News

Next Seminar on 28.02.2024

Written on 26.02.24 (last change on 28.02.24) by Niklas Medinger

Dear All,


The next seminar(s) take place on 28.02.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Laura Thineta Mulia, Nils Olze, Sahil Sihag

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:… Read more

Dear All,


The next seminar(s) take place on 28.02.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Laura Thineta Mulia, Nils Olze, Sahil Sihag

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-15:30)

Girija B Mohan., Adarsh Jamadandi, Dominik Kempter

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

 

Session A:

14:00 - 14:30

Speaker: Laura Thineta Mulia
Type of talk: Bachelor Final
Advisor: Prof. Thorsten Holz, Bhupendra Acharya
Title: "Ghost Coins: Analyzing the Prevalence of Fake Cryptocurrency Wallet"
Research Area: RA5: Empirical and Behavioural Security
Abstract:

Cryptocurrency is a digital currency that operates in decentralized networks, unlike traditional currencies issued by the government. These digital cryptocurrencies are managed by digital tools or software referred to as wallets which allow users to store, manage, and transact among other users. With the adoption of cryptocurrency as digitized payments, malicious attackers become more vigilant. Consequently, each year cryptocurrency wallet users are susceptible to emergent attacks including traditional attacks such as phishing, impersonation, and fake technical support.

In this work, we analyze the prevalence of fake cryptocurrency wallets in the form of Android apps, a popular choice among users. These apps are sourced from both vetted and non-vetted marketplaces. Specifically, we gather cryptocurrency wallets from the Google Play Store as the vetted marketplace, and APKPure, Aptoide, ApkCombo, and PlayMods as non-vetted alternatives. Our dataset comprises 6800 cryptocurrency wallet apps, among which 181 were identified as fake using the methods of typosquatting, combosquatting, and permission pattern matching.

Furthermore, we conduct a comparison of the occurrence of counterfeit apps between vetted and non-vetted marketplaces. Our results indicate that only 1.37% of apps acquired from vetted marketplaces turned out to be counterfeit, whereas 3.01% of those obtained from non-vetted sources were found to be fake. Our study revealed that non-vetted marketplaces have more than twice the prevalence of counterfeit apps compared to their vetted counterparts. Additionally, our analysis underscores that many of these counterfeit apps attract users by offering free cryptocurrency, revealing how scammers exploit such incentives to entice unsuspecting victims into downloading their malicious applications.

14:30 - 15:00

Speaker: Nils Olze
Type of Talk: Master Final
Advisor: Sven Bugiel
Title: Finding the Needle in the Haystack: Password Recovery in a Forensic Setting
Research Area: RA5
Abstract: Passwords are still the most common way of user authentication. Especially in the context of authentication on local devices, they are unlikely to ever (fully) disappear. In a forensic setting associated with a criminal investigation, passwords are a common hindrance when the investigator wants to lawfully access a confiscated device or encrypted file. If the suspect does not cooperate, the investigator needs to guess the correct password of an encrypted device or file. This scenario of an offline Password Guessing attack is different from the typical scenario since the target is usually only a single password. Previous research has found that the majority of passwords are likely guessed by generic password guessing attacks, but the remaining 20 % of passwords are hard to guess. This implies the need for more sophisticated attacks, which leverage the available information in a forensic setting.
In this work, we perform a field study on 46 devices from real-world criminal investigations to determine the options of an investigator to obtain a password if access to a desktop device of a suspect is possible. We examine three different research questions. First, we determine how credentials are stored on hard drives and how accessible they are. Our findings suggest, that an investigator might instantly access credentials in two-thirds of all cases. Second, we investigate whether or not it is possible to detect plain text passwords stored on a hard drive. We use an approach based on Probabilistic ContextFree Grammar proposed by previous research. Based on our results, this approach is not fit to directly identify passwords but might be further improved with weighting functions to reach this goal. Third, we attempt to measure the impact of data from the hard drive on a Password Guessing attack. To achieve this, we compare the performance of the password candidate lists extracted with the aforementioned PCFG approach with the performance of generic dictionary attacks. When attacking the NTLM hashes of local user accounts, our best attack significantly outperforms a generic attack with an equally sized keyspace. Taking Password Reuse into account, we estimate a solid chance for an investigator to crack the target password.

15:00 - 15:30

Speaker: Sahil Sihag
Type of talk: Master Final
Advisor: Dr. Nils Ole Tippenhauer
Title: In-situ Fuzzing of Remote Firmware with Coverage Feedback
Research Area: RA4: Secure Mobile and Autonomous Systems

Abstract:
In this thesis, we develop a framework for coverage guided fuzzing of an embedded firmware. This is done by taking advantage of free storage and memory of the target embedded system. With the help of this free space, we enable instrumentation of the firmware and store coverage information of firmware during execution. This fine-grained information is later utilized by the fuzzer for generating better inputs.

The final talk of this thesis discusses performance evaluation of our framework. First, we cover effectiveness of coverage feedback and input specifications for our test firmware. Then, we explore feasibility of minimizing impact of previous fuzzing inputs with the help of firmware restarts. Finally, we discuss the bugs discovered with the help of our framework and hurdles in reaching greater code coverage during fuzzing campaigns.

 

Session B:

14:00 - 14:30

Speaker: Girija B Mohan.
Type of talk: Master Intro.
Advisor: Dr. Mridula Singh.
Title: Physical World Sensor Attack on LiDAR-camera-based Perception in Autonomous Driving.
Research Area: RA4 (Secure Mobile and Autonomous Systems)

Abstract:

Autonomous Vehicles (AVs) rely on sensors like cameras and LiDAR, to perceive their surroundings and make informed decisions regarding path planning and vehicle control. Understanding the vulnerabilities in these perception systems is crucial for ensuring road safety and building robust AV systems.

