News
Next Seminar on 26.10.2022
Written on 19.10.2022 19:36 by Philip Lukert
Dear All,
The next seminar(s) take place on 26.10. at 14:00 (Session A) and 15:00 (Session B).
Session A: (14:00-15:30)
Tim Recktenwald, Ulysse Planta, Rayhanul Islam Rumel
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (15:00-15:30)
Yannick Ramb
https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09
Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$
Session A:
14:00-14:30
Speaker: Tim Recktenwald
Type of talk: Bachelor Intro
Advisor: Dr. Giancarlo Pellegrino
Title: Chikara: Combining Web Application Crawling With Forced Execution
Research Area: 5
Abstract: Due to their ease of use, web application scanners are a popular choice when it comes to securing the web. Most of them take a blackbox approach, i.e., they do not require any prior knowledge about the tested application. To this end, blackbox scanners generally include a crawler to explore the states of a web application in an automated fashion. However, crawling modern web applications is by no means a trivial task: Whereas websites used to be completely static in the early days of the Internet, the adoption of JavaScript has rendered the client-side highly dynamic and increasingly complex.
The crawling approaches proposed in previous research works may not exercise all branches in the event handler code. This poses the question whether the deployment of advanced program analysis techniques could be a viable strategy in crawling. In particular, forced execution allows to run code irrespective of branch conditions by manipulating their outcome.
Although other works illustrate the remarkable potential of forced execution in rather narrowly defined areas of web security, the technique has not yet been studied in the more general context of web application scanning. Therefore, this thesis will explore how forced execution can be meaningfully integrated into web application crawling. Secondly, we will examine whether our method improves application coverage compared to existing approaches.
14:30-15:00
Speaker: Ulysse Planta
Type of talk: Bachelor Final
Advisor: Michael Schwarz
Title: Frequency Side-Channels on AMD Processors
Research Area: RA3
Abstract:
Traditionally, power side channels were limited to an attack model with full physical access
and external hardware to measure the power consumption of the system under attack. With the
addition of software interfaces like RAPL, software-only power side channels became feasible.
As a reaction to this new category of attacks, CPU vendors lowered the precision of reported energy
consumption and operating systems restricted access to energy measuring interfaces to
privileged programs only. Because modern processors continuously vary their operating
frequency depending on the workload, temperature, and energy constraints, we can draw a
conclusion about the type of workload solely from the frequency that the processor is operating at.
Using the RDPRU instruction introduced by AMD with its Zen 2 microarchitecture, an unprivileged
attacker can access two different processor internal registers, yielding a primitive, that allows for
frequency measurements with previously unreachable temporal resolution.
We investigate the resulting side channel on recent AMD processors to see what an attacker can
infer from frequency measurements on these processors and how these attacks can be mitigated.
In this talk we discuss the results of experiments and present the case studies performed.
15:00-15:30
Speaker: Rayhanul Islam Rumel
Type of talk: Master Final
Advisor: Prof. Yang Zhang
Title: Linking Attack Against Machine Learning Models
Research Area: RA1
Abstract: Popular internet services such as image and voice recognition, online video sharing, social media, and natural language translation use machine learning as part of their
services. Many popular companies e.g. Facebook, YouTube, Google use machine learning internally to improve marketing and advertising, offer products and services to customers, and
better understand the data generated by their business operations. Machine learning models can be considered confidential due to sensitive training data, economic value, or use in
security applications. Confidential ML models are increasingly provided with publicly available query interfaces.
On the other hand, big corporations have already begun to merge. Meta Inc., for example, currently owns Facebook, Instagram, and WhatsApp. However, these businesses are not
permitted to freely exchange their user data with one another to improve their own services. WhatsApp, for example, has signed an agreement indicating that it would not share any
EU user data with Facebook and will only transfer data in compliance with the General Data Protection Regulation (GDPR).
Taking all of these considerations into account, we develop a method on which we conduct linking attack for determining whether or not various machine learning models are using the
same data. The attacker's goal in linking attacks is to characterize sensitive information about a group of individuals using a specific dataset. In our case, we aim to learn
whether the models are using the same train set using a probe set. The study computes the area under the curve (AUC) to determine whether or not two models use a similar
train set. If the AUC is close to one, we may assume that these models used similar train sets. We can presume that two models used similar train sets if the AUC is close to one.
In each experiment, we train the target models (ML models that are being compared with the base model) and our base model (a model with which we compare the target models)
using data from the same distribution. We considered the ml models ResNet 18, MobileNet V2, and VGG16 along with the datasets MNIST and Cifar10 to conduct a
total of 12 experiments. Since we are using train data from the same distribution to train all of our ML models in an experiment, we anticipate a high AUC score. It’s interesting
that we had high AUC values in every experiment, and they were all quite near to one.
Session B:
15:00-15:30
Speaker: Yannick Ramb
Type of talk: Master Intro
Advisor: Prof. Dr. Thorsten Holz
Title: TDVFuzz - Fuzzing Intel's Trust Domain Virtual Firmware
Research Area: 3
Abstract:
With the rapid digital transformation and the dramatic rise of cloud computing over the
last decade, more and more businesses utilize cloud services to outsource their own
data and services. Despite the many advantages of this trend, there still is one major
obstacle: one must trust the Cloud Service Provider and its infrastructure. This is
particularly problematic for any business working with sensitive or proprietary data,
as Cloud Service Providers have technical capabilities to obtain and manipulate data
inside their virtual machines. To mitigate this situation, Intel developed Trust Domain
Extensions (TDX) - a novel set of architectural extensions for isolating guest VMs - called
Trust Domains (TD) - on a hardware level from an untrusted hypervisor and any other
non-Trust-Domain software on the platform.
Although designed with security in mind and extensively tested, TDX may contain
unexpected flaws and vulnerabilities. One component where such issues might occur
is the Trust Domain Virtual Firmware (TDVF), which is the TDX-aware pendant to
UEFI, i.e. the firmware that sets up the underlying platform and lays the foundation
for operating systems and other services to run. As such, TDVF is also a prominent
target for firmware-level attacks. To maintain the confidentiality and security of the
Trust Domain, we aim to detect unexpected issues by using a feedback-guided fuzzing
approach. To this end, we will extend the existing kAFL fuzzer framework, utilize
Intel Processor Trace for feedback acquisition and fuzz TDVF with our modified
framework.