Bachelor- and Master Seminar

Dear All,

The next seminar(s) will take place on 2024-12-18 at  14:00 (Session A) and 14:00 (Session B).

Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

Amala Augustine, Xicheng Wan, Dylan Gomes Gouveia

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841

Password: BT!u5=

 

Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

 

Riddhi Suryavanshi, Sagar Kishore, Florian Nawrath

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

Meeting-ID: 661 3690 1453

Password: sxHhzA004}

 

Session A

14:00 - 14:30

Speaker: Amala Augustine

Type of Talk: Master Intro

Advisor: Thorsten Holz and Dr. Bhupendra Acharya

Title: Understanding Pig Butchering Scams Targeting Dating App Users: A Multi-Source Analysis

Research Area: RA3: Threat Detection and Defenses

Abstract: The widespread use of online dating platforms has created new opportunities for Pig Butchering scams, a form of financial fraud that exploits users’ emotional vulnerabilities to lure them into fraudulent investment schemes. These scams often lead to significant financial losses and emotional distress for victims, as scammers build trust before manipulating them into making investments. Despite the growing number of these incidents, there is a lack of in-depth research addressing how Pig Butchering scams are executed on dating apps, their psychological and financial impact, and the effectiveness of current prevention measures. This thesis aims to investigate the mechanics of Pig Butchering scams on dating apps by analyzing publicly available scam reports collected from different social media platforms such as Reddit, Instagram, Twitter, and news articles. By examining the scam techniques, tactics, and emotional manipulation used by scammers and also the victim recovery processes, this study will provide a detailed understanding of how Pig Butchering operates on dating apps. Additionally, user surveys and interviews will be conducted to assess the psychological toll on victims and to propose preventive measures that can reduce these scams in the future. The research seeks to fill the current gap in the literature by offering practical recommendations to protect users from these increasingly prevalent scams.

 

14:30 - 15:00

 

Speaker: Xicheng Wan

Type of Talk: Master Intro

Advisor: Julian Loss

Title: On the adaptive security for threshold signature

Research Area: RA0: Algorithmic Foundations and Cryptography

Abstract: Threshold signature schemes are widely used in the scenarios such as distributed key management, secure voting systems, and blockchain systems. They enable a group of participants to collaboratively sign a message, requiring at least a certain number of them to generate a valid signature with the presence of the corrupted parties. Adaptive security, a crucial property of the threshold signatures, ensures that the scheme remains secure under the adversary takes decisions on their targets or strategy based on observed messages during the protocol execution. Our research studies a new prove strategy in proving adaptive security in threshold Schnorr signature scheme. We generalize this approach to group-based threshold signatures and design new efficient threshold signature schemes satisfying adaptive security requirements.

 

15:00 - 15:30

 

Speaker: Dylan Gomes Gouveia

Type of Talk: Bachelor Intro

Advisor: Lucjan Hanzlik

Title: Efficient Implementation of RSA-based Non-Interactive Oblivious Transfer

Research Area: RA0: Algorithmic Foundations and Cryptography

Abstract: Oblivious Transfer (OT) is a cryptographic protocol that allows a sender to transfer one of many pieces of information to a receiver, without learning which piece was chosen. It is fundamental to secure multi-party computation and privacy-preserving applications. Non-Interactive Oblivious Transfer (NIOT) builds on this concept by eliminating the need for interaction between sender and receiver, enhancing its applicability in distributed and asynchronous environments. In this talk, I will focus on the implementation and optimization of two RSA-based NIOT schemes, leveraging the Goldwasser-Micali cryptosystem and Shamir’s Secret Sharing. These schemes aim to improve the efficiency and scalability of cryptographic protocols, demonstrating their potential in advancing secure and privacy-preserving communication.

 

Session B

 

14:00 - 14:30

Speaker: Riddhi Suryavanshi

Type of Talk: Master Final

Advisor: Nils Ole Tippenhauer

Title: Driving Off the Privacy Hill - Examining Privacy Concerns in Connected Cars

Research Area: RA4: Secure Mobile and Autonomous Systems

Abstract: In today’s automotive landscape, the integration of cloud connectivity into modern vehicles offers a range of benefits. However, because cars produce and send enormous volumes of data, including private user and operational data, this connectivity also raises privacy issues. Despite these concerns, a noticeable gap exists in research regarding the data collection practices and privacy in connected cars. This thesis evaluated the privacy practices in modern connected cars and found that a broader scope of data declared by the privacy policies as compared to public documentation. We also presented 14 potential methods to collect V2C data. Additionally, we devised a framework to select the most appropriate method based on various factors such as invasiveness, cost, data accuracy, challenges, skillset, and end-to-end execution time. Finally, using practical implementation on the Polestar vehicle and app, we found various discrepancies in the manufacturer's claims and real-world data.