While cameras have been traditionally used for perception, they are susceptible to spoofing attacks. Hence, AVs are increasingly adopting LiDARs as they show an advantage over other sensors due to their ability to create detailed 3D maps, providing precise distance and depth information for all surrounding objects and free space, and are also a reasonable buy today. However, the researchers continue to study the vulnerability of LiDARs and explore new ways to attack them. The technical functionality of LiDAR makes the environment with mirrors challenging for LiDARs to work with. Existing research has not yet explored this as a potential attack vector.

In this research, we will exploit the property of light reflection to design and model a physical-world attack on LiDAR and camera sensors. We will demonstrate the effectiveness of our attack against state-of-the-art AV obstacle detectors like PointPillars. Additionally, we will evaluate the impact of these attacks on driving decisions using industry-grade Autonomous Driving Simulators (LGSVL or CARLA) and propose defense strategies to mitigate such attacks.

By shedding light on these vulnerabilities and proposing defense mechanisms, this research contributes to the development of more resilient AV perception systems, ultimately enhancing road safety in autonomous driving environments.

14:30 - 15:00

Speaker : Adarsh Jamadandi

Type of Talk : Master Thesis Intro

Advisor : Dr. Rebekka Burkholz.

Title : Investigating the Label/Feature Alignment with the Community Structure for Graph Neural Networks.

Research Area : RA1 Trustworthy Information Processing.

Abstract : Graph Neural Networks that leverage the message passing paradigm are shown to inhibit pathological behaviours such as over-squashing and over-smoothing. The former results from bottlenecks that hamper information flow, while over-smoothing leads to node features tending to non-informative limit due to repeated rounds of aggregation. A common strategy to resolve both of these issues is spectral based graph rewiring. That is, modifying the edge structure of the graph with the intent to maximize the spectral gap either by adding or deleting edges. This strategy has been shown to improve the generalization performance of GNNs in tasks like node classification.

In this project we argue that, most of the success that is attributed to the spectral rewiring based approaches, in fact, stem from an alignment of the underlying community structure with the feature/labels of the input graph. Our preliminary results on synthetic datasets show, methods that delete edges to maximize the spectral gap end up deleting intra-class edges weakening the inherent community structure which in-turn derails the feature/label alignment with the community structure. We show this can be deterimental to the downstream task. In fact, minimizing the spectral gap helps retain this alignment.

To summarize, this project aims to investigate vital the role of community structure and its alignment with the features/labels of the graph is to the downstream task and how spectral gap based rewiring methods affect this harmony and how it shapes the generalization performance of GNNs.

15:00 - 15:30

Speaker : Dominik Kempter

No information provided.

Next Seminar on 14.02.2024

Written on 12.02.24 by Niklas Medinger

Dear All,


The next seminar(s) take place on 14.02.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Moritz von Zülow, Mika Meyer

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:… Read more

Dear All,


The next seminar(s) take place on 14.02.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Moritz von Zülow, Mika Meyer

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-14:30)

Lucas Layfield

https://cispa-de.zoom-x.de/j/62229284468?pwd=SThvSGpZKzB2Q1VmM1gxSGRwV3Mzdz09

 

Session A:

14:00 - 14:30

Speaker: Moritz von Zülow
Type of talk: Bachelor Intro
Advisor: Thorsten Holz
Title: Boosting Code Coverage of Curl Fuzzing using Fuzz-Generated Harnesses
Research Area: RA3
Abstract:

Fuzzing is an automated software testing technique that enables developers to discover security and correctness flaws in their program by subjecting them to random malformed input. Despite the effectiveness of modern fuzzers that leverage compilers to instrument code and enhance coverage, certain programs, such as curl - a widely deployed open-source project for data transfer with URLs - exhibit poor code coverage during runtime. Existing fuzzers typically achieve a mere 1% coverage of curl's executed code, leaving a significant portion untouched and potentially harboring undiscovered vulnerabilities.

During a security audit of curl, the Trail of Bits team successfully identified new security vulnerabilities by employing a novel approach - fuzzing curl's command-line interface. This method, previously deemed ineffective, proved fruitful in revealing previously unnoticed flaws.

In this thesis, we aim to address this gap in the curl fuzzing process. By incorporating command line arguments into the fuzzing process, we test different options of curl, which allow us to utilize different features and reach previously untested areas of source code. Ultimately, by increasing the code coverage during fuzzing, we aspire to enhance to the overall security of curl.

14:30 - 15:00

Speaker: Mika Meyer
Type of talk: Master Intro
Advisor: Giancarlo Pellegrino, Giada Stivala
Title: An Analysis of Malicious File Distribution on Free Hosting Providers
Research Area: RA6 (Empirical and Behavioral Security)
Abstract:
Today, prefabricated phishing kits and other malicious web content are widely available and easy to deploy, lowering the effort required by cybercriminals to perform these attacks. However, hosting such sites while maintaining the anonymity in the setup and payment process is challenging. Furthermore, serving malicious files publicly at multiple providers to achieve availability in case of takedowns and repercussions requires significant financial investments at scale.

In this project, we identify hosting providers offering services for free, as they are a popular target for hosting phishing sites and distributing malicious files. We focus our analysis on providers offering hosting options for files, because files are the basic building block for web content and are sufficient for performing various kinds of attacks. Attackers can abuse these services while maintaining their anonymity, if the implemented countermeasures do not comply with best practices. Next to web hosting providers, we also analyze object storage providers and website builders, as they often also offer free tiers which can be abused for distributing files.

We create a list of hosting providers, identify those which offer free services and evaluate their countermeasures against malicious actors. We show that abusing providers at scale is possible by using simple automation techniques to deploy malicious files at multiple providers at once. After deploying test files of common attacks, we monitor their availability and analyze the detection and takedown mechanisms in place. Finally, we create abuse notifications to our deployed files and check the responses from the providers.

