Bachelor- and Master Seminar

Dear All,

The next seminar(s) take place on 14.02.2024 at 14:00 (Session A) and 14:00 (Session B).

Session A: (14:00-15:00)
Moritz von Zülow, Mika Meyer

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (14:00-14:30)

Lucas Layfield

https://cispa-de.zoom-x.de/j/62229284468?pwd=SThvSGpZKzB2Q1VmM1gxSGRwV3Mzdz09

Session A:

14:00 - 14:30

Speaker: Moritz von Zülow
Type of talk: Bachelor Intro
Advisor: Thorsten Holz
Title: Boosting Code Coverage of Curl Fuzzing using Fuzz-Generated Harnesses
Research Area: RA3
Abstract:

Fuzzing is an automated software testing technique that enables developers to discover security and correctness flaws in their program by subjecting them to random malformed input. Despite the effectiveness of modern fuzzers that leverage compilers to instrument code and enhance coverage, certain programs, such as curl - a widely deployed open-source project for data transfer with URLs - exhibit poor code coverage during runtime. Existing fuzzers typically achieve a mere 1% coverage of curl's executed code, leaving a significant portion untouched and potentially harboring undiscovered vulnerabilities.

During a security audit of curl, the Trail of Bits team successfully identified new security vulnerabilities by employing a novel approach - fuzzing curl's command-line interface. This method, previously deemed ineffective, proved fruitful in revealing previously unnoticed flaws.

In this thesis, we aim to address this gap in the curl fuzzing process. By incorporating command line arguments into the fuzzing process, we test different options of curl, which allow us to utilize different features and reach previously untested areas of source code. Ultimately, by increasing the code coverage during fuzzing, we aspire to enhance to the overall security of curl.

14:30 - 15:00

Speaker: Mika Meyer
Type of talk: Master Intro
Advisor: Giancarlo Pellegrino, Giada Stivala
Title: An Analysis of Malicious File Distribution on Free Hosting Providers
Research Area: RA6 (Empirical and Behavioral Security)
Abstract:
Today, prefabricated phishing kits and other malicious web content are widely available and easy to deploy, lowering the effort required by cybercriminals to perform these attacks. However, hosting such sites while maintaining the anonymity in the setup and payment process is challenging. Furthermore, serving malicious files publicly at multiple providers to achieve availability in case of takedowns and repercussions requires significant financial investments at scale.

In this project, we identify hosting providers offering services for free, as they are a popular target for hosting phishing sites and distributing malicious files. We focus our analysis on providers offering hosting options for files, because files are the basic building block for web content and are sufficient for performing various kinds of attacks. Attackers can abuse these services while maintaining their anonymity, if the implemented countermeasures do not comply with best practices. Next to web hosting providers, we also analyze object storage providers and website builders, as they often also offer free tiers which can be abused for distributing files.

We create a list of hosting providers, identify those which offer free services and evaluate their countermeasures against malicious actors. We show that abusing providers at scale is possible by using simple automation techniques to deploy malicious files at multiple providers at once. After deploying test files of common attacks, we monitor their availability and analyze the detection and takedown mechanisms in place. Finally, we create abuse notifications to our deployed files and check the responses from the providers.

Session B:

14:00 - 14:30

Speaker: Lucas Layfield
Type of talk: Bachelor Intro
Advisor: Xaver Fabian
Title: Extending the Blade tool to account for Spectre-BTB attacks in indirect calls
Research Area: RA1
Abstract: Blade is a tool which aims to eliminate speculative leakage of secrets in cryptographic code through a type system for
expressions that can identify paths from source expressions that introduce secrets to the execution to sink expressions which leak
those secrets and fix programs by cutting those paths with a speculation stopping abstract directive.

In this paper, we will extend the formal model of the language on which the type system is based on to model indirect function calls as
well as the speculative behaviour that can occur during their execution. We will also make additions to the type system so that leakage
arising from speculative execution of indirect function calls can be detected and mitigated.

Dear All,

The next seminar(s) take place on 31.01.2024 at 14:00 (Session A) and 14:00 (Session B).

