News
Next Seminar on 14.02.2024
Written on 12.02.2024 10:58 by Niklas Medinger
Dear All,
The next seminar(s) take place on 14.02.2024 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:00)
Moritz von Zülow, Mika Meyer
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-14:30)
Lucas Layfield
https://cispa-de.zoom-x.de/j/62229284468?pwd=SThvSGpZKzB2Q1VmM1gxSGRwV3Mzdz09
Session A:
14:00 - 14:30
Speaker: Moritz von Zülow
Type of talk: Bachelor Intro
Advisor: Thorsten Holz
Title: Boosting Code Coverage of Curl Fuzzing using Fuzz-Generated Harnesses
Research Area: RA3
Abstract:
Fuzzing is an automated software testing technique that enables developers to discover security and correctness flaws in their program by subjecting them to random malformed input. Despite the effectiveness of modern fuzzers that leverage compilers to instrument code and enhance coverage, certain programs, such as curl - a widely deployed open-source project for data transfer with URLs - exhibit poor code coverage during runtime. Existing fuzzers typically achieve a mere 1% coverage of curl's executed code, leaving a significant portion untouched and potentially harboring undiscovered vulnerabilities.
During a security audit of curl, the Trail of Bits team successfully identified new security vulnerabilities by employing a novel approach - fuzzing curl's command-line interface. This method, previously deemed ineffective, proved fruitful in revealing previously unnoticed flaws.
In this thesis, we aim to address this gap in the curl fuzzing process. By incorporating command line arguments into the fuzzing process, we test different options of curl, which allow us to utilize different features and reach previously untested areas of source code. Ultimately, by increasing the code coverage during fuzzing, we aspire to enhance to the overall security of curl.
14:30 - 15:00
Speaker: Mika Meyer
Type of talk: Master Intro
Advisor: Giancarlo Pellegrino, Giada Stivala
Title: An Analysis of Malicious File Distribution on Free Hosting Providers
Research Area: RA6 (Empirical and Behavioral Security)
Abstract:
Today, prefabricated phishing kits and other malicious web content are widely available and easy to deploy, lowering the effort required by cybercriminals to perform these attacks. However, hosting such sites while maintaining the anonymity in the setup and payment process is challenging. Furthermore, serving malicious files publicly at multiple providers to achieve availability in case of takedowns and repercussions requires significant financial investments at scale.
In this project, we identify hosting providers offering services for free, as they are a popular target for hosting phishing sites and distributing malicious files. We focus our analysis on providers offering hosting options for files, because files are the basic building block for web content and are sufficient for performing various kinds of attacks. Attackers can abuse these services while maintaining their anonymity, if the implemented countermeasures do not comply with best practices. Next to web hosting providers, we also analyze object storage providers and website builders, as they often also offer free tiers which can be abused for distributing files.
We create a list of hosting providers, identify those which offer free services and evaluate their countermeasures against malicious actors. We show that abusing providers at scale is possible by using simple automation techniques to deploy malicious files at multiple providers at once. After deploying test files of common attacks, we monitor their availability and analyze the detection and takedown mechanisms in place. Finally, we create abuse notifications to our deployed files and check the responses from the providers.
Session B:
14:00 - 14:30
Speaker: Lucas Layfield
Type of talk: Bachelor Intro
Advisor: Xaver Fabian
Title: Extending the Blade tool to account for Spectre-BTB attacks in indirect calls
Research Area: RA1
Abstract: Blade is a tool which aims to eliminate speculative leakage of secrets in cryptographic code through a type system for
expressions that can identify paths from source expressions that introduce secrets to the execution to sink expressions which leak
those secrets and fix programs by cutting those paths with a speculation stopping abstract directive.
In this paper, we will extend the formal model of the language on which the type system is based on to model indirect function calls as
well as the speculative behaviour that can occur during their execution. We will also make additions to the type system so that leakage
arising from speculative execution of indirect function calls can be detected and mitigated.