 

Session B:

14:00 - 14:30

Speaker: Lucas Layfield
Type of talk: Bachelor Intro
Advisor: Xaver Fabian
Title: Extending the Blade tool to account for Spectre-BTB attacks in indirect calls
Research Area: RA1
Abstract: Blade is a tool which aims to eliminate speculative leakage of secrets in cryptographic code through a type system for
expressions that can identify paths from source expressions that introduce secrets to the execution to sink expressions which leak
those secrets and fix programs by cutting those paths with a speculation stopping abstract directive.

In this paper, we will extend the formal model of the language on which the type system is based on to model indirect function calls as
well as the speculative behaviour that can occur during their execution. We will also make additions to the type system so that leakage
arising from speculative execution of indirect function calls can be detected and mitigated.

Written on 29.01.24 (last change on 29.01.24) by Niklas Medinger

Dear All,


The next seminar(s) take place on 31.01.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Gleb Rostanin, Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:… Read more

Dear All,


The next seminar(s) take place on 31.01.2024 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Gleb Rostanin, Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-15:30)

Tristan Hermanns, Ben Rosenzweig, Mihirraj Dixit

https://cispa-de.zoom-x.de/j/62229284468?pwd=SThvSGpZKzB2Q1VmM1gxSGRwV3Mzdz09

 

Session A:

14:00 - 14:30

Speaker: Gleb Rostanin
Type of talk: Bachelor Final
Advisor: Nils Ole Tippenhauer
Title: Embedded Intrusion Detection for Automotive Ethernet
Research Area: RA3
Abstract:

In the current stage of development for Connected Cars, Automotive Ethernet (AE)
has become the preferred In-Vehicle Network (IVN) protocol, replacing the outdated
Controller Area Network (CAN) protocol. The internet connection of Connected Cars and the development of new automotive protocols not only extends the feature development possibilities, but also makes cars a potential target for cyberattacks. In addition to standard security applications, such as authentication via SecOC, Intrusion detection systems (IDS) grant the possibility for car manufacturers to detect and react to attempted or ongoing attacks on the vehicle, without adding significant latency to the IVN. In this bachelor’s thesis, we discuss the deployment possibilities of IDSs for the automotive field and examine this topic by integrating a simple open-source based IDS, on a stateof-the-art embedded central communication gateway. Contrary to the estimation of previous research papers, we show a simple way of using Snort –an open-source IDS– in the automotive domain and give an intuition how to detect the unique attacks of the automotive domain. For this work, our focus lies on the Scalable service-Oriented MiddlewarE over IP (SOME/IP) protocol, which is commonly used in AE-IVNs to provide services to multiple car components efficiently. Finally, we evaluate the efficiency and usability of the developed IDS on the embedded gateway used for integration. Due to
the lack of IVN network data, we implement a proof-of-concept Man-in-the-middle attack on the SOME/IP Service Discovery protocol and cover SOME/IP standard violation attacks by using generated attack data.
 

14:30 - 15:00

Speaker: Matteo Leonelli
Type of talk: Master Intro
Advisor: Thorsten Holz, Ali Abbasi
Title: Coverage Guidance by Proxy for Differential Fuzzing of Video Accelerators
Research Area: RA3
Abstract:

Today, video encoders and decoders implemented in hardware are integral to our daily lives through the internet, media, and social networks.

The interaction between software and hardware in decoding videos involves hardware accelerators that interface with drivers, facilitating the use of privileged software and hardware components. This interplay introduces the potential for functional disparities and security vulnerabilities due to the black box, obscure, and complex nature of hardware that makes testing difficult. In contrast, the software decoding process is white box, testable, and only presents intuitive scenarios, though implemented entirely differently.

Like other testing fields, hardware security research struggles with defining efficient test oracles. In the context of our research, we aim to design a methodology to assess the behavior of hardware components, specifically video hardware accelerators. This tool leverages coverage of the software implementation as a proxy for the state of the decoding process, allowing for the inference of hardware coverage and the ability to uncover potential non-deterministic or incorrect behavior in the hardware components. Our approach employs a fuzz testing strategy to identify hardware and software bugs, effectively tracing hardware behaviors through software metrics. We demonstrate the applicability of this approach through a case study involving video hardware accelerators, testing the complete hardware acceleration stack against the software implementation. Importantly, this methodology holds promise for various scenarios where hardware implementations exhibit determinism and have analogous software implementations for testing functional correctness and performing lower-level security assessments.

 

Session B:

14:00 - 14:30

Speaker: Tristan Hermanns
Type of talk: Master Intro
Advisor: Ben Stock
Title: Manipulating Browser Extension Functionality - Analyzing Web-Based Attack Vectors
Research Area: RA5 - Empirical and Behavioural Security
Abstract:
With over 180,000 extensions in the Chrome Web Store and widespread usage among desktop users, browser extensions are a critical component of online browsing, enhancing user experience with added features. However, this popularity brings inherent security concerns. Despite modern browsers implementing measures like separate namespaces for extension JavaScript code, vulnerabilities persist in the interaction between websites and browser extensions.  

These vulnerabilities primarily arise from two aspects of browser-extension interactions. Firstly, when extensions inject scripts into websites, the once separate namespace becomes shared, allowing potential website influence over the extension. Secondly, even with separated namespaces, extensions can interact with data or elements controlled by websites, like the DOM or cookies, which can be exploited by attackers.

This study aims to develop a framework to assess these vulnerabilities and their impact on browser extension functionality. We focus on identifying methods through which websites can influence extension behavior and evaluating the vulnerability of real-world extensions to these methods.

