News
Next Seminar on 25.05.2022
Written on 19.05.2022 11:26 by Stella Wohnig
Dear All,
The next seminar(s) take place on 25.05. at 14:00 respectively 14:30.
Session A: (RA4,5) (14:00-15:00)
Norman Ziebal - Florian B.
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (RA 5)(14:30-15:30)
Paul Frerichs - Raphael Maser
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00-14:30
Speaker: Norman Ziebal
Type of talk: Bachelor Intro
Advisor: Prof. Andreas Zeller, Dr. Dominic Steinhoefel, Dr. Rafael Dutra
Title: Grammar meets Binary Template - Bidirectional conversion between context free grammars and binary templates
Research Area: RA4,5
Abstract:
Most programs expect highly structured inputs, which makes black-box fuzzing rather inefficient because inputs get rejected very early in the program flow.
Grammar-based fuzzing is a common technique to provide much better inputs to programs based on a specification.
FormatFuzzer is a generator for format-specific fuzzers. It takes a Binary Template as input, a format specification for a binary format,
and produces a highly efficient and fast parser and generator, which is conform to the provided specification.
Hundreds of Binary Templates already exist for various formats, but they can not be utilized by other grammar-based fuzzing tools,
due to Binary Templates being written in an imperative C-Style.
Grammar-based fuzzing tools commonly rely on a more declarative type of specification, like context-free grammars.
Context-free grammars are widely used when it comes to grammar-based fuzzing. They are easy to read and write for humans and have proven to be a good way of specifying a format.
Therefore many grammar-based fuzzing tools work well with context-free grammars as input.
This work aims to combine the benefits of context-free grammars and Binary Templates for fuzzing.
We will implement a framework for bidirectional conversion between context-free grammars and binary templates.
With this framework, we will, on one hand, be able to leverage the vast quantity of existing binary templates with already existing fuzzing tools and techniques
and on the other hand, combine the simplicity of context-free grammars with the speed and efficiency of FormatFuzzer.
14:30-15:00
Speaker: Florian B.
Type of talk: Bachelor Final
Advisor: Dr. Dominic Steinhöfel, Prof. Andreas Zeller
Title: Bidirectional Converter Between ANTLR, BGF and a Pivot Language
Research Area: RA5
Abstract:
Grammar-based fuzzing is a common technique to make fuzzers more program-specific. On the one hand, there are different fuzzers with different grammar formats as input and on the other hand, there are large grammar collections like the Grammar Zoo with its BGF format or repositories with many grammars in ANTLR format. The ability to convert different grammar formats into each other would allow to use existing grammar collections, and thus thousands of grammars without requiring additional work for each grammar.
Bidirectional conversion between these different formats is easiest accomplished using a pivot language.
This pivot language can then be used to convert ANTLR to BGF and vice versa, or to convert to any new format by simply developing a new converter for a different format while using he same pivot language.
In this thesis, a converter will be developed to convert ANTLR and BGF into a pivot language and vice versa.
15:00-15:30
no talk this week
Session B:
14:00-14:30
No talk this week
14:30-15:00
Speaker: Paul Frerichs
Type of talk: Bachelor Intro
Advisor: Dr. Sven Bugiel
Title: Local biometric prompt phishing on android devices
Research Area: 4
Abstract:
With FIDO2 and Webauthn on the rise, the relevance of biometric authentication is ever increasing. This is especially true for the mobile sector. This shift in authentication also comes with a change in the ways it is attacked. Most biometric authentication on mobile devices relies on the context it is shown in, requiring the user to identify harmful authentications based only on what the user can see on the screen or the knowledge what he has done just before. Malware with the correct set of permissions can perform phishing attacks on this kind of authentication scheme by starting authentication prompts in other applications. This reduces the means by which a user can identify a malicious authentication attempt. In this work we establish the basis on which future works will investigate how well users on Android devices are able to recognize dialogues outside of their context and thus prevent a possible phishing attack. We are developing a system to start out-of-context dialogues at strategic moments to simulate the behavior of malware installed on the user's device, testing the users' ability to detect and prevent this kind of phishing attacks.
15:00-15:30
Speaker: Raphael Maser
Type of talk: Bachelor Intro
Advisor: Prof. Mario Fritz, Dr. Andreas Husch (Uni Luxemburg)
Title: Confounding in Machine Learning Models
Research Area: RA1
Abstract:
Machine Learning has seen a lot of progress during the last decade and gained even more attention during the enduring COVID-19 epidemic. Despite this progress, the clinical relevance of ML in the medical domain is still rather low, mainly because models exhibiting good performance in the test environment fail when deployed in the real world. This is mainly caused by a gap between training data and real-world data, where bias and (hidden) confounders in training prevent the models trained from them to capture clinically relevant settings.
Working towards more robust models by utilizing domain adaptation techniques, we aim to reliably assess different de-confounding techniques. To achieve this a simple framework for the creation of synthetic confounded data and injection of confounders in real datasets will be written.