Session A: (14:00-15:00)
Gleb Rostanin, Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (14:00-15:30)

Tristan Hermanns, Ben Rosenzweig, Mihirraj Dixit

https://cispa-de.zoom-x.de/j/62229284468?pwd=SThvSGpZKzB2Q1VmM1gxSGRwV3Mzdz09

Session A:

14:00 - 14:30

Speaker: Gleb Rostanin
Type of talk: Bachelor Final
Advisor: Nils Ole Tippenhauer
Title: Embedded Intrusion Detection for Automotive Ethernet
Research Area: RA3
Abstract:

In the current stage of development for Connected Cars, Automotive Ethernet (AE)
has become the preferred In-Vehicle Network (IVN) protocol, replacing the outdated
Controller Area Network (CAN) protocol. The internet connection of Connected Cars and the development of new automotive protocols not only extends the feature development possibilities, but also makes cars a potential target for cyberattacks. In addition to standard security applications, such as authentication via SecOC, Intrusion detection systems (IDS) grant the possibility for car manufacturers to detect and react to attempted or ongoing attacks on the vehicle, without adding significant latency to the IVN. In this bachelor’s thesis, we discuss the deployment possibilities of IDSs for the automotive field and examine this topic by integrating a simple open-source based IDS, on a stateof-the-art embedded central communication gateway. Contrary to the estimation of previous research papers, we show a simple way of using Snort –an open-source IDS– in the automotive domain and give an intuition how to detect the unique attacks of the automotive domain. For this work, our focus lies on the Scalable service-Oriented MiddlewarE over IP (SOME/IP) protocol, which is commonly used in AE-IVNs to provide services to multiple car components efficiently. Finally, we evaluate the efficiency and usability of the developed IDS on the embedded gateway used for integration. Due to
the lack of IVN network data, we implement a proof-of-concept Man-in-the-middle attack on the SOME/IP Service Discovery protocol and cover SOME/IP standard violation attacks by using generated attack data.
 

14:30 - 15:00

Speaker: Matteo Leonelli
Type of talk: Master Intro
Advisor: Thorsten Holz, Ali Abbasi
Title: Coverage Guidance by Proxy for Differential Fuzzing of Video Accelerators
Research Area: RA3
Abstract:

Today, video encoders and decoders implemented in hardware are integral to our daily lives through the internet, media, and social networks.

The interaction between software and hardware in decoding videos involves hardware accelerators that interface with drivers, facilitating the use of privileged software and hardware components. This interplay introduces the potential for functional disparities and security vulnerabilities due to the black box, obscure, and complex nature of hardware that makes testing difficult. In contrast, the software decoding process is white box, testable, and only presents intuitive scenarios, though implemented entirely differently.

Like other testing fields, hardware security research struggles with defining efficient test oracles. In the context of our research, we aim to design a methodology to assess the behavior of hardware components, specifically video hardware accelerators. This tool leverages coverage of the software implementation as a proxy for the state of the decoding process, allowing for the inference of hardware coverage and the ability to uncover potential non-deterministic or incorrect behavior in the hardware components. Our approach employs a fuzz testing strategy to identify hardware and software bugs, effectively tracing hardware behaviors through software metrics. We demonstrate the applicability of this approach through a case study involving video hardware accelerators, testing the complete hardware acceleration stack against the software implementation. Importantly, this methodology holds promise for various scenarios where hardware implementations exhibit determinism and have analogous software implementations for testing functional correctness and performing lower-level security assessments.

Session B:

14:00 - 14:30

Speaker: Tristan Hermanns
Type of talk: Master Intro
Advisor: Ben Stock
Title: Manipulating Browser Extension Functionality - Analyzing Web-Based Attack Vectors
Research Area: RA5 - Empirical and Behavioural Security
Abstract:
With over 180,000 extensions in the Chrome Web Store and widespread usage among desktop users, browser extensions are a critical component of online browsing, enhancing user experience with added features. However, this popularity brings inherent security concerns. Despite modern browsers implementing measures like separate namespaces for extension JavaScript code, vulnerabilities persist in the interaction between websites and browser extensions.  

These vulnerabilities primarily arise from two aspects of browser-extension interactions. Firstly, when extensions inject scripts into websites, the once separate namespace becomes shared, allowing potential website influence over the extension. Secondly, even with separated namespaces, extensions can interact with data or elements controlled by websites, like the DOM or cookies, which can be exploited by attackers.

This study aims to develop a framework to assess these vulnerabilities and their impact on browser extension functionality. We focus on identifying methods through which websites can influence extension behavior and evaluating the vulnerability of real-world extensions to these methods.

