This week the submission of information worked poorly! Remember that you should upload your talk information by Wednesday night. The research area you write in should actually include the number 1-5 as provided in our last post - I have made a guess which number applies for you if you didn't provide it this week, but for the other students to find your talk it is essential that you put in your area codes in the future! Ask your advisor in doubt!

I also made a new submission form for proposals, don't be confused, this will come in in the future.

Session A:
Tristan Hermanns - Tristan Hornetz - Leon Trampert

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B:
Anania Tesfaye - Yannik Schwindt - David Butscher

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$

Session A:

14:00-14:30 

Speaker: Tristan Hermanns
Type of talk: Bachelor Intro
Advisor: Prof. Dr. Christian Rossow
Title: Automatic Exploitation of Vulnerable ERC20 Contracts (An Extension of TeEther)
Research Area: RA3

With their recent increase in popularity, cryptocurrencies like Bitcoin and Ethereum are on the rise. In Ethereum, so called smart contracts can be deployed, allowing for programmatic control of funds. These smart contracts can not be patched or updated and therefore software vulnerabilities are directly coupled with financial loss.

With teEther, Rossow et al. created a tool that is capable of automatically finding and exploiting vulnerable smart contracts. For this, the EVM bytecode is scanned for critical paths that cause an extraction of funds to the attacker controlled address.

We plan to extend this tool to not only extract Ether, but also arbitrary ERC20-Tokens. ERC20 Tokens are standardized Cryptocurrencies implemented using Ethereum smart contracts. Because this standard eases tracking and fungibility of Tokens, new Cryptocurrencies are often deployed as ERC20 Tokens. Previous work on automated contract analysis has only focused on Ether-related vulnerabilites, but there is a need for automated ERC20 analysis.

14:30-15:00

Speaker: Tristan Hornetz
Type of talk: Bachelor Intro
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Marius Smytzek
Title: Evaluating the Effectiveness of Automated Fault Localization in Python
Research Area: RA4 - Secure Mobile and Autonomous Systems

Abstract: Automated fault localization describes a group of techniques that can aid a programmer in locating the cause of bugs during software development. An abundance of research has been performed on the topic, with Statistical Debugging (SD) and Spectrum Based Fault Localization (SBFL) being two of the most popular approaches. However, there is surprisingly little research about the applicability and general usefulness of automated fault localization in the Python programming language. With its powerful introspection and ever-growing popularity, Python seems like the optimal programming language to apply these techniques. As such, the goal of my Bachelor's Thesis is to research the effectiveness of automated fault localization in Python. For this purpose, I will conduct an empirical study on bugs in real-world software.

15:00-15:30

Speaker: Leon Trampert
Type of talk: Bachelor Intro
Advisor: Prof. Dr. Christian Rossow, Dr. Michael Schwarz
Title: Browser-based CPU Fingerprinting
Research Area: RA3

Abstract:

As of January 2021, almost 60 percent of the global population is connected to the internet.
In most cases, a web browser is used to access the internet.
Using JavaScript and WebAssembly an attacker can execute sandboxed code on the system of a potential victim visiting his malicious site.
This sandboxed code execution does not give the attacker full control over the instructions executed, as the JavaScript and WebAssembly code will be JIT-compiled by the browser engine to the instruction set architecture (ISA) of the particular CPU.

Research in recent years has revealed multiple critical CPU bugs related to speculative execution and other optimization techniques.
Most of these vulnerabilites are CPU-specific and only found in recent CPU generations, whilst some of the latest generations may already include fixes against some of them.
Some attacks, such as RIDL  and Spectre  have successfully been implemented in the browser, opening new attack vectors.
Identifying potential victims or even choosing the most effective attack for a concrete target may be valuable to an attacker.

We plan to collect a multitude of different CPU-specific properties and behaviors, which may ultimately lead to the identification of the concrete CPU model.
The implications of this are worrisome, as they pose a direct threat to the security of everyone browsing the web.

Session B:

14:00-14:30

Speaker: Anania Tesfaye
Advisor: Ben Stock
RA: 5
No info provided yet!

14:30-15:00

15:00-15:30

Speaker: David Butscher
Type of talk: Bachelor Final
Advisor: Dr. Ben Stock, Dr. Giancarlo Pellegrino
Title: Measuring the Impact of the Crawling Context on the Results of Web Scanners
Research Area: 5? Web Security

Abstract:
Web scanners are essential tools for security researchers. They are used to measure the
occurrence of security flaws in the known web. Unfortunately, their efficiency suffers from
multiple limitations. One limitation is that in the first phase - the crawling phase - the
crawling module needs to explore as many resources of a domain as possible. The found
URLs are the input for the attack modules in the second phase. Hence the efficiency of
the whole web scanner depends on the efficiency of the crawler module. This work
aims to identify factors that influence the success of web scanners, especially in the
crawling phase. To reach this goal, we have changed the context of the crawling process
and examined the crawling results for differences. We targeted four factors in detail:

1. IP address: the change of the IP addresses could mitigate the countermeasures of
web application firewalls against known attackers. There is also a possibility that
some sites are only accessible from particular locations.
2. Language: the web is accessible from around the globe, so site owners may serve
their websites in different languages. There might be a chance that they deliver
different web applications for different languages.
3. User-Agent: site owners may deliver multiple versions of their site customized for
the end-user device.
4. Authentication: signed up users may access pages that unknown users will never
be able to reach. Since authentication in an automated fashion is not trivial, we
mainly focused on websites that offer SSO.

We have used a limited set of top domains listed by Tranco for our experiments. For
our evaluation, we have built a crawler that loaded a special crawling profile. We ran
one crawler without modifications and one crawler for each of the first 3 modified factors
in parallel. Afterward, we have counted the number of detected security indicators. In
this way, we could measure the direct influence of single changes to the crawling context.
We also extended our crawler to find social login buttons and to automatically log in to
these websites leveraging the found buttons.