 

14:30 - 15:00

Speaker: Ben Rosenzweig
Type of talk: Bachelor Intro
Advisor: Dr.-Ing. Aurore Fass
Title: Machine Learning Based Approach for Detecting Malicious Browser Extensions
Research Area: 5
Abstract:
Browser extensions are widely used to enhance the functionality of modern web browsers. Browser extensions can, e.g., remove advertisements, change the appearance of a new tab, or provide coupon codes for users who are shopping online. To achieve some of these functionalities browser extensions require access to elevated privileges, which web pages do not have. Chrome extensions have access to the Chrome Extension APIs. The privileges gained through these APIs can be abused by attackers, which can potentially lead to the theft of user data, the injection of unwanted additional advertisements into websites, or the unwanted change of the default search engine of a user's browser.
To protect users from these threats we will create a system to identify potentially malicious extensions.  We will use metadata, such as the used permissions, the number of files included, user ratings, etc. This will be combined with static analysis of the source code and machine learning to classify an extension as benign or malicious.

 

15:00 - 15:30

Speaker: Mihirraj Dixit
Type of talk: Master Intro
Advisor: Dr. Mridula Singh
Title: Targeted Desynchronization of User Equipments in Cellular Networks
Research Area: RA4
Abstract:


LTE(Long Term Evolution) is the most commonly used wireless technology used for cellular communication. With the increase in the usage of smartphones, people are constantly connected. This need for staying constantly connected brings security and privacy concerns for users. In the existing work, the multiple attack vectors like privacy leakage and disruption attacks performed on LTE protocol, requires usage of fake base stations which increases the cost of the attacker.  


In this work, we have identified a vulnerability in the LTE protocol that by using temporary identifiers we can track a particular user equipment(UE) for an indefinite time period. Therefore, we can launch targeted attacks for the specific UE for desynchronizing from the network. Moreover, the research utilises existing timing parameters like timing advance for desynchronizing the user covertly. Since our work passively targets specific users through linkability and desynchronizes the user semi-actively without relying on deploying fake base stations, we can claim that our launched attack is more stealthier and cost-effective in nature.


We demonstrate the feasibility of this attack by performing an experimental setup using srsRAN setup. Through this experiment, we try to assess the impact of the privacy leakage and network disruption paving the way to enhance the cellular network’s robustness.

Written on 12.01.24 by Niklas Medinger

Dear All,


The next seminar(s) take place on 17.01.2024 at 14:00 (Session A). There is only one session.


Session A: (14:00-14:30)
Margarita Keteva

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session… Read more

Dear All,


The next seminar(s) take place on 17.01.2024 at 14:00 (Session A). There is only one session.


Session A: (14:00-14:30)
Margarita Keteva

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session A:

14:00 - 14:30

Speaker: Margarita Keteva
Type of talk: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: Evaluating FIDO2 Attestations in Real-World and Security Keys Counter Behaviour
Research Area: RA1

Abstract:

FIDO2 introduces standards for secure passwordless authentication over the Internet. It consists of two protocols, namely CTAP2 (Client to Authenticator Protocol) and WebAuthn (W3C Web Authentication). Attestation and assertion are two terms that refer to the security key's registration and authentication.

In this study, we will analyse and evaluate the usage of FIDO2 in the real world by targeting the most visited websites and the attestations returned by security keys during the registration phase. The collected payloads from different authenticators will provide a broader scope of data.

Each Š°ttestation and Š°ssertion contains a counter that indicates the number of operations performed and signed by the authenticator. It is a measurement against cloning attacks. By evaluating the values of multiple responses and examining the change of the counter, we can calculate the probability of detecting the attack after its execution.

Next Seminar on 03.01.2024

Written on 28.12.23 by Mang Zhao

Dear All,


The next seminar(s) take place on 03.01.2024 at 14:00 (Session A). Please note that there will be only one session.


Session A: (14:00-15:00)
Parthipan Ramesh, Niklas Britz

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Read more

Dear All,


The next seminar(s) take place on 03.01.2024 at 14:00 (Session A). Please note that there will be only one session.


Session A: (14:00-15:00)
Parthipan Ramesh, Niklas Britz

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session A:

14:00 - 14:30

Speaker: Parthipan Ramesh
No Information is provided.

 

14:30 - 15:00

Speaker: Niklas Britz
Type of talk: Bachelor Intro
Advisor: Dr. Nico Döttling
Title: Simplicity and Efficiency: Integer Secret Sharing using Gaussian DistributionsReimagined
Research Area: 2
Abstract:
Secret sharing is a cryptographic technique to distribute a secret among different parties. Only a specified amount of the parties can reconstruct the secret together, while smaller party sizes learn nothing or little about the original secret when combining their respective information.
In this work we present Gaussian Linear Integer Secret Sharing (GLISS), a secret sharing scheme that uses discrete Gaussian distributions to hide integer secrets effectively.
While many established secret sharing schemes operate on modular arithmetic and finite sets where the secrets lie, sharing integer secrets offers advantages that will be discussed in this thesis. While integer secret sharing is not a novel discovery, existing schemes tend to have "unnatural" constructions and require big parameters.
In this thesis, we want to show that the use of Gaussian distributions allows smoother constructions due to rotational invariance. Furthermore, we proof that GLISS is a secure scheme that requires smaller parameters than former work and discuss applications of our scheme.

Next Seminar on 20.12.2023

Written on 15.12.23 (last change on 17.12.23) by Mang Zhao

Dear All,


The next seminar(s) take place on 20.12.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Yousuf Tanvir Kazi, Justus Sparenberg, Tim Nagel

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:… Read more

Dear All,


The next seminar(s) take place on 20.12.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Yousuf Tanvir Kazi, Justus Sparenberg, Tim Nagel

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-15:30)

Oliver Schedler, Niklas Lohmann, Louise Malvin Tanaka

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

 

Session A:

14:00 - 14:30

Speaker: Yousuf Tanvir Kazi
Type of Talk: Master Intro
Advisor: Dr. Cristian-Alexandru Staicu
Title: Plug-and-Play in the Web: An Examination of Web Components' Usage and Security Implications
Research Area: RA5: Empirical and Behavioural Security
Abstract: 
Web components, in most basic form, can be defined as a pre-built set of reusable custom elements primarily built with HTML and JavaScript. Each framework has its own definition for the word Web Component. We define it as a plug- and-play snippet of code that can primarily be acquired from a package manager such as Node Package Manager (NPM).