14:30 - 15:00

Speaker: Ben Rosenzweig
Type of talk: Bachelor Intro
Advisor: Dr.-Ing. Aurore Fass
Title: Machine Learning Based Approach for Detecting Malicious Browser Extensions
Research Area: 5
Abstract:
Browser extensions are widely used to enhance the functionality of modern web browsers. Browser extensions can, e.g., remove advertisements, change the appearance of a new tab, or provide coupon codes for users who are shopping online. To achieve some of these functionalities browser extensions require access to elevated privileges, which web pages do not have. Chrome extensions have access to the Chrome Extension APIs. The privileges gained through these APIs can be abused by attackers, which can potentially lead to the theft of user data, the injection of unwanted additional advertisements into websites, or the unwanted change of the default search engine of a user's browser.
To protect users from these threats we will create a system to identify potentially malicious extensions.  We will use metadata, such as the used permissions, the number of files included, user ratings, etc. This will be combined with static analysis of the source code and machine learning to classify an extension as benign or malicious.

15:00 - 15:30

Speaker: Mihirraj Dixit
Type of talk: Master Intro
Advisor: Dr. Mridula Singh
Title: Targeted Desynchronization of User Equipments in Cellular Networks
Research Area: RA4
Abstract:

LTE(Long Term Evolution) is the most commonly used wireless technology used for cellular communication. With the increase in the usage of smartphones, people are constantly connected. This need for staying constantly connected brings security and privacy concerns for users. In the existing work, the multiple attack vectors like privacy leakage and disruption attacks performed on LTE protocol, requires usage of fake base stations which increases the cost of the attacker.  

In this work, we have identified a vulnerability in the LTE protocol that by using temporary identifiers we can track a particular user equipment(UE) for an indefinite time period. Therefore, we can launch targeted attacks for the specific UE for desynchronizing from the network. Moreover, the research utilises existing timing parameters like timing advance for desynchronizing the user covertly. Since our work passively targets specific users through linkability and desynchronizes the user semi-actively without relying on deploying fake base stations, we can claim that our launched attack is more stealthier and cost-effective in nature.

We demonstrate the feasibility of this attack by performing an experimental setup using srsRAN setup. Through this experiment, we try to assess the impact of the privacy leakage and network disruption paving the way to enhance the cellular network’s robustness.

Dear All,

The next seminar(s) take place on 17.01.2024 at 14:00 (Session A). There is only one session.

Session A: (14:00-14:30)
Margarita Keteva

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session A:

14:00 - 14:30

Speaker: Margarita Keteva
Type of talk: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: Evaluating FIDO2 Attestations in Real-World and Security Keys Counter Behaviour
Research Area: RA1

Abstract:

FIDO2 introduces standards for secure passwordless authentication over the Internet. It consists of two protocols, namely CTAP2 (Client to Authenticator Protocol) and WebAuthn (W3C Web Authentication). Attestation and assertion are two terms that refer to the security key's registration and authentication.

In this study, we will analyse and evaluate the usage of FIDO2 in the real world by targeting the most visited websites and the attestations returned by security keys during the registration phase. The collected payloads from different authenticators will provide a broader scope of data.

Each аttestation and аssertion contains a counter that indicates the number of operations performed and signed by the authenticator. It is a measurement against cloning attacks. By evaluating the values of multiple responses and examining the change of the counter, we can calculate the probability of detecting the attack after its execution.

Dear All,

The next seminar(s) take place on 03.01.2024 at 14:00 (Session A). Please note that there will be only one session.

Session A: (14:00-15:00)
Parthipan Ramesh, Niklas Britz

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session A:

14:00 - 14:30

Speaker: Parthipan Ramesh
No Information is provided.

14:30 - 15:00

Speaker: Niklas Britz
Type of talk: Bachelor Intro
Advisor: Dr. Nico Döttling
Title: Simplicity and Efficiency: Integer Secret Sharing using Gaussian DistributionsReimagined
Research Area: 2
Abstract:
Secret sharing is a cryptographic technique to distribute a secret among different parties. Only a specified amount of the parties can reconstruct the secret together, while smaller party sizes learn nothing or little about the original secret when combining their respective information.
In this work we present Gaussian Linear Integer Secret Sharing (GLISS), a secret sharing scheme that uses discrete Gaussian distributions to hide integer secrets effectively.
While many established secret sharing schemes operate on modular arithmetic and finite sets where the secrets lie, sharing integer secrets offers advantages that will be discussed in this thesis. While integer secret sharing is not a novel discovery, existing schemes tend to have "unnatural" constructions and require big parameters.
In this thesis, we want to show that the use of Gaussian distributions allows smoother constructions due to rotational invariance. Furthermore, we proof that GLISS is a secure scheme that requires smaller parameters than former work and discuss applications of our scheme.

Dear All,

The next seminar(s) take place on 20.12.2023 at 14:00 (Session A) and 14:00 (Session B).

