News
Next Seminar on 2.3.2022
Written on 24.02.2022 00:43 by Stella Wohnig
Dear All,
The next seminar(s) take place on 2.3. at 14:00.
Session A: (RA1,4) (14:00-15:00)
Sophie Wenning - Anirudh Upadhya
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (RA 1,2,5)
Tobias Berdin - Virab Gevorgyan - Lukas Kirschner
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00-14:30
Speaker: Sophie Wenning
Type of talk: Bachelor Intro
Advisor: Prof. Antoine Joux
Title: Sampling in representation technique algorithms
Research Area: RA1
Abstract:
The representation technique of Howgrave-Graham and Joux is a highly acclaimed improvement to the cryptanalysis of the well-known NP-complete subset sum problem. This method makes it possible to artificially enlarge the search space and thus increase the performance of cryptanalytic algorithms beyond the previously known lower bounds. The abstract core idea of this divide-and-conquer algorithm is to compose a solution to a subset sum instance from a few sets that enumerate all possible representations of a sum of a few elements chosen among all the summands of the instance. Recently, Esser and May presented an improvement to this method, using a sample from a binomial distribution to randomly form the representation sets instead of deterministically enumerating the possibilities as in the original algorithm. However, the authors withdrew their paper, citing "problems with counting the number of representations" as explanatory statement. The aim of this thesis is to investigate the roots of the issue in Esser and Mays' method and to show its consequences for further applications of the representation technique.
14:30-15:00
Speaker: Anirudh Upadhya
Type of talk: Master Final
Advisor: Dr. Nils Ole Tippenhauer
Title: Safety and Security Critical Function Identification and Monitoring for Motor Controllers
Research Area: RA4
Abstract: In recent times, e-scooters and electric hoverboards are becoming more popular and getting all the headlines for their novelty factor. Due to a lack of trustable vendors and standard architecture, the security and safety of these vehicles are unaccounted for. Most of these e-scooters and hoverboards are of cheap quality and buggy software without standardization. The firmware of these scooters can be hacked to tweak scooter parameters. If the attacker has near access to the device he can maliciously tamper with the sensor reading which can lead to wrong calculation torque vectors and then leading to an unintended acceleration or deceleration. The attacker can also increase the performance of the hoverboard with respect to its maximum speed etc or add additional functionalities to it.
In this thesis, we identify most of the critical functions based on various currently available e-scooter architectures and find the impact on the e-scooter and thus the rider. We also implement run-time monitoring of these types of motor controllers. The additional monitoring software layer is used to check for errors in the control loop, sensors, or any unintended behavior from the user and curb them while bringing the system back to a safe state or fail-safe as defined in the architecture. Based on the critical functionalities the monitoring code is added.
15:00-15:30
No talk this week
Session B:
14:00-14:30
Speaker: Tobias Berdin
Type of talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Anonymous Web Authentication using Intel EPID
Research Area: RA1
Abstract: Many of the modern websites offer the possibility of login for users to access special features that cannot be accessed without a login. To this end, a simple login and password approach is used. However, this comes with some disadvantages. One main concern is privacy, as activities related to some shared resources can be traced back to a specific user. In particular, an adversary can track which resources an individual is using which is not always desirable and can be considered a privacy violation. The second problem relates to passwords that can be forgotten, compromised via database breaches, or easily guessed by an adversary.
This thesis aims to solve both of these problems by introducing a passwordless authentication method for websites that also maintains the anonymity of an individual user within a group. Two components are used for this: the WebAuthn standard for public key-based web authentication, and Intel EPID, with which we certify the membership of a user to a group.
An implementation that brings these concepts together is presented in the form of a Chrome browser extension and two remote services.
14:30-15:00
Speaker: Virab Gevorgyan
Type of talk: Master Final
Advisor: PD Dr. Swen Jacobs
Title: Cutoffs for Parameterized Broadcast Protocols
Research Area: 2
Date - Time: March 2, 2022 - 14:30
Abstract:
The occurrence of growingly complex reactive systems in increasingly critical areas induce
the necessity of automated verification techniques (e.g. model checking). Furthermore,
the correctness of some designs needs to be verified independently of the system size. An
important subclass of such designs used in a lot of distributed and parallel applications are
the Parameterized Broadcast Protocols (PBPs): systems composed of a finite, but arbitrarily
large number of identical processes that communicate with each other via broadcast messages.
In this work we generate over 30,000,000 random PBPs of different sizes and develop
a program to compute cutoffs (number of processes suffcient to prove or disprove a property
of a parameterized system) for PBPs. We investigate the cutoffs for reachability properties
and safety properties in general. Our experiments show that cutoffs for most (almost all) of
the randomly generated PBPs are small which is also the case for PBPs in most applications.
However, we do identify protocols that have big cutoffs and develop further those protocols
to construct examples of PBPs with cutoffs bigger than any given power tower function
compared to the size of the PBP. Moreover, we identify suffcient conditions and necessary
conditions to achieve small cutoffs in PBPs.
15:00-15:30
Speaker: Lukas Kirschner
Type of talk: Master Final
Advisor: Prof. Dr. Andreas Zeller
Title: Feedback-Driven Grammar-Based Test Generation
Research Area: 5
Abstract:
Grammar-based test generation techniques allow to generate syntactically valid inputs for software testing. These techniques generate inputs by employing the input grammar as a producer, typically, without obtaining any program feedback during test generation. However, program feedbacks (such as program failure) are necessary to achieve and target certain testing goals (e.g. fault exposure). To achieve such testing goals, it is necessary to generate test inputs that contain specific input structures that are relevant to the intended testing goal.
In this work, we propose a grammar-based test generation approach that uses a feedback loop to iteratively learn relevant input properties from generated inputs, in order to drive the generation of goal-specific test inputs. Concretely, we leverage a combination of evolutionary testing and grammar learning to determine the relevant input structures that achieve a target goal. The main idea of our approach is to learn the mapping between input structures and a specific testing goal, such mappings allow to generate inputs that target the goal at hand. Given a testing goal, our approach iteratively selects test inputs that are relevant to the goal, mutates such inputs and learns the distribution of input elements in the resulting (mutated) inputs using a probabilistic grammar. The learned grammar is then employed as a producer to drive the generation of goal-specific inputs.
In our evaluation, we used three input formats (JSON, CSS and JavaScript), a total of 20 subject programs and four testing goals namely unique code coverage, input complexity, program failures and long execution time. Overall, our results show that our feedback-driven approach effectively achieves our testing goals in fewer generations and quicker than the baselines (i.e. random and probabilistic grammar-based test generation).