The surge in popularity of web components, driven by frameworks, raises security concerns. In our study, we aim to explore the realm of web components, investigating their popularity, dissemination, utilization, and security challenges in the modern web.

Additionally, we will explore Server-Side Rendering (SSR) in relation to these web components. The primary motivation for this exploration is that if the web components are vulnerable or malicious, they could cause more damage to the application and compromise data privacy during Server-Side Rendering. This is because, on the server, access rights are typically elevated, access to data is usually easier, and so forth.

 

14:30 - 15:00


Speaker: Justus Sparenberg
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Detecting, Categorizing & Evaluating App Permission Rationales
Research Area: RA5: Empirical and Behavioural Security
Abstract: Mobile applications have been an integral part in the everyday lives of people for a while now. To function properly, these apps need access to private data.
Users are understandably reluctant to give apps permission to use this data. For example, users should be hesitant to tell an unknown entity where they currently are. But for apps that are used for navigation this information is necessary to function. To increase the chance, that users give permission to use this data, developers can provide rationales to give users insight on what the data is used for.   
This work aims to use NLP to provide a system to detect rationales from the strings of apps, classify them according to the type of permission requested and evaluate the sentiment of these rationales.

 

15:00 - 15:30

Speaker: Tim Nagel
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Quantifying Location Leakage from a Mobile Device
Research Area: RA4

Abstract: 

Mobile devices have become an integral part of our daily lives, offering connectivity and convenience. However, this permanent connectivity often comes at the cost of privacy, particularly concerning continuous tracking of users through location leakage. Thus, to prevent tracking of devices, researchers have proposed the use of temporary randomized identifiers. Earlier works exist on analyzing the randomness and implementation of these temporarily randomized identifiers concerning protocols such as WiFi, Bluetooth and LTE.

Our research delves into a more profound vulnerability: even with securely randomized and timely updated identifiers, the asynchronous updates across different protocols enable prolonged tracking through cross-linking of these identifiers. Therefore, if we can establish correlation between the protocols based on the features of the transmitted messages, cross-linking will be possible. 

In this work, we will address two important research questions to assess the privacy leakage of devices: Can we establish correlation between different protocols from the messages transmitted by a single device, and is it possible to establish a cross-linking between the protocols? We plan to evaluate the privacy assessment of the devices in a real setting which will enable us to measure the privacy of different types of devices. 

 

 

Session B:

14:00 - 14:30

Speaker: Oliver Schedler
Advisor: Carolyn Guthoff, Matthias Fassl
Title: Evaluating Design Methods for Age-Appropriate CSE Protection
Research Area: RA 5 Empirical and Behavioural Security
Abstract: Messenger Apps can pose a risk to young adults' well-being by letting them see inappropriate content or confronting them with unwanted behavior from other users, ranging from sexual content over cyberbullying to cyber grooming. The goal of my study is twofold. One aim is to find feasible implementations for content warnings on WhatsApp. However, this is embedded into the broader proposition of finding viable approaches to involve youth in the (co-)design process in general. I choose a participatory design approach using interviews and focus groups to improve our knowledge of user needs, achieve high user value, and for immediate validation of ideas.

 

14:30 - 15:00

Speaker: Niklas Lohmann
Type of talk: Bachelor Intro
Advisor: Dr. Mridula Singh
Title: Time Advancement Attacks on OFDM Signals using Machine Learning
Research area: RA4: Secure Mobile and Autonomous Systems
Abstract: 
Orthogonal Frequency-Division Multiplexing (OFDM) forms the backbone of modern wireless communication, underscoring the necessity of robust security measures. This study delves into the potential of Machine Learning algorithms to not only understand but also replicate the precision of Time Advancement Attacks on OFDM signals. Focusing specifically on the Early Detect; Late Commit (EDLC) attack, we assess whether ML can offer a comparable approach to existing methodologies.

 

15:00 - 15:30

Speaker: Louise Malvin Tanaka
Type of Talk: Bachelor Final
Advisor: Dr. Lucjan Hanzlik
Title: Virtual ICAO ePassport and Application to Attribute-based Online Authentication
Research Area: RA1: Trustworthy Information Processing
Abstract: 
Personal identification is a critical aspect of internet security in today's digital era. Ensuring that users comply with specific rules while preserving anonymity poses significant challenges. Identity verification is often necessary to access sensitive online services, but mishandling this process can pose significant vulnerabilities and privacy concerns. Users may also have to reveal unnecessary personal information to the relying parties in the process, putting their privacy at risk. In this thesis, we propose a novel identity verification method that prioritizes user privacy while ensuring secure authentication. 

Next Seminar on 06.12.2023

Written on 01.12.23 (last change on 07.12.23) by Mang Zhao

Dear All,


The next seminar(s) take place on 06.12.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Leon Barth, Dominic Troppmann, David Groß

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:… Read more

Dear All,


The next seminar(s) take place on 06.12.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:30)
Leon Barth, Dominic Troppmann, David Groß

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-15:30)

Mikka Rainer, Gowtham Krishna Addluri, Rahul Nittala

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

 

Session A:

14:00 - 14:30

Speaker: Leon Barth
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Feasibility of IDS in Automotive Systems using the NXP S23G Platform
Research area: RA3: Threat Detection and Defenses 


Abstract: 
The Controller Area Network (CAN) was introduced in the 1980s and has become the de facto standard communication protocol in the automotive industry. However, cars were much less digitized back then, which meant that potential security risks with CAN were less present. Today, with connected cars and numerous digital control systems such as brake-by-wire, drive-by-wire or autopilot the risk is much greater.