Session A: (14:00-15:30)
Yousuf Tanvir Kazi, Justus Sparenberg, Tim Nagel

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (14:00-15:30)

Oliver Schedler, Niklas Lohmann, Louise Malvin Tanaka

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

Session A:

14:00 - 14:30

Speaker: Yousuf Tanvir Kazi
Type of Talk: Master Intro
Advisor: Dr. Cristian-Alexandru Staicu
Title: Plug-and-Play in the Web: An Examination of Web Components' Usage and Security Implications
Research Area: RA5: Empirical and Behavioural Security
Abstract: 
Web components, in most basic form, can be defined as a pre-built set of reusable custom elements primarily built with HTML and JavaScript. Each framework has its own definition for the word Web Component. We define it as a plug- and-play snippet of code that can primarily be acquired from a package manager such as Node Package Manager (NPM).

The surge in popularity of web components, driven by frameworks, raises security concerns. In our study, we aim to explore the realm of web components, investigating their popularity, dissemination, utilization, and security challenges in the modern web.

Additionally, we will explore Server-Side Rendering (SSR) in relation to these web components. The primary motivation for this exploration is that if the web components are vulnerable or malicious, they could cause more damage to the application and compromise data privacy during Server-Side Rendering. This is because, on the server, access rights are typically elevated, access to data is usually easier, and so forth.

14:30 - 15:00

Speaker: Justus Sparenberg
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Detecting, Categorizing & Evaluating App Permission Rationales
Research Area: RA5: Empirical and Behavioural Security
Abstract: Mobile applications have been an integral part in the everyday lives of people for a while now. To function properly, these apps need access to private data.
Users are understandably reluctant to give apps permission to use this data. For example, users should be hesitant to tell an unknown entity where they currently are. But for apps that are used for navigation this information is necessary to function. To increase the chance, that users give permission to use this data, developers can provide rationales to give users insight on what the data is used for.   
This work aims to use NLP to provide a system to detect rationales from the strings of apps, classify them according to the type of permission requested and evaluate the sentiment of these rationales.

15:00 - 15:30

Speaker: Tim Nagel
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Quantifying Location Leakage from a Mobile Device
Research Area: RA4

Abstract: 

Mobile devices have become an integral part of our daily lives, offering connectivity and convenience. However, this permanent connectivity often comes at the cost of privacy, particularly concerning continuous tracking of users through location leakage. Thus, to prevent tracking of devices, researchers have proposed the use of temporary randomized identifiers. Earlier works exist on analyzing the randomness and implementation of these temporarily randomized identifiers concerning protocols such as WiFi, Bluetooth and LTE.

Our research delves into a more profound vulnerability: even with securely randomized and timely updated identifiers, the asynchronous updates across different protocols enable prolonged tracking through cross-linking of these identifiers. Therefore, if we can establish correlation between the protocols based on the features of the transmitted messages, cross-linking will be possible. 

In this work, we will address two important research questions to assess the privacy leakage of devices: Can we establish correlation between different protocols from the messages transmitted by a single device, and is it possible to establish a cross-linking between the protocols? We plan to evaluate the privacy assessment of the devices in a real setting which will enable us to measure the privacy of different types of devices. 

Session B:

14:00 - 14:30

Speaker: Oliver Schedler
Advisor: Carolyn Guthoff, Matthias Fassl
Title: Evaluating Design Methods for Age-Appropriate CSE Protection
Research Area: RA 5 Empirical and Behavioural Security
Abstract: Messenger Apps can pose a risk to young adults' well-being by letting them see inappropriate content or confronting them with unwanted behavior from other users, ranging from sexual content over cyberbullying to cyber grooming. The goal of my study is twofold. One aim is to find feasible implementations for content warnings on WhatsApp. However, this is embedded into the broader proposition of finding viable approaches to involve youth in the (co-)design process in general. I choose a participatory design approach using interviews and focus groups to improve our knowledge of user needs, achieve high user value, and for immediate validation of ideas.

14:30 - 15:00

Speaker: Niklas Lohmann
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Time Advancement Attacks on OFDM Signals using Machine Learning
Research area: RA4: Secure Mobile and Autonomous Systems
Abstract: 
Orthogonal Frequency-Division Multiplexing (OFDM) forms the backbone of modern wireless communication, underscoring the necessity of robust security measures. This study delves into the potential of Machine Learning algorithms to not only understand but also replicate the precision of Time Advancement Attacks on OFDM signals. Focusing specifically on the Early Detect; Late Commit (EDLC) attack, we assess whether ML can offer a comparable approach to existing methodologies.

