News
Next Seminar on 19.07.2023
Written on 14.07.2023 12:40 by Niklas Medinger
Dear All,
The next seminar(s) take place on 19.07.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:30)
Patrick Gräfe, Daniel Berresheim, Yannick Ramb
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-15:30)
Groß, David, Darian Hach, John Schmitt
https://cispa-de.zoom.us/j/69371224982?pwd=amFFbmVBcVhDeGg5Q2VacXh0M3pKQT09
Session A:
14:00 - 14:30
Speaker: Patrick Gräfe
Type of talk: Bachelor Intro
Advisor: Sebastian Brandt
Title: On exploiting cycles in distributed algorithms for maximal matching
Research Area: RA1: ALGORITHMISCHE GRUNDLAGEN UND KRYPTOGRAPHIE
Abstract:
The Round Elimination technique is a central method in the field of distributed algorithms for proving lower bounds for specific problems.
This technique constructs a worst-case graph that demonstrates that a problem requires at least a specific number of rounds to be solved,
providing a lower bound for the problem. However, the Round Elimination method always constructs tree-like structures to prove a statement.
An interesting observation is that if we consider only graph families with cycles, all the lower bounds established by Round Elimination no longer hold.
Consequently, there could be faster algorithms for known problems that exploit the cycles in these graphs.
In this work, our objective is to explore how distributed algorithms could perform in an environment with cycles, potentially surpassing the lower bounds set by the Round Elimination Technique. To achieve this, we will investigate the problem of maximal matching, which is one of the most fundamental problems in distributed algorithms.
Specifically, we will focus on the bipartite setting and aim to explore the possibility of a faster algorithm that exploits the presence of cycles.
14:30 - 15:00
Speaker: Daniel Berresheim
Type of talk: Bachelor Final
Advisor: Dr. Nils Ole Tippenhauer
Title: Protecting Motor Control Firmware against Manipulation
Research Area: RA3
Abstract: The increasing complexity of firmware to control vehicles introduces many new opportunities for attacks. Vulnerabilities in non-essential features can enable an attacker to execute code in parallel or concurrently to security critical code. Furthermore, we have to consider even the hardware owner as a potential attacker who might want to tune their vehicle by bypassing the hardware enforced speed limit.
We investigate in our Thesis whether Trusted Execution Environments (TEE), in particular Arm Trustzone can be used to protect critical functionality as well as hardware access of a system from parallel running attacker code.
We show different approaches we implemented to realize this Trustzone powered isolation and evaluate whether they reach the required security goals and whether they are capable to protect third-party monitoring software.
15:00 - 15:30
Speaker: Yannick Ramb
Type of talk: Master Final
Advisor: Prof. Dr. Thorsten Holz
Title: TDVFuzz: Fuzzing the Intel Trust Domain Virtual Firmware
Research Area: 3
Abstract:
Over the last few years, there has been a strong trend for businesses and individuals to outsource their data and services to the cloud.
One drawback of the current cloud computing landscape is that the Cloud Service Provider must be trusted implicitly, as it controls the hardware and is thus able to spy on and manipulate data and workloads inside customers' virtual machines (VMs).
Under these circumstances, confidential computing scenarios like the processing of sensitive or proprietary data are not possible.
The Intel Trust Domain Extensions (TDX) technology aims to mitigate this by isolating VMs on the hardware level from the hypervisor.
It requires specialized firmware called Trust Domain Virtual Firmware (TDVF) to provide integrity and confidentiality to the guest OS.
Since the boot firmware is responsible for maintaining the chain of trust, it is a highly critical component for security, and special care must be taken to minimize bugs and security vulnerabilities.
Software testing is one method to attain this and, to this extent, particularly fuzz-testing has proven to be an effective and productive tool.
However, the unique conditions posed by the execution environment and frequent interaction with hardware make firmware testing and application of tools like fuzzers challenging in practice.
This thesis aims to address this problem by providing a proof of concept fuzzing approach that is based on the kAFL fuzzing framework and extends TDVF source code to facilitate coverage-guided fuzz-testing of the TDVF firmware.
We demonstrated our method by fuzzing critical code sections that we identified in a previous security assessment under the new threat model in which the hypervisor is considered untrusted and potentially malicious.
Additionally, we explored options to enable sanitizers in our setup to further increase testing and bug-finding capabilities.
Evaluation results demonstrate that our method is able to effectively fuzz the TDVF firmware with high execution speed and detect bugs during the fuzzing campaigns.
Session B:
14:00 - 14:30
No information provided.
14:30 - 15:00
Speaker: Darian Hach
Type of talk: Bachelor Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Static Taint Analysis of Programmable Logic Controller Code
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: Industrial Control Systems (ICS) constitute a core component of critical infrastructure such as the electric grid, oil reļ¬neries or nuclear power plants. At their lowest layer highly robust and reliable devices called Programmable Logic Controllers (PLCs) are fed with sensor readings and compute output to actuators based on a control logic that is programmed by engineers to control the system’s state. Due to the requirements of such systems towards continuity of operation and reliability and the often security-agnostic background of employed engineers, the security of ICSs and program logic in particular has often been neglected. Exacerbating this problem is the increasing connectivity of ICSs to the Internet that, as a result of the little security measures in place, dramatically increases the attack surface of such systems allowing for attacks against a nation’s critical infrastructure such as with Stuxnet or the Ukrainian power grid attacks.
While many protection measures have been suggested to protect ICSs, few have taken a human-centric and code-level approach to increasing the security. In this thesis we will thus propose the use of static taint analysis to support engineers with little security background by raising awareness about critical code locations in potentially highly complex programs and suggest remediation strategies to mitigate against potential vulnerabilities resulting from dangerous code locations.
15:00 - 15:30
Speaker: John Schmitt
Type of talk: Master Intro
Advisor: Giancarlo Pellegrino, Aleksei Stafeev
Title: Human Scan Patterns in Task-Driven Web Exploration
Research Area: RA5
Abstract:
Modern web applications have become quite complex and pose a major chal-
lenge for web crawlers. In modern web applications, web crawlers have some
weaknesses. These include identifying a webpage’s category, functionality, and
navigation to a desired target in the web application. Compared to crawlers,
humans find a quick and easy solution to these problems without much thought.
Motivated by the weaknesses of crawlers, in this thesis, we learn from human
behavior and try to identify patterns from the human eye gaze that can be ap-
plied in crawlers. The patterns should be able to improve the performance of a
crawler with respect to its weaknesses. To detect patterns, we perform an eye-
tracking study. We give participants specific exploration tasks on screenshots of
several webpages and register their gaze data. We conduct three stages in our
experiment, including tasks specific to the three weaknesses mentioned above.
The heatmaps and scanpaths we gather will indicate whether such patterns ex-
ist. In the end, we will be able to answer the question of human scan patterns
existing for task-driven webpage exploration. But more precisely, we will answer
the following research questions:
1. Do common exploration patterns exist for websites in equal categories?
2. Do common exploration patterns exist for webpages with equal functional-
ity?
3. Do common exploration patterns exist for a navigation task to a destination
page with desired functionality?