As a quasi-standard, the protocol cannot simply be replaced. Therefore, security measures are necessary. Intrusion Detection Systems (IDS), which are successfully used for other types of networks, are one way to detect attacks.

But since CAN does not send or verify information about the sender or recipient of individual messages, this is a major challenge. Possible approaches attempt to infer anomalies and possible attacks from information about signal levels, the temporal context, or the content of the messages. Methods ranging from simple statistics to deep learning are presented and evaluated. Unfortunately, most of the evaluation scenarios are not very close to the practice because of using powerful computers, oscilloscopes or synthetic evaluation data.

In this thesis, I investigate the feasibility of implementing such systems on next-generation automotive hardware using the NXP S32G platform as an example and realistic data. Therefore, I collect existing approaches for CAN IDS and CAN traffic datasets. The IDS is then analyzed with data as close to reality as possible, both on conventional high-performance x86-based hardware with a dedicated GPU and on the much more limited ARM-based NXP S32G platform. The results are used to evaluate the feasibility of each concept in future vehicles.

 

14:30 - 15:00

Speaker: Dominic Troppmann
Type of talk: Master Final
Advisor: Dr. Cristian-Alexandru Staicu
Title: Trust is good, control is better: Shedding light on typing practices in gradually typed scripting languages.
Research Area: RA5
Abstract: In recent years, scripting languages, most notably JavaScript/TypeScript and Python, have gained lots of traction due to their ease of learning, ease of use, and the large ecosystems of third-party packages and libraries. Another key feature of these languages is that, contrary to languages like C or Java, they do not use a static type system, which saves developers the significant effort of adding type annotations and affords faster prototyping and development. However, this usually comes at the cost of more typing-related bugs at runtime that would otherwise be caught by a static typing system. To give developers the best of both worlds, TypeScript and Python feature a gradual type system allowing developers to add optional type annotations/hints. These type annotations are checked at compile time but not enforced at runtime, meaning that developers must implement type checks to enforce datatypes during runtime. 

But does this happen in practice, or might developers even be fooled into thinking their scripts become type-safe by simply annotating them? This thesis aims to shed light on gradual typing and type-checking practices in real-world projects. More specifically, we study how frequently developers use type annotations, how type annotations affect the frequency and role of type checks, and the possible security implications of lackluster type-checking in the presence of type annotations. To this end, we present an approach that consists of statically analyzing close to \numprint{30000} GitHub repositories written in JavaScript, TypeScript, and Python to extract code metrics that reflect gradual typing and type-checking practices in these projects. We then proceed to select 20 real-world projects based on these metrics, which we then analyze manually to confirm the presence of type-related issues in gradually typed code. With this approach, we identify 44 functions that are likely susceptible to type-related issues.

 

15:00 - 15:30

Speaker: David Groß

No information is provided.

 

 

Session B:

14:00 - 14:30

Speaker: Mikka Rainer
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: Reversing the Microarchitecture with Unikernels
Research Area: RA3
Abstract:
The microarchitecture of modern CPUs is largely undocumented. However, knowledge of inner CPU mechanisms allows for finding novel attack vectors, creating new defenses, and building high-performance applications. While there is an ongoing effort to reverse engineer the inner mechanisms of modern processors, researchers are largely unable to observe individual microarchitectural events.
In this thesis, we investigate how we can create a noise-free measurement environment for microarchitectural reverse engineering by leveraging the power of unikernels. In a case study, we show that we can significantly improve the accuracy of address-to-slice mappings in comparison to previous techniques, taking the example of the addressing function of last-level cache slices. Contrary to previous work, we can measure microarchitectural events up to a single instruction granularity. This enables us to speed up reverse engineering of last-level cache slices by a factor of 260. We further reverse engineer one known and one previously unknown slice-addressing function. In this work, we make the first step towards a unified framework for microarchitectural reverse engineering by proposing a specialized research kernel.

 

14:30 - 15:00

Speaker: Gowtham Krishna Addluri
Type of talk: Master Intro
Advisor: Prof. Dr. Rebekka Burkholz, Advait Gadhikar
Title: Understanding the Effects of Batch Norm parameters on Iterative Magnitude Pruning
Research Area: RA1: Trustworthy Information Processing
Abstract : 

The Lottery Ticket Hypothesis suggests that sparse trainable networks with random initialization exist and can be found by the Iterative Magnitude Pruning algorithm.
This thesis aims to investigate the influence of the Batch Normalization operation on the pruning criteria and parameter optimization of the sparse network found by IMP.
In our approach we isolate and include the effects of the affine Batch Normalization parameters in the pruning and training steps of IMP. This is achieved in two distinct manners: modification of the scoring function and scaling of the model weights. Our primary objectives include evaluating potential changes in accuracy, examining alterations in the mask structure concerning the baseline, and investigating the stability of weights within the same basin.
Experiments are presented on VGG19 and ResNet, on the CIFAR-10 and CIFAR-100 datasets.

 

15:00 - 15:30

Speaker: Rahul Nittala
Type of talk: Master Intro
Advisor: Dr. Rebekka Burkholz
Title: Effectiveness of scale-free random pruning for sparse training
Research Area: RA1

Abstract:
The Lottery Ticket Hypothesis confirms the existence of sparse networks with random initializations that can achieve performance comparable to a dense network. But finding such tickets involves iterative pruning- retraining steps, thereby, increasing computational requirements. Random masks serve as a good pruning at initialization strategy for sufficiently overparameterized models, circumventing the additional overhead. This pruning at initialization could be considered as a sparse-to-sparse training rather than the traditional dense-to-sparse training.