15:00 - 15:30

Speaker: Louise Malvin Tanaka
Type of Talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Virtual ICAO ePassport and Application to Attribute-based Online Authentication
Research Area: RA1: Trustworthy Information Processing
Abstract: 
Personal identification is a critical aspect of internet security in today's digital era. Ensuring that users comply with specific rules while preserving anonymity poses significant challenges. Identity verification is often necessary to access sensitive online services, but mishandling this process can pose significant vulnerabilities and privacy concerns. Users may also have to reveal unnecessary personal information to the relying parties in the process, putting their privacy at risk. In this thesis, we propose a novel identity verification method that prioritizes user privacy while ensuring secure authentication. 

Dear All,

The next seminar(s) take place on 06.12.2023 at 14:00 (Session A) and 14:00 (Session B).

Session A: (14:00-15:30)
Leon Barth, Dominic Troppmann, David Groß

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (14:00-15:30)

Mikka Rainer, Gowtham Krishna Addluri, Rahul Nittala

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

Session A:

14:00 - 14:30

Speaker: Leon Barth
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Feasibility of IDS in Automotive Systems using the NXP S23G Platform
Research area: RA3: Threat Detection and Defenses 

Abstract: 
The Controller Area Network (CAN) was introduced in the 1980s and has become the de facto standard communication protocol in the automotive industry. However, cars were much less digitized back then, which meant that potential security risks with CAN were less present. Today, with connected cars and numerous digital control systems such as brake-by-wire, drive-by-wire or autopilot the risk is much greater.

As a quasi-standard, the protocol cannot simply be replaced. Therefore, security measures are necessary. Intrusion Detection Systems (IDS), which are successfully used for other types of networks, are one way to detect attacks.

But since CAN does not send or verify information about the sender or recipient of individual messages, this is a major challenge. Possible approaches attempt to infer anomalies and possible attacks from information about signal levels, the temporal context, or the content of the messages. Methods ranging from simple statistics to deep learning are presented and evaluated. Unfortunately, most of the evaluation scenarios are not very close to the practice because of using powerful computers, oscilloscopes or synthetic evaluation data.

In this thesis, I investigate the feasibility of implementing such systems on next-generation automotive hardware using the NXP S32G platform as an example and realistic data. Therefore, I collect existing approaches for CAN IDS and CAN traffic datasets. The IDS is then analyzed with data as close to reality as possible, both on conventional high-performance x86-based hardware with a dedicated GPU and on the much more limited ARM-based NXP S32G platform. The results are used to evaluate the feasibility of each concept in future vehicles.

14:30 - 15:00

Speaker: Dominic Troppmann
Type of talk: Master Final
Advisor: Dr. Cristian-Alexandru Staicu
Title: Trust is good, control is better: Shedding light on typing practices in gradually typed scripting languages.
Research Area: RA5
Abstract: In recent years, scripting languages, most notably JavaScript/TypeScript and Python, have gained lots of traction due to their ease of learning, ease of use, and the large ecosystems of third-party packages and libraries. Another key feature of these languages is that, contrary to languages like C or Java, they do not use a static type system, which saves developers the significant effort of adding type annotations and affords faster prototyping and development. However, this usually comes at the cost of more typing-related bugs at runtime that would otherwise be caught by a static typing system. To give developers the best of both worlds, TypeScript and Python feature a gradual type system allowing developers to add optional type annotations/hints. These type annotations are checked at compile time but not enforced at runtime, meaning that developers must implement type checks to enforce datatypes during runtime. 

But does this happen in practice, or might developers even be fooled into thinking their scripts become type-safe by simply annotating them? This thesis aims to shed light on gradual typing and type-checking practices in real-world projects. More specifically, we study how frequently developers use type annotations, how type annotations affect the frequency and role of type checks, and the possible security implications of lackluster type-checking in the presence of type annotations. To this end, we present an approach that consists of statically analyzing close to \numprint{30000} GitHub repositories written in JavaScript, TypeScript, and Python to extract code metrics that reflect gradual typing and type-checking practices in these projects. We then proceed to select 20 real-world projects based on these metrics, which we then analyze manually to confirm the presence of type-related issues in gradually typed code. With this approach, we identify 44 functions that are likely susceptible to type-related issues.

15:00 - 15:30

Speaker: David Groß

No information is provided.

