News
Next Seminar on 10.11.2021
Written on 04.11.2021 11:09 by Stella Wohnig
Dear All,
The order of talks has changed!
The next seminar(s) take place on 10.11. at 14:00.
Session A: (RA4)
Konstantin Holz - Tristan Hornetz - Joshua Renckens
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: no talk this week
Session A:
14:00-14:30
Speaker: Konstantin Holz
Type of Talk: Bachelor Final
Advisor: Dr. Nils Ole Tippenhauer
Title: Security Assessment of IPv6 Implementations of Home Routers
Research Area: Secure mobile and autonomous systems
Abstract: The successor of IPv4, IPv6 is slowly reaching into the commercial area and into the households to replace IPv4. ISP begin providing a native IPv6 for end-users to utilize for their internet connection.
In this thesis, we examine the IPv6 implementation in commercially available routers, for differences in features and security mechanisms. In particular, we want to find out to which degree various manufacturers implemented IPv6 and which security guarantees it provides in contrast to its IPv4 implementation. For this, we run various tests on chosen devices for packet routing as well as look into features provided to the user and also look into the provided source code.
14:30-15:00
Speaker: Tristan Hornetz
Type of talk: Bachelor Final
Supervisor: Prof. Dr. Andreas Zeller
Title: Evaluating the Effectiveness of Automated Fault Localization in Python
Research Area: RA4
Abstract:
Automated fault localization describes a group of techniques that can aid a
programmer in locating the cause of bugs during software development. There
exists an abundance of past research on the topic, with countless approaches
being proposed and evaluated. Among the most popular techniques are
Statistical Debugging (SD) and Spectrum Based Fault Localization (SBFL), which
utilize dynamically recorded execution data to produce rankings of suspicious
program elements.
However, there is very little research about the applicability and general
usefulness of automated fault localization in the Python programming language.
This is surprising, given Python's high popularity and powerful introspection
capabilities. In this thesis, I present a configurable hybrid model of SBFL
and SD, and evaluate its performance on 300 bugs in real-world Python programs
from the BugsInPy database. The results demonstrate that configurations
resembling SBFL are generally superior to SD-like configurations. Moreover, I
demonstrate that a combination of SBFL and SD can yield better results than
both techniques individually.
15:00-15:30
Speaker: Joshua Renckens
Type of talk: Bachelor Final
Advisors: Dr. Rafael Dutra, Nikolas Havrikov
Supervisor: Prof. Dr. Andreas Zeller
Title: 0KFuzzer: Applying Systematic Exploration to FormatFuzzer
Research Area: RA4
Abstract:
Fuzzing is a technique used to test the robustness of programs by automatically generating inputs and feeding them into programs under test. However, using only randomly generated inputs is not a good way to achieve great code coverage. Most will immediately fail at the beginning of the program execution due to not matching the structure that is expected of the input.
Ways to mitigate this are grammar-based fuzzers. They take grammars that specify languages first and then base the input generation on the specified language. This makes sure that a certain input structure is maintained, reaching parts of the test programs random fuzzing wouldn’t be able to reach. However there is no guarantee that the entirety of a grammar can be covered reliably even when using grammar-based fuzzers.
The k-path algorithm improves on these grammar-based fuzzers bytaking care of the aforementioned issue. The goal of the k-path algorithm is to make sure that all of the grammar is systematically covered. It does so by building a list of k-paths from the grammar and generating inputs that cover these k-paths. Covering all of the k-paths should result in covering all of the productions of the grammar under test and by extension all of it’s terminals and non-terminals as well.
FormatFuzzer has an idea similar to grammar-based fuzzers but it takes binary templates, a format specification used by the 010 Editor, that specify file formats as inputs instead of grammars. It compiles them into C++ code that then acts as a generator of inputs according to the format specification described in said templates. However a similar problem to the grammar-based fuzzers can be found here as well, there is no guarantee that the entirety of the specification can be reliably covered and that’s where implementing the k-path algorithm into FormatFuzzer comes into play.
This thesis aims to improve on the FormatFuzzer by combining it with the k-path algorithm, taking the systematic coverage of grammars and using it on format specifications, with the goal being to systematically cover as much of the specification as possible. This combination of FormatFuzzer and the k-path algorithm, which we named the 0KFuzzer, will then be evaluated against the default FormatFuzzer to compare template coverage and code coverage