Existing work provides theoretical bounds of the required overparameterization with one additional layer than the target network. Empirical analysis further shows confirms the success of sparse-to-sparse training as opposed to the traditional dense-to-sparse training. However, it imposes a restriction that the resulting lottery ticket network has an Erdos-Renyi degree distribution. Whereas, sparse networks or naturally occurring networks, in general, adopt a variant of scale-free distribution. The thesis aims to study the advantages conferred by adopting a generalized degree distribution for the source network. Preliminary analysis of representing a target network's edge structure shows that while requiring a higher overparameterization, a source network with scale-free degree distribution contains a sparser lottery ticket within it, when compared to ER degree distribution. This could potentially be beneficial for starting sparse and further increasing the sparsity during training.

Next Seminar on 22.11.2023

Written on 16.11.23 (last change on 27.11.23) by Mang Zhao

Dear All,


The next seminar(s) take place on 22.11.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B:… Read more

Dear All,


The next seminar(s) take place on 22.11.2023 at 14:00 (Session A) and 14:00 (Session B).


Session A: (14:00-15:00)
Matteo Leonelli

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session B: (14:00-15:30)

Moritz Wilhelm, Justin Steuer, Vinay Tilwani

https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09

 

Session A:

14:00 - 14:30

Speaker: Matteo Leonelli
Type of talk: Master Intro
Advisor: Thorsten Holz, Ali Abbasi
Title: Coverage Guidance by Proxy for Differential Fuzzing of Video Accelerators
Research Area: RA3


Abstract:

Today, video encoders and decoders implemented in hardware are integral to our daily lives through the internet, media, and social networks.

The interaction between software and hardware in decoding videos involves hardware accelerators that interface with drivers, facilitating the use of privileged software and hardware components. This interplay introduces the potential for functional disparities and security vulnerabilities due to the black box, obscure, and complex nature of hardware that makes testing difficult. In contrast, the software decoding process is white box, testable, and only presents intuitive scenarios, though implemented entirely differently.

Like other testing fields, hardware security research struggles with defining efficient test oracles. In the context of our research, we aim to design a methodology to assess the behavior of hardware components, specifically video hardware accelerators. This tool leverages coverage of the software implementation as a proxy for the state of the decoding process, allowing for the inference of hardware coverage and the ability to uncover potential non-deterministic or incorrect behavior in the hardware components. Our approach employs a fuzz testing strategy to identify hardware and software bugs, effectively tracing hardware behaviors through software metrics. We demonstrate the applicability of this approach through a case study involving video hardware accelerators, testing the complete hardware acceleration stack against the software implementation. Importantly, this methodology holds promise for various scenarios where hardware implementations exhibit determinism and have analogous software implementations for testing functional correctness and performing lower-level security assessments.

 

Session B:

14:00 - 14:30

Speaker: Moritz Wilhelm
Type of talk: Master Final
Advisor: Ben Stock, Giancarlo Pellegrino
Title: A Song of Trust and Archives: Assessing the Dependability of Web Archives for Reproducible Web Security Measurements
Research Area: RA5: Empirical and Behavioural Security

Abstract:
In recent years, the research community has recognized the growing significance of artifact evaluation. Nonetheless, the ever-changing and unpredictable nature of the Web continues to present an unresolved challenge for achieving reproducible web measurements. This thesis explores the potential of public web archives, with a particular focus on the Internet Archive, in addressing this persistent issue.

Our analysis involves a comprehensive evaluation of the reliability of data sourced from the Internet Archive. We first conduct a longitudinal analysis spanning 7.5 years, ranging from 2016 to the present, to assess the extent of historical data coverage within the Internet Archive. While previous research has heavily relied on the Internet Archive to conduct historical web measurements, this reliance has largely been rooted in trust. To assess the validity of this trust, we evaluate the consistency of data stored in the Internet Archive via two case studies. Specifically, we analyze the prevalence of both syntactic and semantic differences in security header configurations, as well as variations in third-party JavaScript dependencies among Internet Archive snapshots that are in close temporal proximity. Finally, we explore the feasibility of leveraging the Internet Archive to simulate live web security measurements, thereby  addressing the challenge of replicability in such studies.

Our findings affirm that the Internet Archive offers an extensive and densely populated repository of archival snapshots, highlighting its dependability for web measurements. However, we detect subtle pitfalls when conducting archive-based measurements and offer effective strategies for mitigation, including the concept of snapshot neighborhoods. Furthermore, we present a series of best practices tailored for future archive-based web measurements. In conclusion, we determine that the Internet Archive provides a reliable foundation for conducting reproducible web measurements.

 

14:30 - 15:00

Speaker: Justin Steuer
Type of talk: Bachelor Final
Advisor: Dominic Steinhöfel
Title: Constraint-Aware Parsing
Research Area: RA5: Empirical and Behavioural Security

Abstract:

Parsing is an integral tool of software development for disassembling input and checking it for correctness. 
However, parsers that solely rely on context-free grammars, while versatile, can only check input for syntactic validity and can not verify context-sensitive properties. 
ISLa, a declarative specification language for context-sensitive properties, enables users to specify context-sensitive constraints 
on top of a context-free grammar that each valid string must satisfy. 
ISLa cannot only produce valid inputs but can also check for a specified string whether it fulfills all given constraints. 
While this feature is functional, it is not optimal in the way that it is implemented, since it first parses the string through a parser for context-free grammars 
(thus verifying its syntactic correctness) and only then verifies its semantic correctness afterward. 
This can be quite inefficient when a lot of inputs have to be verified since each input needs to be fully parsed regardless of whether it fulfills the semantic requirements or not.

This talk introduces the concept of Constraint-Aware Parsing, which aims to build upon Parsimonious, a Python-based parser for Parsing Expression Grammars, 
and give it additional functionality to verify context-sensitive constraints alongside the traditional parsing process and extend it into a so-called 'Constraint Parser'. 
Furthermore, an implementation of a Constraint Parser based on an Earley Parser will be discussed together with the challenges that come with implementing 
such a parser and how this theoretical parser could come with the advantage of being able to use constraints to resolve ambiguity while parsing, 
which can make parsing with ambiguous grammars much more efficient compared to the standard Earley Parser, which creates a parse forest to handle ambiguity.