Session B:

14:00 - 14:30

Speaker: Mikka Rainer
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: Reversing the Microarchitecture with Unikernels
Research Area: RA3
Abstract:
The microarchitecture of modern CPUs is largely undocumented. However, knowledge of inner CPU mechanisms allows for finding novel attack vectors, creating new defenses, and building high-performance applications. While there is an ongoing effort to reverse engineer the inner mechanisms of modern processors, researchers are largely unable to observe individual microarchitectural events.
In this thesis, we investigate how we can create a noise-free measurement environment for microarchitectural reverse engineering by leveraging the power of unikernels. In a case study, we show that we can significantly improve the accuracy of address-to-slice mappings in comparison to previous techniques, taking the example of the addressing function of last-level cache slices. Contrary to previous work, we can measure microarchitectural events up to a single instruction granularity. This enables us to speed up reverse engineering of last-level cache slices by a factor of 260. We further reverse engineer one known and one previously unknown slice-addressing function. In this work, we make the first step towards a unified framework for microarchitectural reverse engineering by proposing a specialized research kernel.

14:30 - 15:00

Speaker: Gowtham Krishna Addluri
Type of talk: Master Intro
Advisor: Prof. Dr. Rebekka Burkholz, Advait Gadhikar
Title: Understanding the Effects of Batch Norm parameters on Iterative Magnitude Pruning
Research Area: RA1: Trustworthy Information Processing
Abstract : 

The Lottery Ticket Hypothesis suggests that sparse trainable networks with random initialization exist and can be found by the Iterative Magnitude Pruning algorithm.
This thesis aims to investigate the influence of the Batch Normalization operation on the pruning criteria and parameter optimization of the sparse network found by IMP.
In our approach we isolate and include the effects of the affine Batch Normalization parameters in the pruning and training steps of IMP. This is achieved in two distinct manners: modification of the scoring function and scaling of the model weights. Our primary objectives include evaluating potential changes in accuracy, examining alterations in the mask structure concerning the baseline, and investigating the stability of weights within the same basin.
Experiments are presented on VGG19 and ResNet, on the CIFAR-10 and CIFAR-100 datasets.

15:00 - 15:30

Speaker: Rahul Nittala
Type of talk: Master Intro
Advisor: Dr. Rebekka Burkholz
Title: Effectiveness of scale-free random pruning for sparse training
Research Area: RA1

Abstract:
The Lottery Ticket Hypothesis confirms the existence of sparse networks with random initializations that can achieve performance comparable to a dense network. But finding such tickets involves iterative pruning- retraining steps, thereby, increasing computational requirements. Random masks serve as a good pruning at initialization strategy for sufficiently overparameterized models, circumventing the additional overhead. This pruning at initialization could be considered as a sparse-to-sparse training rather than the traditional dense-to-sparse training.

Existing work provides theoretical bounds of the required overparameterization with one additional layer than the target network. Empirical analysis further shows confirms the success of sparse-to-sparse training as opposed to the traditional dense-to-sparse training. However, it imposes a restriction that the resulting lottery ticket network has an Erdos-Renyi degree distribution. Whereas, sparse networks or naturally occurring networks, in general, adopt a variant of scale-free distribution. The thesis aims to study the advantages conferred by adopting a generalized degree distribution for the source network. Preliminary analysis of representing a target network's edge structure shows that while requiring a higher overparameterization, a source network with scale-free degree distribution contains a sparser lottery ticket within it, when compared to ER degree distribution. This could potentially be beneficial for starting sparse and further increasing the sparsity during training.

Dear All,

The next seminar(s) take place on 22.11.2023 at 14:00 (Session A) and 14:00 (Session B).

Session A: (14:00-15:00)
Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session B: (14:00-15:30)

Moritz Wilhelm, Justin Steuer, Vinay Tilwani

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

Session A:

14:00 - 14:30

Speaker: Matteo Leonelli
Type of talk: Master Intro
Advisor: Thorsten Holz, Ali Abbasi
Title: Coverage Guidance by Proxy for Differential Fuzzing of Video Accelerators
Research Area: RA3

Abstract:

Today, video encoders and decoders implemented in hardware are integral to our daily lives through the internet, media, and social networks.

The interaction between software and hardware in decoding videos involves hardware accelerators that interface with drivers, facilitating the use of privileged software and hardware components. This interplay introduces the potential for functional disparities and security vulnerabilities due to the black box, obscure, and complex nature of hardware that makes testing difficult. In contrast, the software decoding process is white box, testable, and only presents intuitive scenarios, though implemented entirely differently.