 

14:30 - 15:00

 

Speaker: Sagar Kishore

Type of Talk: Master Intro

Advisor: Thorsten Holz, Bhupendra Acharya

Title: EduHijack:Analyzing Ransomware Incidents in Academic Institutions

Research Area: RA5: Empirical and Behavioural Security

Abstract: Ransomware attacks have emerged as a significant threat to academic institutions, causing severe disruptions, financial losses, and reputational damage. These institutions, which house vast amounts of sensitive data, are increasingly targeted due to their open, collaborative environments and, often, lim- ited cybersecurity budgets. In this proposal, we outline a comprehensive study to an- alyze the impact of social engineering-based ransomware attacks on academic institutions across the top 10 affected countries: the US, UK, Canada, Netherlands, France, Aus- tralia, India, Pakistan, New Zealand, and China. Our dataset, compiled from a detailed manual and automated investiga- tion, includes over 521 universities and schools across these regions. Tools such as Twilio from SendGrid [19] for sur- vey distribution, Calendly [3] for scheduling interviews, and LimeSurvey [17] for data collection will aid in gathering in- sights from the affected institutions. This ongoing study seeks to analyze the frequency, financial impact, and response strate- gies that institutions use when facing ransomware attacks. The results will provide targeted cybersecurity recommendations designed to strengthen resilience against future ransomware threats in the academic sector. Our study aims to create a foun- dation against the mitigation and proactive detection of future ransomware attacks targeted against academic institutions.

 

15:00 - 15:30

 

Speaker: Florian Nawrath

Type of Talk: Master Intro

Advisor: Sven Bugiel, Dr.-Ing. Maximillian Golla

Research Area: RA6: Others

Title: Investigating the Influence of Passkey Enrollment Strategies on Passkey Acceptance

Abstract: Challenging passwords, the predominant authentication system in the web, the FIDO Alliance released passkeys. Passkeys are an authentication method designed to replace traditional passwords with a more secure and user-friendly system. They are based on public-key cryptography and provide a way to log in to websites, apps, and devices without having to remember a password. The credentials created are bound to the user's account and are only stored on the user's device. Passkeys therefore intend to increase security and are not prone to the main drawbacks of the traditional password ecosystem: weak passwords, phishing, and password reuse. Still, the challenges of the new system remain to be seen, as passkeys may not be intuitively understood by laymen. This thesis aims to explore the adoption and acceptance by everyday users and investigates potential challenges and pitfalls.

 

Dear All,

The next seminar(s) will take place on 2024-12-04 at  14:00 (Session A) and 14:00 (Session B).

Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

Lea Jeanette Vorndran, Julian Augustin, Daniel Erceg

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841

Password: BT!u5=

 

Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

 

Linda Müller, Simon Pietsch, Sree Harsha Nelaturu

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

Meeting-ID: 661 3690 1453

Password: sxHhzA004}

 

Session A

14:00 - 14:30

Speaker: Lea Jeanette Vorndran

Type of Talk: Bachelor Intro

Advisor: Ben Stock

Title: Measuring Rewritable Third-Party Code

Research Area: RA5: Empirical and Behavioural Security

Abstract: Cross-Site Scripting attacks (XSS) happen when an attacker can inject and run their code in an otherwise benign or trusted website. This can allow an attacker to steal sensitive user data. Eventhough this is a long known issue, it still occurs frequently in today's web. In order to mitigate this, the Content Security Policy (CSP) was deployed. But configuring a secure CSP without breaking functionality can be really challenging, especially if a website uses third-party code that hinders a secure CSP. Nowadays, many websites rely on third-party code to add functionality or ads to their own site. If the third-party code is not compatible with a secure CSP due to the usage of sinks like eval, innerHTML or document.write, the developer has to decide between security and functionality. In this work we want to explore how much third-party code actually needs to use these sinks and how many scripts could actually be rewritten such that they do not hinder the usage of a secure CSP anymore.

