News
Next Seminar on 08.11.2023 (Updated)
Written on 03.11.2023 19:59 by Mang Zhao
Dear All,
The next seminar(s) take place on 08.11.2023 at 14:00 (Session A). Please note that there is only one session.
Session A: (14:00-15:30)
Heyang Li, Sohom Mukherjee, Nils Hagen
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00 - 14:30
Speaker: Heyang Li
Type of talk: Master Intro
Advisor: Prof. Dr. Andreas Zeller, Fengming Zhu
Title: Monitoring System Invariants
Research Area: Threat Detection and Defenses
Abstract:
How can we detect complex anomalies in log-based systems? Monitoring can detect abnormal behaviors using formal specifications, but
we lack an expressive specification language to describe the behaviors of log-based systems. The behaviors of log-based systems can
be abstracted as temporal context-sensitive properties, involving the interplay of syntax, semantics and high-level temporal properties.
System invariants is a novel model for characterizing context-sensitive structures over context-free grammars. It is based on ISLa, the
state-of-the-art specification language for context-sensitive properties. Linear temporal logic and its first-order variants are widely
used for high-level temporal properties. However, the expressiveness of system invariants and temporal logic are disjoint.
This thesis aims to propose a new approach to monitor temporal context-sensitive properties based on system invariants. Firstly, I am
going to extend the formal model of system invariants to express temporal properties. And then I am going to design and implement monitoring
algorithms for system invariants. Furthermore, I will attempt to have the monitor mine the characterization of errors if the monitor
detects anomalies.
14:30 - 15:00
Speaker: Sohom Mukherjee
Type of talk: Master Intro
Advisor: Sebastian Stich
Title: Adaptive Optimization for Federated Visual Classification
Research Area: RA1
Abstract: In this project we shall consider the problem of distributed optimization with intermittent communication (federated learning) where multiple devices jointly train a visual classification model without sharing their local data. While FedAvg (aka Local SGD) has become ubiquitous for such distributed optimization tasks, it does not converge in theory using fixed stepsizes. Various alternatives are adopted in practice such as stepsize schedules or grid search, but they do not come with theoretical guarantees or are computationally expensive. In this work we start by studying the decreasing stepsize for FedAvg and prove convergence under heterogeneity. Then we go on to experimentally study AdaGrad-type adaptive stepsizes for the federated setting. There are various design choices involved in this, and we try to provide some intuition and suggestions on the design of adaptive federated methods. Since the analysis of AdaGrad-type methods involve many complications and open problems in the centralized setting itself, we study them for the special case of a single worker and provide some clear theoretical statements and proofs. Finally, we will also evaluate our methods on small scale (LeNet on MNIST dataset) as well as large scale (VGG and ResNet on CIFAR10) distributed image classification tasks with homogeneous as well as heterogeneous data settings.
15:00 - 15:30
Speaker: Nils Hagen
Type of talk: Bachelor Final
Advisor: Prof. Andreas Zeller, Leon Bettscheider
Title: Semantic Fuzzing with I/O Contracts
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Grammar-based fuzzing with context-free grammars is a common technique to make fuzzers
more program-specific and to increase coverage. This has proven to be an especially
successful test generation method in black-box settings with target programs that require
highly-structured inputs. However, context-free grammars are limited to the expression
of syntactic constraints which makes them unsuitable for input/output affiliations (like
in a client/server architecture or other reactive systems) where input and output are
semantically linked. Most fuzzers therefore rely solely on generic test oracles for bug
detection that either detect program crashes or output on standard error ports.
To express more powerful oracles we additionally want to consider the aforementioned input-
output relations. In this work we present a method to describe these semantically linked
interactions through I/O contracts where syntactic and semantic properties are expressed
through intertwined context-free grammars (termed I/O grammars) and semantic ISLa
constraints. Furthermore, we show how to apply these methods in practice on a real-world
server implementation of the IRC protocol.