Like other testing fields, hardware security research struggles with defining efficient test oracles. In the context of our research, we aim to design a methodology to assess the behavior of hardware components, specifically video hardware accelerators. This tool leverages coverage of the software implementation as a proxy for the state of the decoding process, allowing for the inference of hardware coverage and the ability to uncover potential non-deterministic or incorrect behavior in the hardware components. Our approach employs a fuzz testing strategy to identify hardware and software bugs, effectively tracing hardware behaviors through software metrics. We demonstrate the applicability of this approach through a case study involving video hardware accelerators, testing the complete hardware acceleration stack against the software implementation. Importantly, this methodology holds promise for various scenarios where hardware implementations exhibit determinism and have analogous software implementations for testing functional correctness and performing lower-level security assessments.

Session B:

14:00 - 14:30

Speaker: Moritz Wilhelm
Type of talk: Master Final
Advisor: Ben Stock, Giancarlo Pellegrino
Title: A Song of Trust and Archives: Assessing the Dependability of Web Archives for Reproducible Web Security Measurements
Research Area: RA5: Empirical and Behavioural Security

Abstract:
In recent years, the research community has recognized the growing significance of artifact evaluation. Nonetheless, the ever-changing and unpredictable nature of the Web continues to present an unresolved challenge for achieving reproducible web measurements. This thesis explores the potential of public web archives, with a particular focus on the Internet Archive, in addressing this persistent issue.

Our analysis involves a comprehensive evaluation of the reliability of data sourced from the Internet Archive. We first conduct a longitudinal analysis spanning 7.5 years, ranging from 2016 to the present, to assess the extent of historical data coverage within the Internet Archive. While previous research has heavily relied on the Internet Archive to conduct historical web measurements, this reliance has largely been rooted in trust. To assess the validity of this trust, we evaluate the consistency of data stored in the Internet Archive via two case studies. Specifically, we analyze the prevalence of both syntactic and semantic differences in security header configurations, as well as variations in third-party JavaScript dependencies among Internet Archive snapshots that are in close temporal proximity. Finally, we explore the feasibility of leveraging the Internet Archive to simulate live web security measurements, thereby  addressing the challenge of replicability in such studies.

Our findings affirm that the Internet Archive offers an extensive and densely populated repository of archival snapshots, highlighting its dependability for web measurements. However, we detect subtle pitfalls when conducting archive-based measurements and offer effective strategies for mitigation, including the concept of snapshot neighborhoods. Furthermore, we present a series of best practices tailored for future archive-based web measurements. In conclusion, we determine that the Internet Archive provides a reliable foundation for conducting reproducible web measurements.

14:30 - 15:00

Speaker: Justin Steuer
Type of talk: Bachelor Final
Advisor: Dominic Steinhöfel
Title: Constraint-Aware Parsing
Research Area: RA5: Empirical and Behavioural Security

Abstract:

Parsing is an integral tool of software development for disassembling input and checking it for correctness. 
However, parsers that solely rely on context-free grammars, while versatile, can only check input for syntactic validity and can not verify context-sensitive properties. 
ISLa, a declarative specification language for context-sensitive properties, enables users to specify context-sensitive constraints 
on top of a context-free grammar that each valid string must satisfy. 
ISLa cannot only produce valid inputs but can also check for a specified string whether it fulfills all given constraints. 
While this feature is functional, it is not optimal in the way that it is implemented, since it first parses the string through a parser for context-free grammars 
(thus verifying its syntactic correctness) and only then verifies its semantic correctness afterward. 
This can be quite inefficient when a lot of inputs have to be verified since each input needs to be fully parsed regardless of whether it fulfills the semantic requirements or not.

This talk introduces the concept of Constraint-Aware Parsing, which aims to build upon Parsimonious, a Python-based parser for Parsing Expression Grammars, 
and give it additional functionality to verify context-sensitive constraints alongside the traditional parsing process and extend it into a so-called 'Constraint Parser'. 
Furthermore, an implementation of a Constraint Parser based on an Earley Parser will be discussed together with the challenges that come with implementing 
such a parser and how this theoretical parser could come with the advantage of being able to use constraints to resolve ambiguity while parsing, 
which can make parsing with ambiguous grammars much more efficient compared to the standard Earley Parser, which creates a parse forest to handle ambiguity.