 

14:30 - 15:00

 

Speaker: Julian Augustin

Type of Talk: Bachelor Final

Advisor: Andreas Zeller

Title: Hierarchical Delta Debugging and DDSet on context-sensitive Inputs

Research Area: RA4: Secure Mobile and Autonomous Systems

Abstract: Fuzzing is a widely adopted technique that is used to identify inputs that trigger bugs in software systems. However, analyzing and fixing these bugs often requires isolating the specific part of the failure-inducing input that causes the malfunction. Due to the complexity and unreadability of many such inputs, it is crucial to minimize their size while retaining the bug-triggering characteristics. Delta Debugging (DD) is an established algorithm designed to reduce the input size without losing the error-triggering properties. However, traditional delta debugging struggles with context-sensitive data, where issues such as incorrect length fields or checksum mismatches can cause the debugging process to fail before the actual bug is encountered. To address these challenges, we leverage FormatFuzzer, a framework capable of fuzzing and handling context-sensitive inputs, to implement a refined variant of delta debugging known as Hierarchical Delta Debugging (HDD). By integrating FormatFuzzer’s mutation functions, HDD achieves better precision and resilience when minimizing structured data inputs, preserving the semantics of context-sensitive fields. Recent advancements in the field have led to Delta Debugging for Input Sets (DDSet), which extends the concept beyond individual inputs. Instead of merely reducing a single error-inducing input, DDSet can generate a grammar that captures the structure of multiple inputs responsible for the same error. This grammar helps to systematically identify the subset of inputs affected by the bug, providing a comprehensive understanding of the fault domain. This capability is particularly useful when a bug fix only addresses a specific hardcoded input and fails to generalize to the broader set of faulty inputs. In this thesis, we implement the key functionalities of DDSet for context-sensitive data using FormatFuzzer. The generated grammars can guide developers in creating additional test inputs, verifying the robustness of bug fixes, and ensuring that program patches are effective across all relevant inputs, thus improving overall software reliability.

 

15:00 - 15:30

 

Speaker: Daniel Erceg

Type of Talk: Bachelor Intro

Advisor: Nils Ole Tippenhauer

Title: Higher Level Function Classification using LLMs in Reverse Engineering

Research Area: RA5: Empirical and Behavioural Security

Abstract: Reverse engineering (RE) is a cornerstone of cybersecurity, enabling analysts to dissect and understand software with minimal documentation, particularly in malware analysis and vulnerability research. While advancements in AI-supported RE have enhanced low-level details recovery—such as function names, variable names, and type annotations—these techniques primarily focus on syntactic restoration. However, analysts require a deeper semantic understanding of binary structures, including the high-level roles of functions, such as memory management or cryptographic operations, to effectively navigate and prioritize complex binaries. This thesis explores the automation of semantic role inference for functions in stripped binaries, addressing key challenges like domain-specific differences, obfuscation, and contextual limits in large programs. Leveraging recent advancements in large language models (LLMs), the project aims to classify functions based on higher-level purposes by integrating contextual information from call relationships and structural analysis. By creating a structured dataset enriched with architectural and memory-layout details, the study develops a pipeline to infer function roles using LLMs and evaluates its effectiveness against source code classifications. This work seeks to streamline RE tasks, enabling faster and more efficient analysis for cybersecurity professionals.

 

Session B

 

14:00 - 14:30

Speaker: Linda Müller

Type of Talk: Bachelor Final

Advisor: Michael Schwarz, Jan Reineke

Title: Implementation of Page Coloring in the Linux Kernel for x86

Research Area: RA3: Threat Detection and Defenses

Abstract: Side-channels share information by unintended means, e.g., the speed of a memory access shares whether or not the accessed memory was recently accessed. The Prime+Probe attack leverages such a cache-based side-channel by continuously evicting a victim's memory from the cache and measuring the required time. To mitigate Prime+Probe attacks, each process' pages should map to different cache sets, so-called "page colors". In this thesis, we present our proof-of-concept implementation of page coloring against eviction-based cache side-channel attacks that originate from user space and target user space in the Linux kernel. Additionally, we show that our kernel is secure against those attacks. However, our kernel out-of-memory killed 14 out of our 24 total tests. Additionally, our kernel is on average 84.81 +- 317.29 (n=75) times slower than a kernel compiled with the default x86 kernel configurations and on average 85.96 +- 321.60 (n=75) times slower than a kernel compiled with the same kernel configurations as our kernel. Thus, although our kernel is secure, the functionality and performance overheads deny widespread usage of our kernel.

