News
Next Seminar on 22.11.2023
Written on 16.11.2023 12:46 by Mang Zhao
Dear All,
The next seminar(s) take place on 22.11.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:00)
Matteo Leonelli
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-15:30)
Moritz Wilhelm, Justin Steuer, Vinay Tilwani
https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09
Session A:
14:00 - 14:30
Speaker: Matteo Leonelli
Type of talk: Master Intro
Advisor: Thorsten Holz, Ali Abbasi
Title: Coverage Guidance by Proxy for Differential Fuzzing of Video Accelerators
Research Area: RA3
Abstract:
Today, video encoders and decoders implemented in hardware are integral to our daily lives through the internet, media, and social networks.
The interaction between software and hardware in decoding videos involves hardware accelerators that interface with drivers, facilitating the use of privileged software and hardware components. This interplay introduces the potential for functional disparities and security vulnerabilities due to the black box, obscure, and complex nature of hardware that makes testing difficult. In contrast, the software decoding process is white box, testable, and only presents intuitive scenarios, though implemented entirely differently.
Like other testing fields, hardware security research struggles with defining efficient test oracles. In the context of our research, we aim to design a methodology to assess the behavior of hardware components, specifically video hardware accelerators. This tool leverages coverage of the software implementation as a proxy for the state of the decoding process, allowing for the inference of hardware coverage and the ability to uncover potential non-deterministic or incorrect behavior in the hardware components. Our approach employs a fuzz testing strategy to identify hardware and software bugs, effectively tracing hardware behaviors through software metrics. We demonstrate the applicability of this approach through a case study involving video hardware accelerators, testing the complete hardware acceleration stack against the software implementation. Importantly, this methodology holds promise for various scenarios where hardware implementations exhibit determinism and have analogous software implementations for testing functional correctness and performing lower-level security assessments.
Session B:
14:00 - 14:30
Speaker: Moritz Wilhelm
Type of talk: Master Final
Advisor: Ben Stock, Giancarlo Pellegrino
Title: A Song of Trust and Archives: Assessing the Dependability of Web Archives for Reproducible Web Security Measurements
Research Area: RA5: Empirical and Behavioural Security
Abstract:
In recent years, the research community has recognized the growing significance of artifact evaluation. Nonetheless, the ever-changing and unpredictable nature of the Web continues to present an unresolved challenge for achieving reproducible web measurements. This thesis explores the potential of public web archives, with a particular focus on the Internet Archive, in addressing this persistent issue.
Our analysis involves a comprehensive evaluation of the reliability of data sourced from the Internet Archive. We first conduct a longitudinal analysis spanning 7.5 years, ranging from 2016 to the present, to assess the extent of historical data coverage within the Internet Archive. While previous research has heavily relied on the Internet Archive to conduct historical web measurements, this reliance has largely been rooted in trust. To assess the validity of this trust, we evaluate the consistency of data stored in the Internet Archive via two case studies. Specifically, we analyze the prevalence of both syntactic and semantic differences in security header configurations, as well as variations in third-party JavaScript dependencies among Internet Archive snapshots that are in close temporal proximity. Finally, we explore the feasibility of leveraging the Internet Archive to simulate live web security measurements, thereby addressing the challenge of replicability in such studies.
Our findings affirm that the Internet Archive offers an extensive and densely populated repository of archival snapshots, highlighting its dependability for web measurements. However, we detect subtle pitfalls when conducting archive-based measurements and offer effective strategies for mitigation, including the concept of snapshot neighborhoods. Furthermore, we present a series of best practices tailored for future archive-based web measurements. In conclusion, we determine that the Internet Archive provides a reliable foundation for conducting reproducible web measurements.
14:30 - 15:00
Speaker: Justin Steuer
Type of talk: Bachelor Final
Advisor: Dominic Steinhöfel
Title: Constraint-Aware Parsing
Research Area: RA5: Empirical and Behavioural Security
Abstract:
Parsing is an integral tool of software development for disassembling input and checking it for correctness.
However, parsers that solely rely on context-free grammars, while versatile, can only check input for syntactic validity and can not verify context-sensitive properties.
ISLa, a declarative specification language for context-sensitive properties, enables users to specify context-sensitive constraints
on top of a context-free grammar that each valid string must satisfy.
ISLa cannot only produce valid inputs but can also check for a specified string whether it fulfills all given constraints.
While this feature is functional, it is not optimal in the way that it is implemented, since it first parses the string through a parser for context-free grammars
(thus verifying its syntactic correctness) and only then verifies its semantic correctness afterward.
This can be quite inefficient when a lot of inputs have to be verified since each input needs to be fully parsed regardless of whether it fulfills the semantic requirements or not.
This talk introduces the concept of Constraint-Aware Parsing, which aims to build upon Parsimonious, a Python-based parser for Parsing Expression Grammars,
and give it additional functionality to verify context-sensitive constraints alongside the traditional parsing process and extend it into a so-called 'Constraint Parser'.
Furthermore, an implementation of a Constraint Parser based on an Earley Parser will be discussed together with the challenges that come with implementing
such a parser and how this theoretical parser could come with the advantage of being able to use constraints to resolve ambiguity while parsing,
which can make parsing with ambiguous grammars much more efficient compared to the standard Earley Parser, which creates a parse forest to handle ambiguity.
15:00 - 15:30
Speaker: Vinay Tilwani
Type of talk: Master Final
Advisor: Prof. Dr. Andreas Zeller, Jan Reineke
Title: Fuzzing LLVM bitcode using FormatFuzzer
Research Area: RA3
Abstract: The LLVM project and its tools are used to power the compilers of many popular programming languages - C, Rust, Swift, etc. A bug in one of the LLVM tools might create a hard-to-debug bug or vulnerability in programs compiled using these compilers. This entails that LLVM tools are critical pieces of software infrastructure and should be thoroughly tested. Due to the complexity of the input space of these tools, traditional software testing techniques are inadequate, and a automated, random, exploratory approach of Software Fuzzing is much more suitable. We use an in-house binary-based fuzzer FormatFuzzer to fuzz inputs to the most critical LLVM tools and show our results here. In a unique endeavour, we present the results of directly fuzzing a complex format like bitcode to uncover bugs, while also illustrating the applicability of FormatFuzzer in a new domain.