News
Next Seminar on 31.07.2024
Written on 25.07.2024 12:26 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2024-07-31 at 14:00 (Session A) and 14:30 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Stanimir Iglev, Florian B., Parthipan Ramesh
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:30 - 15:00, 15:00 - 15:30)
Randolf Burgard, Anna Sophia Calmbach
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Stanimir Iglev
Type of Talk: Master Intro
Advisor: Andreas Zeller, Alexi Turcotte
Title: AMADEUS: Automated Metamorphic and Differential Testing with User-defined Semantic Constraints
Research Area: RA5: Empirical and Behavioural Security
Abstract: Software testing is crucial for enhancing software quality, yet it poses challenges, particularly in establishing an automated procedure to verify system behavior. Differential and metamorphic testing have demonstrated a lot of potential in addressing this problem by providing partial oracles for programs. Despite their effectiveness in various domains, existing tools often lack reusability and broad applicability. To overcome these limitations, we propose AMADEUS, a general framework for automated metamorphic and differential testing. AMADEUS uses input specifications, user-defined semantic constraints, and metamorphic relations to generate test cases, execute the target system, and assess the results; thus, it fully automates the testing process. This talk presents our preliminary research, detailing the techniques used, a comprehensive literature review, and our evaluation plan. We believe AMADEUS can significantly advance software quality assurance as the first framework to support semantic differential and metamorphic testing with arbitrary input and output properties.
14:30 - 15:00
Speaker: Florian B.
Type of Talk: Master Intro
Advisor: Andreas Zeller
Research Area: RA5: Empirical and Behavioural Security
Abstract: Understanding the output grammar of software is helpful for various tasks such as debugging and testing but also for anomaly detection in log files. Relying on manual analyses is not only labor-intensive but also prone to inaccuracies due to the complexity and diversity of modern software. To overcome these challenges we present the first automated approach for mining output grammars using symbolic execution. Our approach uses KLEE, a well-established tool for symbolic execution, to examine possible execution paths of a given C code. While KLEE explores possible paths of execution we collect data from function calls and store operations to a defined target such as stdout or a global buffer. By using an SMT solver and the path constraints in KLEE, we can determine possible values for each store operation. We then translate the collected data into a context-free output grammar by treating function names as nonterminals and possible paths or stored values as expansion alternatives
15:00 - 15:30
Speaker: Parthipan Ramesh
Type of Talk: Bachelor Final
Advisor: Sven Bugiel
Title: Automated Identification of Protected Resources in Android System Services
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: Android apps call system service APIs to access protected resources, e.g., the users’ location. System services check whether the caller holds the necessary permissions and enforce its security policy. In my thesis, I present an approach to identify system service API’s protected resources automatically. Such resources within a service, like the camera, location, and so forth, come from low-level resources, e.g., the driver interfaces, files, network resources, and inter-process communication (IPC) mechanisms. The goal is determining which concrete resources a service depends on to serve privileged callers.
Session B
14:30 - 15:00
Speaker: Randolf Burgard
Type of Talk: Bachelor Intro
Advisor: Dr Valentin Dallmeier
Title: Accessibility Testing of Native Android Apps using webmate
Research Area: RA6: Others
Abstract: 71% of the world population are using Android apps on a daily basis [1]. 16% of the population live with a disability that has an impact on their daily life [2]. They rely on app developers to design their apps in a way that they are accessible to persons with disabilities. While there is a lot of research on the topic of accessibility of web applications including comprehensive guidelines and catalogs of rules for assessing accessibility, e.g. presented by the WCAG 2.2 [3] by W3C, as well as tools that try to automatically test these guidelines, there is only little information about how these rules translate to native Android apps. This is especially true for techniques to extract the required data to test the accessibility of Android applications. Further, for persons with disabilities, the app must be accessible in every state, which is hard to automatically prove with current exploration techniques. End users with disabilities need to know if the app is accessible. Thus, they need to rely on third-party authorities that assess the accessibility of an app based on a catalog of criteria. However, a third party can not fully rely on the results of these testing tools, since they can not access the code base of the application and because there is no guarantee that the test covers every state of an Android app. In this thesis, I want to categorize the WCAG 2.2 catalog based on its relevance to native Android apps, decide which data is required to test these guidelines, and evaluate if it is possible to extract the required data from an Android app and if this guideline can be tested automatically or requires the decision of a human to confirm or deny the compliance of the app. In a second step, I want to provide an extension to the webmate [4] audit workbench that provides tools for a manual tester to either automatically evaluate accessibility guidelines or provide additional information that helps the tester evaluate the accessibility of the app based on the WCAG 2.2 catalog.
15:00 - 15:30
Speaker: Anna Sophia Calmbach
Type of Talk: Master Intro
Advisor: Katharina Krombholz, Carolyn Guthoff, Matthias Fassl
Title: Evaluating Instagram’s New Tools to Help Protect Against Sextortion and Image-Based Sexual Abuse
Research Area: RA6: Others
Abstract: Social media has become a significant part of many adolescents' lives, including seeking intimacy or experiencing their sexuality online. This holds advantages, such as allowing LGBTQ+ youth to live their sexuality more openly. However, how to adequately protect youth from harmful experiences, like image-based sexual abuse, is still a heavily researched topic. With this thesis, we are going to evaluate newly presented safety tools introduced by Meta to safeguard youth in Instagram Direct Messages (DM). These tools include nudity filters or guiding pop-ups in chat when receiving an explicit image. We plan to conduct a qualitative user study utilising scenarios presented from a friend's perspective to showcase the aforementioned safety tools. These scenarios depict potentially risky situations and are contained within a clickable prototype based on Instagram DMs. With our user study, we want to elicit feedback on the presented designs and gather design implications for future online safety mechanisms. Additionally, we aim to find identifiers through which youth decode sexual risks online. We are going to use thematic analysis to analyse our results.