 

14:30 - 15:00

 

Speaker: Simon Pietsch

Type of Talk: Bachelor Intro

Advisor: Sebastian Stich, Anton Rodomanov

Title: Combining a Relaxed Smoothness Assumption with Structural Nonconvexity

Research Area: RA1: Trustworthy Information Processing

Abstract: Training neural networks using gradient-based optimization is highly successful in practice, yet this success remains challenging to explain theoretically. Traditional convergence guarantees in optimization rely on assumptions such as convexity and L-smoothness, conditions that do not necessarily apply to the complex loss landscapes of neural networks. To address this gap, two new research directions have emerged: relaxing smoothness assumptions and exploring alternatives to convexity. While each of these approaches has been studied individually, their combination remains largely unexplored. This thesis aims to bridge this gap by providing convergence proofs under a framework that integrates these two types of relaxations. Through this work, we aim to contribute to a deeper understanding of the mathematical principles behind the successful training of neural networks.

 

15:00 - 15:30

 

Speaker: Sree Harsha Nelaturu

Type of Talk: Master Intro

Advisor: Rebekka Burkholz

Title: Accelerating Sparse Optimization

Research Area: RA1: Trustworthy Information Processing

Abstract: It is increasingly of interest to be able to perform model compression without compromising on the performance of the underlying deep neural network. One such paradigm is pruning, which refers to removing parameters or deactivating parameters in a network based on a criterion such as the magnitude. State of State of the art methods in training sparse neural networks currently require multiple prune-retrain cycles which are time consuming and computationally expensive. In addition, similar challenges are also present in methods that sparsity continuously and at-initialization. As part of this work, we will explore optimization strategies to improve conditioning, optimization and integrate techniques to improve both the wall-clock and overall training steps required for training sparse neural networks.

 

Dear All,

The next seminar(s) will take place on 2024-11-20 at  14:30 (Session A) and 14:00 (Session B).

Session A: (14:30 - 15:00, 15:00 - 15:30)

Chun Ngai Li, Abdullah Alfurjani

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841

Password: BT!u5=

 

Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

 

Julian Rederlechner, Yannick Schording, Robin Wiesen

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

Meeting-ID: 661 3690 1453

Password: sxHhzA004}

 

Session A

14:30 - 15:00

Speaker: Chun Ngai Li

Type of Talk: Master Intro

Advisor: Thorsten Holz, Bhupendra Acharya

Title: Exploring the Cybersecurity Threats in LLM-Powered Apps: Malicious Code Generation and Regulatory Challenges

Research Area: RA5: Empirical and Behavioural Security

Abstract: This thesis explores the cybersecurity threats by absuing the Large Language Model (LLM)-powered apps, focusing on their malicious code generation capabilities, the challenges and concerns in regulating these misuses. With the expansion of LLM apps across sectors, their potential misuse for generating harmful outputs, such as phishing emails and websites, has become a critical concern. This study investigates the vulnerabilities in current LLM-powered apps, particularly those lacking sufficient safeguards, which can be exploited for malicious code generation. By analyzing various of LLM apps using jailbreaking techniques, and their output quality, this research aims to assess the resilience of these applications against misuse. This study also examines the regulatory and developer policies needed to mitigate these threats and highlights the societal implications if these issues are not addressed. The results of the study will provide insights for strengthening cybersecurity defenses for LLM-driven technologies and advocate for stronger oversight mechanisms.

 

15:00 - 15:30

 

Speaker: Abdullah Alfurjani

Type of Talk: Master Intro

Advisor: Thorsten Holz

Title: Fingerprinting Attributes Independence Measurement

Research Area: RA5: Empirical and Behavioural Security

Abstract: The objective of this research is to systematically evaluate the independence and uniqueness of various web fingerprinting attributes by conducting a comprehensive measurement study. This study will focus on fingerprinting APIs available on the web, including those related to Audio, Canvas, and JavaScript Floating Point operations, to assess their ability to uniquely identify users across diverse environments. We aim to explore how these attributes perform under different combinations of browsers, devices, and operating systems and to determine which attributes are most effective in generating distinct, reliable user fingerprints. To achieve this, we will conduct an extensive data collection and measurement campaign, gathering real-world fingerprints from users operating in various contexts. This includes different browser versions, operating systems, and hardware setups, allowing us to study how fingerprinting attributes perform across a wide range of scenarios. We will measure the relative uniqueness of each attribute and quantify the extent to which they contribute to creating distinct user profiles. This study addresses a critical gap in existing research by shifting the focus from isolated assessments of fingerprinting attributes, as seen in prior studies [6], [7], [11], [18], to a comprehensive analysis of how these attributes interact with one another. While previous research has primarily evaluated individual fingerprinting techniques, our approach considers the complex interplay between multiple attributes across various contexts. This allows for a more nuanced understanding of which combinations yield the most robust user identification. Furthermore, this research introduces a novel framework that ranks fingerprinting attributes not only by their individual effectiveness but also by their independence and ability to uniquely identify users when combined with other attributes. This dual focus on interaction and ranking sets our framework apart from earlier studies, providing a more holistic tool for understanding and improving fingerprinting techniques.