 

15:00 - 15:30


Speaker: Vinay Tilwani
Type of talk: Master Final
Advisor: Prof. Dr. Andreas Zeller, Jan Reineke
Title: Fuzzing LLVM bitcode using FormatFuzzer
Research Area: RA3


Abstract: The LLVM project and its tools are used to power the compilers of many popular programming languages - C, Rust, Swift, etc. A bug in one of the LLVM tools might create a hard-to-debug bug or vulnerability in programs compiled using these compilers. This entails that LLVM tools are critical pieces of software infrastructure and should be thoroughly tested. Due to the complexity of the input space of these tools, traditional software testing techniques are inadequate, and a automated, random, exploratory approach of Software Fuzzing is much more suitable. We use an in-house binary-based fuzzer FormatFuzzer to fuzz inputs to the most critical LLVM tools and show our results here. In a unique endeavour, we present the results of directly fuzzing a complex format like bitcode to uncover bugs, while also illustrating the applicability of FormatFuzzer in a new domain.

Correction Regarding the Date of the Next Seminar

Written on 06.11.23 by Mang Zhao

Dear All,

 

Please note that the next seminar will take place on 08.11.2023 at 14:00.

 

We apologize for the typos in the previous message.

 

Best wishes,

Mang

 

Next Seminar on 08.11.2023 (Updated)

Written on 03.11.23 (last change on 06.11.23) by Mang Zhao

Dear All,


The next seminar(s) take place on 08.11.2023 at 14:00 (Session A). Please note that there is only one session.


Session A: (14:00-15:30)
Heyang Li, Sohom Mukherjee, Nils Hagen

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620… Read more

Dear All,


The next seminar(s) take place on 08.11.2023 at 14:00 (Session A). Please note that there is only one session.


Session A: (14:00-15:30)
Heyang Li, Sohom Mukherjee, Nils Hagen

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=

 

Session A:

14:00 - 14:30

Speaker: Heyang Li
Type of talk: Master Intro
Advisor: Prof. Dr. Andreas Zeller, Fengming Zhu
Title: Monitoring System Invariants
Research Area: Threat Detection and Defenses

Abstract: 
How can we detect complex anomalies in log-based systems? Monitoring can detect abnormal behaviors using formal specifications, but
we lack an expressive specification language to describe the behaviors of log-based systems. The behaviors of log-based systems can 
be abstracted as temporal context-sensitive properties, involving the interplay of syntax, semantics and high-level temporal properties.  
System invariants is a novel model for characterizing context-sensitive structures over context-free grammars. It is based on ISLa, the 
state-of-the-art specification language for context-sensitive properties. Linear temporal logic and its first-order variants are widely 
used for high-level temporal properties. However, the expressiveness of system invariants and temporal logic are disjoint. 
    
This thesis aims to propose a new approach to monitor temporal context-sensitive properties based on system invariants. Firstly, I am 
going to extend the formal model of system invariants to express temporal properties. And then I am going to design and implement monitoring 
algorithms for system invariants. Furthermore, I will attempt to have the monitor mine the characterization of errors if the monitor 
detects anomalies.     

 

14:30 - 15:00

Speaker: Sohom Mukherjee 
Type of talk: Master Intro 
Advisor: Sebastian Stich
Title: Adaptive Optimization for Federated Visual Classification
Research Area: RA1 
Abstract: In this project we shall consider the problem of distributed optimization with intermittent communication (federated learning) where multiple devices jointly train a visual classification model without sharing their local data. While FedAvg (aka Local SGD) has become ubiquitous for such distributed optimization tasks, it does not converge in theory using fixed stepsizes. Various alternatives are adopted in practice such as stepsize schedules or grid search, but they do not come with theoretical guarantees or are computationally expensive. In this work we start by studying the decreasing stepsize for FedAvg and prove convergence under heterogeneity. Then we go on to experimentally study AdaGrad-type adaptive stepsizes for the federated setting. There are various design choices involved in this, and we try to provide some intuition and suggestions on the design of adaptive federated methods. Since the analysis of AdaGrad-type methods involve many complications and open problems in the centralized setting itself, we study them for the special case of a single worker and provide some clear theoretical statements and proofs. Finally, we will also evaluate our methods on small scale (LeNet on MNIST dataset) as well as large scale (VGG and ResNet on CIFAR10) distributed image classification tasks with homogeneous as well as heterogeneous data settings.

 

15:00 - 15:30

Speaker: Nils Hagen
Type of talk: Bachelor Final
Advisor: Prof. Andreas Zeller, Leon Bettscheider
Title: Semantic Fuzzing with I/O Contracts
Research Area: RA5: Empirical and Behavioural Security

Abstract: 

Grammar-based fuzzing with context-free grammars is a common technique to make fuzzers
more program-specific and to increase coverage. This has proven to be an especially
successful test generation method in black-box settings with target programs that require
highly-structured inputs. However, context-free grammars are limited to the expression
of syntactic constraints which makes them unsuitable for input/output affiliations (like
in a client/server architecture or other reactive systems) where input and output are
semantically linked. Most fuzzers therefore rely solely on generic test oracles for bug
detection that either detect program crashes or output on standard error ports.
To express more powerful oracles we additionally want to consider the aforementioned input-
output relations. In this work we present a method to describe these semantically linked
interactions through I/O contracts where syntactic and semantic properties are expressed
through intertwined context-free grammars (termed I/O grammars) and semantic ISLa
constraints. Furthermore, we show how to apply these methods in practice on a real-world
server implementation of the IRC protocol.

 

New Winter Semester is Coming

Written on 22.10.23 by Mang Zhao

Dear all,

welcome to the new course for the Bachelor and Master seminar in this winter term.
Please switch to this course.

Best wishes,

BAMA Seminar Team

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.