News
Next Seminar on 06.12.2023
Written on 01.12.2023 20:00 by Mang Zhao
Dear All,
The next seminar(s) take place on 06.12.2023 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00-15:30)
Leon Barth, Dominic Troppmann, David Groß
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session B: (14:00-15:30)
Mikka Rainer, Gowtham Krishna Addluri, Rahul Nittala
https://cispa-de.zoom-x.de/j/67589187585?pwd=R0NTMWx5M1lNa0JWdk1GY3BWR21wUT09
Session A:
14:00 - 14:30
Speaker: Leon Barth
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Feasibility of IDS in Automotive Systems using the NXP S23G Platform
Research area: RA3: Threat Detection and Defenses
Abstract:
The Controller Area Network (CAN) was introduced in the 1980s and has become the de facto standard communication protocol in the automotive industry. However, cars were much less digitized back then, which meant that potential security risks with CAN were less present. Today, with connected cars and numerous digital control systems such as brake-by-wire, drive-by-wire or autopilot the risk is much greater.
As a quasi-standard, the protocol cannot simply be replaced. Therefore, security measures are necessary. Intrusion Detection Systems (IDS), which are successfully used for other types of networks, are one way to detect attacks.
But since CAN does not send or verify information about the sender or recipient of individual messages, this is a major challenge. Possible approaches attempt to infer anomalies and possible attacks from information about signal levels, the temporal context, or the content of the messages. Methods ranging from simple statistics to deep learning are presented and evaluated. Unfortunately, most of the evaluation scenarios are not very close to the practice because of using powerful computers, oscilloscopes or synthetic evaluation data.
In this thesis, I investigate the feasibility of implementing such systems on next-generation automotive hardware using the NXP S32G platform as an example and realistic data. Therefore, I collect existing approaches for CAN IDS and CAN traffic datasets. The IDS is then analyzed with data as close to reality as possible, both on conventional high-performance x86-based hardware with a dedicated GPU and on the much more limited ARM-based NXP S32G platform. The results are used to evaluate the feasibility of each concept in future vehicles.
14:30 - 15:00
Speaker: Dominic Troppmann
Type of talk: Master Final
Advisor: Dr. Cristian-Alexandru Staicu
Title: Trust is good, control is better: Shedding light on typing practices in gradually typed scripting languages.
Research Area: RA5
Abstract: In recent years, scripting languages, most notably JavaScript/TypeScript and Python, have gained lots of traction due to their ease of learning, ease of use, and the large ecosystems of third-party packages and libraries. Another key feature of these languages is that, contrary to languages like C or Java, they do not use a static type system, which saves developers the significant effort of adding type annotations and affords faster prototyping and development. However, this usually comes at the cost of more typing-related bugs at runtime that would otherwise be caught by a static typing system. To give developers the best of both worlds, TypeScript and Python feature a gradual type system allowing developers to add optional type annotations/hints. These type annotations are checked at compile time but not enforced at runtime, meaning that developers must implement type checks to enforce datatypes during runtime.
But does this happen in practice, or might developers even be fooled into thinking their scripts become type-safe by simply annotating them? This thesis aims to shed light on gradual typing and type-checking practices in real-world projects. More specifically, we study how frequently developers use type annotations, how type annotations affect the frequency and role of type checks, and the possible security implications of lackluster type-checking in the presence of type annotations. To this end, we present an approach that consists of statically analyzing close to \numprint{30000} GitHub repositories written in JavaScript, TypeScript, and Python to extract code metrics that reflect gradual typing and type-checking practices in these projects. We then proceed to select 20 real-world projects based on these metrics, which we then analyze manually to confirm the presence of type-related issues in gradually typed code. With this approach, we identify 44 functions that are likely susceptible to type-related issues.
15:00 - 15:30
Speaker: David Groß
No information is provided.
Session B:
14:00 - 14:30
Speaker: Mikka Rainer
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: Reversing the Microarchitecture with Unikernels
Research Area: RA3
Abstract:
The microarchitecture of modern CPUs is largely undocumented. However, knowledge of inner CPU mechanisms allows for finding novel attack vectors, creating new defenses, and building high-performance applications. While there is an ongoing effort to reverse engineer the inner mechanisms of modern processors, researchers are largely unable to observe individual microarchitectural events.
In this thesis, we investigate how we can create a noise-free measurement environment for microarchitectural reverse engineering by leveraging the power of unikernels. In a case study, we show that we can significantly improve the accuracy of address-to-slice mappings in comparison to previous techniques, taking the example of the addressing function of last-level cache slices. Contrary to previous work, we can measure microarchitectural events up to a single instruction granularity. This enables us to speed up reverse engineering of last-level cache slices by a factor of 260. We further reverse engineer one known and one previously unknown slice-addressing function. In this work, we make the first step towards a unified framework for microarchitectural reverse engineering by proposing a specialized research kernel.
14:30 - 15:00
Speaker: Gowtham Krishna Addluri
Type of talk: Master Intro
Advisor: Prof. Dr. Rebekka Burkholz, Advait Gadhikar
Title: Understanding the Effects of Batch Norm parameters on Iterative Magnitude Pruning
Research Area: RA1: Trustworthy Information Processing
Abstract :
The Lottery Ticket Hypothesis suggests that sparse trainable networks with random initialization exist and can be found by the Iterative Magnitude Pruning algorithm.
This thesis aims to investigate the influence of the Batch Normalization operation on the pruning criteria and parameter optimization of the sparse network found by IMP.
In our approach we isolate and include the effects of the affine Batch Normalization parameters in the pruning and training steps of IMP. This is achieved in two distinct manners: modification of the scoring function and scaling of the model weights. Our primary objectives include evaluating potential changes in accuracy, examining alterations in the mask structure concerning the baseline, and investigating the stability of weights within the same basin.
Experiments are presented on VGG19 and ResNet, on the CIFAR-10 and CIFAR-100 datasets.
15:00 - 15:30
Speaker: Rahul Nittala
Type of talk: Master Intro
Advisor: Dr. Rebekka Burkholz
Title: Effectiveness of scale-free random pruning for sparse training
Research Area: RA1
Abstract:
The Lottery Ticket Hypothesis confirms the existence of sparse networks with random initializations that can achieve performance comparable to a dense network. But finding such tickets involves iterative pruning- retraining steps, thereby, increasing computational requirements. Random masks serve as a good pruning at initialization strategy for sufficiently overparameterized models, circumventing the additional overhead. This pruning at initialization could be considered as a sparse-to-sparse training rather than the traditional dense-to-sparse training.
Existing work provides theoretical bounds of the required overparameterization with one additional layer than the target network. Empirical analysis further shows confirms the success of sparse-to-sparse training as opposed to the traditional dense-to-sparse training. However, it imposes a restriction that the resulting lottery ticket network has an Erdos-Renyi degree distribution. Whereas, sparse networks or naturally occurring networks, in general, adopt a variant of scale-free distribution. The thesis aims to study the advantages conferred by adopting a generalized degree distribution for the source network. Preliminary analysis of representing a target network's edge structure shows that while requiring a higher overparameterization, a source network with scale-free degree distribution contains a sparser lottery ticket within it, when compared to ER degree distribution. This could potentially be beneficial for starting sparse and further increasing the sparsity during training.