 

Session B

 

14:00 - 14:30

Speaker: Julian Rederlechner

Type of Talk: Bachelor Intro

Advisor: Ali Abbasi

Title: Spot the Diff-erence: Investigation of bsdiff

Research Area: RA3: Threat Detection and Defenses

Abstract: In an age where efficient software updates are crucial, especially for IoT devices, smartphones with limited connectivity and even vehicles, small and reliable over-the-air (OTA) updates have become an important topic. In this talk, we will focus on the aspect of "minimizing data transmission". We will present bsdiff, an efficient binary diffing algorithm originally developed to create compact software patches. Its early version, bsdiff4, set a standard for generating minimal patches that optimize update distribution. Its successor, bsdiff6, promises smaller patch sizes, but is still largely unexplored and unpublished. Our research aims to explore the structure and benefits of bsdiff6, and ultimately provide a modern Rust implementation. This project will not only shed light on the capabilities of bsdiff6, but also provide a baseline implementation and comprehensive documentation that will contribute to OTA solutions for networked devices in various industries.

 

14:30 - 15:00

 

Speaker: Yannick Schording

Type of Talk: Master Final

Advisor: Dominic Steinhoefel

Title: Specification-Based Testing with JSON Schemas

Research Area: RA3: Threat Detection and Defenses

Abstract: In recent years, the JSON data format has become one of the most popular formats for data interchange via the internet, especially for communication between API endpoints. Since the services that provide these endpoints often handle sensitive data, it is crucial that they work as intended and do not contain any bugs that could be abused for malicious purposes. Fuzzing is one of the techniques that can be used to make sure that this is the case. By generating numerous diverse inputs and feeding them to these systems, it is possible to discover the inputs that trigger such bugs. While generating completely random inputs might already discover some bugs, most of them will not adhere to the syntax or semantics expected by the tested software. They are rejected early by the software and thus cannot reach deeper parts of its code. A popular approach to prevent this is fuzzing based on the specification of the input language expected by the software. The most prominent specification format for JSON is JSON schema. Schemas are written as JSON objects themselves and define the structure other JSON objects should follow. In this thesis, we develop a fuzzing tool that automatically generates JSON data which adheres to the syntactic and semantic rules defined by the schema. It first translates the schema to a grammar and a set of ISLa constraints, and then uses the ISLa solver to produce valid inputs for it. To prove the capabilities of our tool, we compare the quality of its inputs to ones produced by the popular JSON Schema Faker library and test some popular software applications with it.

 

15:00 - 15:30

 

Speaker: Robin Wiesen

Type of Talk: Bachelor Final

Advisor: Sven Bugiel

Title: Selective Permissions for Android's SDK Runtime

Research Area: RA4: Secure Mobile and Autonomous Systems

Abstract: A frequently criticized aspect of Android’s security concept is that third-party libraries are executed within the host app’s sandbox and thus inherit all of its privileges. This gives them access to substantially more sensitive resources than necessary, which jeopardizes the security and privacy of users. In response, Android 13 introduced the SDK Runtime as an option to confine untrusted code in its own sandbox with separate privileges. However, the current design is primarily geared towards advertising SDKs and imposes rigid restrictions on the isolated libraries, such as a fixed set of permissions. As this significantly limits the applicability of the SDK Runtime, it is questionable how much the offered potential is actually used. The aim of this bachelor thesis is to develop a solution that enables code in the SDK Runtime to selectively request additional permissions. To this end, we build an application-layer extension where the host app takes on the role of a proxy and requests permissions and data on behalf of the SDK. The library enforces a security policy for requests from the SDK Runtime, effectively enabling flexible permissions without OS modifications. In our prototype, we demonstrate the functionality of this approach exemplarily for location and contact data. Although subsequent performance measurements reveal relatively high overhead in some cases, it demonstrates the feasibility of using the SDK Runtime as the basis for flexible privilege separation. Extending its scope beyond advertising libraries facilitates the implementation of a modular, least-privilege app architecture. At the same time, supporting a more fine-grained access control policy without impairing user experience raises usability challenges that represent an interesting area for future research.

 

Dear All,

The next seminar(s) will take place on 2024-11-06 at  14:00 (Session A) and 14:00 (Session B).

Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

Syed Haider Ali Shah, Nirav Shenoy, Leonard Zitzmann

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841

Password: BT!u5=

 

Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

 

Majdi Maalej, Mitul Bipin, Pranav Shetty

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

Meeting-ID: 661 3690 1453

Password: sxHhzA004}

 

Session A

14:00 - 14:30

Speaker: Syed Haider Ali Shah

Advisor: Matthias Fassl, Katharina Krombholz

Research Area: RA6: Others

 

14:30 - 15:00

 

Speaker: Nirav Shenoy

Type of Talk: Master Intro

Advisor: Rebekka Burkholz

Title: Efficient Sparse Training: Combining Continuous Sparsification with Learning Rate Rewinding

Research Area: RA1: Trustworthy Information Processing

Abstract: Iterative pruning methods have been effective at creating state-of-the-art sparse networks that match the performance of dense models. These methods however require multiple training cycles and incur substantial computational costs due to their dense-to-sparse approach. We propose an efficient training framework that aims to reduce training iterations and computational cost per training iteration by beginning with random sparse models and employing continuous sparsification during training to achieve high accuracy at extremely high sparsities. Continuous sparsification can prune to high sparsities over far fewer epochs compared to more computationally expensive post-training pruning methods. Our approach utilizes Soft Threshold Reparameterization (STR) for its ability to induce non-uniform sparsity without relying on heuristics or predetermined sparsity budgets. We combine this with Learning Rate Rewinding (LRR), where each training iteration rewinds the learning rate schedule while maintaining the final weight values from the previous cycle. While STR effectively identifies masks in sparse-to-sparse scenarios, its sensitivity prevents weight revival once pruned. To address this limitation, we introduce a modified version of GraNet, a zero-cost neuroregeneration technique, to revive potentially useful weights at high sparsities.

 

15:00 - 15:30

 

Speaker: Leonard Zitzmann

Type of Talk: Bachelor Intro

Advisor: Lea Gröber

Title: Know Thyself: A Comparative Security Analysis of Self-Hosted and Cloud-Hosted WordPress Websites

Research Area: RA5: Empirical and Behavioural Security

Abstract: Cloud-hosted services continue to rise in popularity, while already being the predominant form of hosting environment on the internet. Although cloud-hosting is considered to be more “secure” by the public, there is little to no data available to support this belief. We aim to provide a comparative analysis of self-hosted and cloud-hosted web services on the example of WordPress, regarding commonly used security awareness indicators like HTTP headers.

 

Session B

 

14:00 - 14:30

Speaker: Majdi Maalej

Type of Talk: Master Intro

Advisor: Sebastian Stich

Title: Challenges and Benefits of Homomorphic Encryption on different Federated Learning Schemes

Research Area: RA1: Trustworthy Information Processing

Abstract: Over recent years, federated learning (FL) has become popular in the area of machine learning as a method for collaborative model deployment without sharing the data, since the data stays at the client devices. Nonetheless, models built using FL are subject to model inversion attacks, where the malicious servers attempt to retrieve sensitive client information. This paper addresses the issue of incorporating homomorphic encryption (HE), in particular the provision of the CKKS scheme, with both synchronous and asynchronous FL models to protect data at all times. HE enables encrypted parameter aggregation, thereby alleviating the possibility of data exposure, and provides safeguards against inference attacks. The study looks at major issues including computation overheads, effects of the encryption on model accuracy and performance differences caused between the FL schemes.

 

14:30 - 15:00

 