15:00 - 15:30

Speaker: Vinay Tilwani
Type of talk: Master Final
Advisor: Prof. Dr. Andreas Zeller, Jan Reineke
Title: Fuzzing LLVM bitcode using FormatFuzzer
Research Area: RA3

Abstract: The LLVM project and its tools are used to power the compilers of many popular programming languages - C, Rust, Swift, etc. A bug in one of the LLVM tools might create a hard-to-debug bug or vulnerability in programs compiled using these compilers. This entails that LLVM tools are critical pieces of software infrastructure and should be thoroughly tested. Due to the complexity of the input space of these tools, traditional software testing techniques are inadequate, and a automated, random, exploratory approach of Software Fuzzing is much more suitable. We use an in-house binary-based fuzzer FormatFuzzer to fuzz inputs to the most critical LLVM tools and show our results here. In a unique endeavour, we present the results of directly fuzzing a complex format like bitcode to uncover bugs, while also illustrating the applicability of FormatFuzzer in a new domain.

Dear All,

The next seminar(s) take place on 08.11.2023 at 14:00 (Session A). Please note that there is only one session.

Session A: (14:00-15:30)
Heyang Li, Sohom Mukherjee, Nils Hagen

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

Session A:

14:00 - 14:30

Speaker: Heyang Li
Type of talk: Master Intro
Advisor: Prof. Dr. Andreas Zeller, Fengming Zhu
Title: Monitoring System Invariants
Research Area: Threat Detection and Defenses

Abstract: 
How can we detect complex anomalies in log-based systems? Monitoring can detect abnormal behaviors using formal specifications, but
we lack an expressive specification language to describe the behaviors of log-based systems. The behaviors of log-based systems can 
be abstracted as temporal context-sensitive properties, involving the interplay of syntax, semantics and high-level temporal properties.  
System invariants is a novel model for characterizing context-sensitive structures over context-free grammars. It is based on ISLa, the 
state-of-the-art specification language for context-sensitive properties. Linear temporal logic and its first-order variants are widely 
used for high-level temporal properties. However, the expressiveness of system invariants and temporal logic are disjoint. 
    
This thesis aims to propose a new approach to monitor temporal context-sensitive properties based on system invariants. Firstly, I am 
going to extend the formal model of system invariants to express temporal properties. And then I am going to design and implement monitoring 
algorithms for system invariants. Furthermore, I will attempt to have the monitor mine the characterization of errors if the monitor 
detects anomalies.     

14:30 - 15:00

Speaker: Sohom Mukherjee 
Type of talk: Master Intro 
Advisor: Sebastian Stich
Title: Adaptive Optimization for Federated Visual Classification
Research Area: RA1 
Abstract: In this project we shall consider the problem of distributed optimization with intermittent communication (federated learning) where multiple devices jointly train a visual classification model without sharing their local data. While FedAvg (aka Local SGD) has become ubiquitous for such distributed optimization tasks, it does not converge in theory using fixed stepsizes. Various alternatives are adopted in practice such as stepsize schedules or grid search, but they do not come with theoretical guarantees or are computationally expensive. In this work we start by studying the decreasing stepsize for FedAvg and prove convergence under heterogeneity. Then we go on to experimentally study AdaGrad-type adaptive stepsizes for the federated setting. There are various design choices involved in this, and we try to provide some intuition and suggestions on the design of adaptive federated methods. Since the analysis of AdaGrad-type methods involve many complications and open problems in the centralized setting itself, we study them for the special case of a single worker and provide some clear theoretical statements and proofs. Finally, we will also evaluate our methods on small scale (LeNet on MNIST dataset) as well as large scale (VGG and ResNet on CIFAR10) distributed image classification tasks with homogeneous as well as heterogeneous data settings.

15:00 - 15:30

Speaker: Nils Hagen
Type of talk: Bachelor Final
Advisor: Prof. Andreas Zeller, Leon Bettscheider
Title: Semantic Fuzzing with I/O Contracts
Research Area: RA5: Empirical and Behavioural Security

Abstract: 

Grammar-based fuzzing with context-free grammars is a common technique to make fuzzers
more program-specific and to increase coverage. This has proven to be an especially
successful test generation method in black-box settings with target programs that require
highly-structured inputs. However, context-free grammars are limited to the expression
of syntactic constraints which makes them unsuitable for input/output affiliations (like
in a client/server architecture or other reactive systems) where input and output are
semantically linked. Most fuzzers therefore rely solely on generic test oracles for bug
detection that either detect program crashes or output on standard error ports.
To express more powerful oracles we additionally want to consider the aforementioned input-
output relations. In this work we present a method to describe these semantically linked
interactions through I/O contracts where syntactic and semantic properties are expressed
through intertwined context-free grammars (termed I/O grammars) and semantic ISLa
constraints. Furthermore, we show how to apply these methods in practice on a real-world
server implementation of the IRC protocol.