News
Next Seminar on 15.03.2023
Written on 11.03.2023 11:02 by Niklas Medinger
Dear All,
The next seminar(s) take place on 15.03.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:30)
Paul Krappen, Abduallah Imad Malallah, Emily Ries
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-14:30)
Simon Anell
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00 - 14:30
Speaker: Paul Krappen
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: A deterministic and fast approach to reverse engineer the DRAM addressing function
Research Area: RA3
Abstract:
When processors access DRAM, memory cells that neighbor the accessed DRAM Row leak charge.
If enough charge is leaked, this can lead to bit flips in those memory cells.
When this was discovered, DRAM manufacturers implemented a mechanism that refreshes (reads and writes back immediately) the content of DRAM rows periodically.
This is sufficient for a normal operating computer system but researchers discovered, that specific memory access patterns circumvent this mechanism and thus can still be used to cause bit flips in meášory.
This vulnerability is called Rowhammer and for it to be exploited, knowledge of how the processor maps physical addresses to DRAM locations is required.
To determine which location in DRAM a physical address maps to, CPUs have hardcoded functions depending on the Memory configuration of the system, which are for most systems undocumented.
Knowing this function can significantly improve Rowhammer attacks.
Thus researchers have worked on reverse-engineering it.
However, most approaches are non-deterministic, require physical access to the Hardware, or work only on specific CPUs of one manufacturer.
We aim to develop a framework for reverse-engineering the DRAM addressing function, that is deterministic, implemented fully in software, fast and works on both, ARMv8 and Intel Processors.
Additionally we want to investigate the applicability of this framework to AMD machines.
14:30 - 15:00
Speaker: Abdullah Imad Malallah
Type of talk: Bachelor Final
Advisor: Sven Bugiel
Title: Exploring API behaviour in android applications using Word2Vec
Research Area: RA4
Abstract: Most Android applications use services embedded in the mobile phone, e.g., WiFi,
Bluetooth, GPS, Camera, etc. These apps use those services via well-defined Android
application frameworks and SDK APIs. An application that uses these APIs could
retrieve sensitive and important information about the user or the device itself. For
example, the Location API provides the location of the user. APIs are practical and
add a lot of functionalities to Android applications, but they may get misused by those
applications as well.
The ability to verify whether an Android application performs as claimed has long been
a challenge for analysts. How do we know that an application uses these APIs in good
behavior? Does this application harm the privacy of the user, for example, by leaking
their location? The problem is not whether an app’s behavior fits a certain pattern or
not, but rather if the program behaves as promised. We use Android apps as a data set
for this work because of their market share and history of attacks. The main idea is to
cluster APIs based on their code context to detect outliers by using an NLP technique
called Word2Vec. To get the code context of APIs (from sources to sinks) we use a static
analysis tool called FlowDroid. Following the approach proposed in this work, we were
able to find normal and abnormal APIs. Most of the abnormal APIs were identified as
abnormal because of the code obfuscation.
15:00 - 15:30
Speaker: Emily Ries
Abstract:
As the usage of neural networks is pervasive in areas such as decision-making, it is
inevitable to ensure that their deployment does not lead to unfair treatment across
ethical groups. In order to make neural networks more accessible to average
consumers, they are required to be small in memory and complexity. Pruning algorithms
are helpful to fulfill these conditions. Although advanced pruning algorithms can
decrease model complexity while maintaining model accuracy, it is unclear whether the
pruned models show disparate impacts on different ethical groups. The purpose of this
Bachelor Thesis is to investigate the effect of pruning on model classification, especially
in the context of fairness.
Session B:
14:00 - 14:30
Speaker: Simon Anell
No information provided.