Speaker: Mitul Bipin

Type of Talk: Master Final

Advisor: Masudul Hasan Masud Bhuyian

Title: Comparative Analysis of Defenses Against ReDoS-based Attacks

Research Area: RA3: Threat Detection and Defenses

Abstract: In the current development landscape, developers rely on regular expressions for several operations, e.g.,validation, filtering. Sometimes, these regular expressions might contain ambiguity, i.e., cases where the regular expression allows the possibility of taking multiple paths to reach perform the same match. When an attacker sends a specially crafted input string that exploits the ambiguity, it can exhaust server resources and cause a Denial of Service (DoS) attack. We call them Regular Expression Denial of Service (ReDoS) attacks. ReDoS attacks could be avoided by ensuring the regular expression does not contain ambiguities. However, in some cases, a complex regular expression might cause the developer to overlook an ambiguity, or an imported library might contain a regular expression that contains an ambiguity. There exist several researches to identify and prevent such vulnerable regular expressions, but we do not have any conclusive evidence to determine the most effective technique. Several cloud providers offer mitigation techniques, such as deploying a web application firewall, to prevent traditional DoS attacks. However, we do not have any conclusive evidence whether they can prevent Denial-of-Service caused by regular expressions. To address the aforementioned gaps, the thesis delivers a comparative analysis to determine the most effective method to mitigate ReDoS attacks in a web application configured with various ReDoS mitigation techniques. In addition to that, we deploy the same web application in the cloud and setup traditional DoS mitigation techiques to evaluate whether they could also prevent ReDoS attacks. We import known ReDoS vulnerabilities identified by a CVE number into web applications and fix the vulnerability using different mitigation techniques. We simulate a naive DoS attack scenario where we simulate benign HTTP requests for a pre-defined duration and intermittently inject malicious HTTP requests throughout the period. We repeat the experiment for every mitigation technique and document the latency and throughput of the benign HTTP requests obtained during the experiment. The results indicate that a given vulnerable regular expression fixed using a nonbacktracking regex engine and an alternate logic (custom parser which replicates the regular expression) process a higher throughput rates and yields a lower latency rate. Other mitigation techniques, such as a timeout mechanism and repairing a regular expression using an automatic repair algorithm failed to consistently process high throughput rates. Some of the cloud-based mitigation techniques, such as web application firewalls and issuing JavaScript challenges to HTTP requests can partially prevent a ReDoS attack. The rate-limiting mechanism failed to prevent a ReDoS attack.

 

15:00 - 15:30

 

Speaker: Pranav Shetty

Type of Talk: Master Intro

Advisor: Nils Ole Tippenhauer, Ankush Meshram

Title: Adversarial Attacks and Defenses on Network-based Intrusion Detection Systems in Industrial Networks

Research Area: RA3: Threat Detection and Defenses

Abstract: Industrial Control Systems (ICS) and other components of Industrial Networks that are critical for the functioning of essential services and manufacturing processes, are increasingly becoming the targets for cyber-attacks. These components are responsible for controlling and managing everything from power grids and water treatment facilities to factory automation systems. Any disruption or compromise of these systems can have severe consequences, including economic loss, safety hazards, and threats to public health. Network Intrusion Detection Systems (NIDS) are crucial for identifying and mitigating cyber threats in these environments. However, with the rise of Adversarial Machine Learning, attackers can develop techniques to evade the detection by NIDS. Hence, there is a need to inspect the vulnerability of NIDS models against such Adversarial Attacks. This research aims to address the challenge of developing effective Adversarial Attacks capable of bypassing the NIDS in Industrial Networks and designing Robust Defense Mechanisms to counter these attacks.

 

Dear All,

The next seminar(s) will take place on 2024-10-23 at  14:00 (Session A) and 14:00 (Session B).

Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

Madhurima Ghosh, Louai Alkhatib, Paul Kalbitzer

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841

Password: BT!u5=

 

Session B: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)

 

Luis Felger, Riddhi Suryavanshi, Lenny Händler

https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09

Meeting-ID: 661 3690 1453

Password: sxHhzA004}

 

Session A

14:00 - 14:30

Speaker: Madhurima Ghosh

Type of Talk: Master Intro

Advisor: Mridula Singh, Xiao Zhang

Title: Benchmarking Machine Learning-based Industrial Control Systems (ICS) Network Intrusion Detection System (NIDS) for Robustness

Research Area: RA3: Threat Detection and Defenses

Abstract: Industrial Control Systems (ICS) are an essential part of critical infrastructure, responsible for the automated control and monitoring of industrial processes. They are integral to sectors such as energy, water, manufacturing, transportation, and chemical production. The security of these systems is paramount due to the potential catastrophic consequences of successful cyber-attacks. Hence, Network Intrusion Detection System (NIDS) is required to analyse industrial network traffic in real time for adversarial behaviour. Anomaly detection mechanism using Machine Learning (ML) techniques is gaining popularity for NIDS. However, the robustness of these ML models, particularly against adversarial attacks, is not fully understood. This research proposes to develop a rigorous framework to test and benchmark the robustness of ML-based NIDS in ICS environments through adversarial attacks, ultimately contributing to more secure and resilient ICS networks.

