Bachelor- and Master Seminar

Next Seminar on 19.1.2022

Written on 11.01.2022 20:04 by Stella Wohnig

Dear All,

I hope you've had a great start to the new year and am happy to announce our first seminar sessions in 2022!
Please remember to upload your talk information on time :)
The next seminar(s) take place on 19.1. at 14:00.

Session A: (RA1,4)
Tim Walita - Jan Schmitz - Tobias Risch

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (RA 5)
Raoul Scholtes - Yassir Kozha - Tobias Berdin

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$

Session A:

14:00-14:30 

Speaker: Tim Walita
Type of talk: Bachelor Intro
Advisor: Nils Ole Tippenhauer
Title: Backdoor Attacks on Autoencoders in the ICS Setting
Research Area: RA4

Abstract: Nowadays, state-of-the-art machine learning models, such as autoencoders, are in wide use and also have their application in the industrial control system (ICS) setting. ICSs are commonly cyber-physical systems (CPS) such as power grids, water supply systems, and autonomous vehicles. Hardware components such as sensors and actuators build the physical part of the system. They interact with the physical world to perceive and interpret environmental feedback which is then processed by the cyber part of the system.

An autoencoder developed for water distribution systems can be a very effective reconstruction
based anomaly detection system. It is trained on a dataset containing sensor readings of a water
distribution system during normal operating conditions to learn the standard behavior of it.
However, recent research conducted at CISPA has shown that autoencoders are susceptible to backdoor
attacks. In this type of attack, the attacker is assumed to have control over the training process
of the target model and thereby introduce a hidden behavior that will only be executed by an
attacker chosen trigger.

Since backdoor attacks are mainly researched in the domain of learning based authentication
systems, such as face recognition, we would like to further expand the research on this topic to
find out whether it is possible to transfer this type of attack to the specialized setting of industrial control systems.

14:30-15:00

Speaker: Jan Schmitz
Type of talk: Bachelor Final
Supervisor: Prof. Dr. Andreas Zeller
Advisor: Michaël Mera
Title: On the Impact of Model preserving Program Transformations on Fuzzing
Research Area: RA4

Abstract: Fuzzing is a useful technique to automatically discover bugs in software with almost no
human intervention involved. However, complex checks, nested predicates and magic
byte value comparisons make it quite difficult for a fuzzer to progress in a program.
Therefore, existing solutions try to solve, bypass or disable these checks. Some of them
rely on input models to do so.
But using input models causes redundancy because they already handle input checks
that are present in the target program. This slows down the fuzzer unnecessarily, in
particular if it also relies on some kind of code analysis.
To overcome this problem the redundant checks have to be removed. I propose a method
based on genetic algorithms for producing an optimized version of the target program
and have built a prototype that shows the impact of this proposal on the fuzzing process.

15:00-15:30

Speaker: Tobias Risch
Advisor: Dr. Andreas Zeller , Rafael Dutra
Research Area: RA1/4

Abstract:

not provided

Session B:

14:00-14:30

Speaker: Raoul Scholtes
Type of talk: Bachelor Intro
Advisor: Dr. Cristian-Alexandru Staicu, Dr. Giancarlo Pellegrino
Title: Applying Code Property Graphs for Cross-Language Vulnerability Analysis
Research Area: RA5

Abstract:
Since the dawn of the internet, websites have evolved from simple document browsing interfaces to complex web applications, handling a large number of operations and taking multiple sources of user input. While these applications are often developed in scripting languages like PHP, Python or JavaScript (Node.js), many additionally rely on native extensions written in low-level code.

In the past, multiple vulnerability types have been uncovered affecting web applications. These vulnerabilities typically reside in the high-level application code and can be exploited via specifically crafted web requests by an attacker. However, if unsanitized user input flows into the low-level extension code, there is an additional possibility that a low-level vulnerability like a buffer overflow or memory corruption can be triggered by malicious website interactions.

To efficiently find zero-day vulnerabilities, many automated vulnerability scanning techniques have been developed by security researchers. An example of such a technique is the Code Property Graph by Yamaguchi et al. This static approach models the application code as an extensive combination of graphs, and vulnerabilities can be discovered very efficiently by querying these graphs. However, this approach has the limitation that the graphs can only contain code written in the same programming language. In the context of native extensions, this implies that we cannot model a continuous flow of attacker-controlled data from the high-level source to the low-level sink functions, making automated detection of addon vulnerabilities infeasible.

In this thesis, we propose a workaround for this limitation. By building separate graphs for extension and main code, intercepting the low-level results and dynamically creating high-level queries, we create an automated analysis framework that connects dataflow sources of the extension to the respective sinks in the high-level code, thus bypassing above limitation. We implement the approach for the Node.js ecosystem and its various extension APIs and, in a first set of tests, evaluate its reliability, scalability and performance. Additionally, we evaluate how well the framework is adaptable to different sets of programming languages and ecosystems. Finally, we download packages containing low-level code from NPM and use our Node.js prototype to detect previously unknown vulnerabilities in native extensions, reachable by attacker input from JavaScript.

14:30-15:00

15:00-15:30

Speaker: Tobias Berdin
Type of talk: Bachelor Intro
Advisor: Dr. Lucjan Hanzlik
Title: Anonymous Web Authentication using Intel EPID
Research Area: RA1

Abstract: Many of the modern websites offer the possibility of login for users to access special features that cannot be accessed without a login. To this end, a simple login and password approach is used. However, this comes with some disadvantages. One main concern is privacy, as activities related to some shared resources can be traced back to a specific user. In particular, an adversary can track which resources an individual is using which is not always desirable and can be considered a privacy violation.
The second problem relates to passwords that can be forgotten, compromised via database breaches, or easily guessed by an adversary.
This thesis aims to solve both of these problems by introducing a passwordless authentication method for websites that also maintains the anonymity of an individual user within a group.
Two components are used for this: the WebAuthn standard for public key-based web authentication, and Intel EPID, with which we certify the membership of a user to a group.
An implementation that brings these concepts together is presented in the form of a Chrome browser extension.