Bachelor- and Master Seminar

Next Seminar on 03.08.2022

Written on 29.07.2022 12:48 by Mang Zhao

Dear All,

The next seminar(s) take place on 03.08. at 14:00 (Session A) and 14:30 (Session B).

Session A: (RA4,5) (14:00-15:30)
Maximilian Jung, Jonas Cirotzki, Katharina Basters

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (RA 3)(14:30-15:00)
Jorim Bechtle

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$

Session A:

14:00-14:30 

Speaker: Maximilian Jung
Type of talk: Master Intro
Advisor: Valentin Dallmeier
Title: Automated Website Security Testing Based on Existing Selenium Tests with webmate
Research Area: RA5: Empirical and Behavioural Security 

Abstract: 
The web has become the most important platform of the internet and is used in all aspects of people's lives. It can be used for getting information, social interaction, online shopping and controlling smart homes or industry components. With the increasing amount of websites and features, there is a proportional rise in code complexity, which often results in more potential flaws. One of the most frequent flaws is Cross-Site Scripting (XSS), which allows attacker-controlled code execution in the context of the vulnerable application, as well as SQL injection, which allows attacker-controlled SQL code to be executed in the database to bypass logins, retrieve or alter information and even take over the whole database or server. We aim to alleviate this problem by automatically finding security vulnerabilities with automated test generation.

Unlike other automated website security testing approaches, we do not apply black-box fuzzing but are using an existing selenium test for a website as a basis by using webmate. Hence the security test is guided by the selenium test that is checking if the application works as intended. This enables us to test deeper paths in an application because the test knows how to get to a specific point of e.g. a multi-page form without fuzzing. The number of times we have to submit e.g. input fields are also greatly reduced by the fact that we know what data is expected in which fields because of the existing selenium test, which makes the testing more efficient and less invasive.

14:30-15:00

Speaker: Jonas Cirotzki
Advisor: Dr. Sven Bugiel
Research Area: RA4

No information is available.

15:00-15:30

Speaker: Katharina Basters
Advisor: Katharina Krombholz
Research Area: RA5

No information is available.

Session B:

14:30-15:00

Speaker: Jorim Bechtle
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: New Hardware - Old Vulnerabilities: Software-based Side-channel Attacks on RISC-V Architecture
Research Area: RA3

Abstract: 
X86 systems have been around for quite some time and so has the idea of an open
instruction set architecture. It is only since recently that broadly available RISC-V
systems exist, posing the question of their security.
Software-based side-channel attacks are known since the late 90s and have been thor-
oughly researched on x86 as well as ARM platforms.
Combining these facts raises the question of how vulnerable RISC-V systems are to cache
attacks and what can be done to effectively defend against software-based side-channel attacks.
This thesis investigates basic techniques for exploiting the instruction cache (I-cache) and
data cache (D-cache) of RISC-V processors, mounting different Flush+Reload attacks on
both of them and finally trying to attack OpenSSL.
This serves as a basis for further research on the security of RISC-V processors, implementing building blocks for more sophisticated side-channel attacks.
Only presenting attacks without suggesting effective defenses is of little help, thus this
thesis also proposes defenses against cache attacks, evaluating them in terms of effectiveness on RISC-V processors.
The results suggest that RISC-V processors are vulnerable to side-channel attacks, only
the small-scale new architecture imposes some new challenges upon attackers and defenders.