 

14:30 - 15:00

 

Speaker: Louai Alkhatib

Type of Talk: Bachelor Intro

Advisor: Thorsten Holz, Bhupendra Acharya

Title: Hall of Fame: Measuring Vulnerability Disclosures by Bug Bounty Hunters

Research Area: RA5: Empirical and Behavioural Security

Abstract: Bug bounty programs have significantly enhanced software security by establishing structured environments for identifying vulnerabilities. These programs have been widely adopted by major corporations such as Google and Apple, and others are facilitated through crowdsourced platforms like HackerOne and Bugcrowd. A detailed analysis of reports from these programs would help us understand the technical details that hunters use during their vulnerability assessments. Therefore, this thesis explores the dual aspects of bug bounty programs: the analytical and the empirical. The analytical component try to asses the disclosed vulnerabilities, focusing on the types of vulnerabilities reported, the methodologies employed in their discovery. The empirical section delves into the experiences of top bug bounty hunters, exploring the strategies and tools they employ through a detailed survey. Notably, this research addresses the lack of focus on technical practices in the existing literature by integrating a comprehensive technical survey that uncovers the methods used by hunters to find bugs.

 

15:00 - 15:30

 

Speaker: Paul Kalbitzer

Type of Talk: Master Intro

Advisor: ["Andreas Zeller", "José Antonio Zamudio Amaya"]

Title: Generating tests for the detection of XMLi vulnerabilities based on WSDL specifications

Research Area: RA3: Threat Detection and Defenses

Abstract: In this thesis we propose a framework to combat XMLi. By leveraging the WSDL specification (Web Services Description Language) of a web service, our framework provides customized test inputs specifically designed to check for XMLi vulnerabilities. By creating XML messages that reflect the service’s functionality and strategically modifying them using grammar-based techniques, the framework effectively simulates XML injection attacks, enabling a thorough examination of web services for XMLi vulnerabilities.

 

Session B

 

14:00 - 14:30

Speaker: Luis Felger

Type of Talk: Bachelor Intro

Advisor: Michael Schwarz, Lukas Gerlach

Title: Analyzing the Data-Obliviousness Preservation of Runtimes by the Example of WebAssembly

Research Area: RA3: Threat Detection and Defenses

Abstract: Executing processor instructions on hardware often leads to micro-architectural effects, such as cache-induced timing differences when accessing memory. Adversaries can exploit these to observe the execution behavior of programs. If secret parameters affect this, adversaries can learn about their values, too. Hence, data-oblivious algorithms have been developed, which do not expose parameter values with their execution behavior. However, previous work showed that translating source code to machine code can affect data-obliviousness, e.g., due to applied optimizations. Meanwhile, widespread software development approaches include translating programs multiple times. For example source code is often compiled to intermediate representations before being translated by runtimes to operations of the target hardware. Thus, data-obliviousness can break at multiple stages. Previous analysis approaches, such as DATA, that depend on tracing and comparing executed instructions, focus on native binaries. However, it seems to be difficult to utilize these to analyze programs, that depend on runtimes to dynamically translate intermediate representations to operations of the target platform at execution. We assume that the complexity of such runtimes, strategies like garbage collection, and dividing work to multiple worker threads lead to huge and varying traces. Initial investigations back these considerations. Thus, our goal is to develop an alternative approach that improves analysing data-obliviousness of programs, that require runtimes to translate their intermediate representation at execution. While we assume that our general approach will be transferable to other environments as well, we want to focus our implementation and demonstration on programs, that have been written in C, translated to WebAssembly, and are executed with different runtimes on x86.

 

14:30 - 15:00

 

Speaker: Riddhi Suryavanshi

Type of Talk: Master Intro

Advisor: Nils Ole Tippenhauer

Title: Driving Off the Privacy Hill - Examining Privacy Concerns in Connected Cars

Research Area: RA4: Secure Mobile and Autonomous Systems

Abstract: In today’s automotive landscape, the integration of cloud connectivity into modern vehicles presents a variety of benefits. However, this car-to-cloud connectivity also expands the attack surface for potential hackers, raising concerns about the security and privacy of data transmission. Despite these concerns, a noticeable gap exists in research regarding the privacy practices associated with connected cars, including data collection and transmission methods. This thesis addresses this gap by identifying the current technologies employed in automotive car-to-cloud connectivity and evaluating their privacy posture.

 

15:00 - 15:30

 

Speaker: Lenny Händler

Type of Talk: Bachelor Final

Advisor: Robert Künnemann

Title: Analysing Tox using Equivalence Properties

Research Area:

Abstract: Tox is a protocol for instant messaging and audio/video communication. In contrast to other proposals like Skype, Signal or Matrix, it uses a p2p architecture. It was designed to provide privacy, however, neither the protocol, nor these guarantees have been clearly defined. Even worse, some attacks are already known. The goal of this thesis is to formalise the protocol and some of the confidentiality guarantees it means to provide. To this end, we are planning to use deepsec, a decidability procedure for trace equivalence.