News
Next Seminar on 12.02.2025
Written on 06.02.2025 13:04 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2025-02-12 at 14:00 (Session A) and 14:00 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Tobias Lorig, Tobias Gaul, Abdul Rafay Syed
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:00 - 14:30, 15:00 - 15:30)
Eduard Ebert, Vasili Nikolaev
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Tobias Lorig
Type of Talk: Bachelor Final
Advisor: Mario Fritz, Hossein Hajipour
Title: Prompt, AnSWEr, Deploy: The Security Implications of Software Engineering Agents
Research Area: RA3: Threat Detection and Defenses
Abstract: In recent years, the art of software engineering has been heavily influenced by the accelerating development of Large Language Models. Software-engineering agents are the latest advancement in terms of LLM-powered code generation frameworks. They mimic real-world software engineering practices to autonomously build complex software projects based on natural language prompts. In this work, we investigate the security implications of these frameworks. We present a set of carefully crafted software project prompts, each adjacent to real-world problems, while offering a wide range of potential attack surfaces. By using different language models during project generation, we provide further insight into the contributing factors of vulnerable software generation. Utilizing static analysis, we evaluate the security implications of the generated projects based on the prevalence and distribution of common weaknesses. Further, we employ different mitigation strategies during project generation and determine their effectiveness by comparing changes in code security.
14:30 - 15:00
Speaker: Tobias Gaul
Type of Talk: Bachelor Intro
Advisor: Sven Bugiel, Eric Ackermann
Title: Context-Switching instruction for RISC-V
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: Context switching is a crucial and expensive mechanism when using any operating system, especially if multiple threads are run on one logical core. It ensures the encapsulation of different threads by saving all register values of the current thread and restoring the register values of the new thread. In this thesis, we provide new RISC-V instructions that can store and restore multiple registers at once to enhance multi-threading performance. The instructions are capable of transferring 16 registers with one execution, which saves latencies introduced by the bus system and cache. We will implement these instructions on an RISC-V cpu and evaluate its performance.
15:00 - 15:30
Speaker: Abdul Rafay Syed
Type of Talk: Master Intro
Advisor: Lea Schönherr, Bhupendra Acharya
Title: Automated LLM-Driven Voice Interaction with Fake Technical Support Scammers
Research Area: RA5: Empirical and Behavioural Security
Abstract: Vishing has emerged as a significant cybersecurity threat that exploits the trust in telephony systems to deceive individuals into sharing sensitive information or transferring funds. This paper uses an automated voice bot to explore the new methodologies used by scammers, capture financial details, analyze scammers’ social media handles, and waste their time. Our system extracts important information about scammers while disrupting their operations by utilizing personalized victim personas in call campaigns. Planned study will highlight the system’s ability to work with various scam scenarios, prolong interactions, and collect critical information about payment systems. The system is foundational in combating vishing due to its high scalability and adaptability to different scam types.
Session B
14:00 - 14:30
Speaker: Eduard Ebert
Type of Talk: Bachelor Final
Advisor: Michael Schwarz, Lorenz Hetterich
Title: Reverse Engineering the Microarchitectural Hash Functions of the Stride Prefetcher on x86
Research Area: RA3: Threat Detection and Defenses
Abstract: Modern processors use various optimizations to reduce memory access latencies and speed up execution times. One such performance optimization is the hardware prefetcher, which preemptively caches memory that might be accessed in the future. An example of such a prefetcher is the stride prefetcher, which learns memory accesses that are performed in an array-like manner and extrapolates this pattern to cache further elements. Some microarchitectural elements, including the stride prefetcher, use data structures to keep track of their state. Processors use so-called hash functions to index these data structures. Microarchitectural hash functions have been helpful in side-channel attacks. These attacks exploit information channels such as timing data to obtain a secret's metadata, aiming to infer the secret. However, these hash functions are often not publicly documented. Previous work has reverse-engineered hash functions of various microarchitectural elements, such as the TLB, the DRAM, or CPU caches. These efforts deepened our scientific knowledge and have further improved microarchitectural attacks. In this thesis, we reverse engineer the hash functions used by the stride prefetcher and determine the cache level into which the prefetcher caches memory. We test our approach on 19 processors with 17 different microarchitectures. We have identified that the tested processors use the load instruction address and the memory location as triggers for hash functions. Older Intel microarchitectures (Sandy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Comet Lake) use an identity mapping of the lowest 8 bits of the load instruction address, while newer ones (Ice Lake, Tiger Lake, Alder Lake, Rocket Lake, Raptor Lake, Meteor Lake) use the lowest 12 bits. We have discovered a previously unknown non-identity hash function for AMD Zen, Zen+, and Zen 2 that uses the lowest 12 bits of the load instruction address. The tested Zen processors further use an identity mapping of the lowest 19 bits of the requested memory location, excluding the lowest 2 bits. Our results for Intel microarchitectures are partially inconclusive. We have found that older Intel microarchitectures use the lowest 14 bits, excluding bit 12, and newer ones use the lowest 19 bits, excluding bit 16. However, we could not verify whether Intel microarchitectures use an identity function. Lastly, all tested stride prefetchers cache memory into the L1d.
15:00 - 15:30
Speaker: Vasili Nikolaev
Type of Talk: Master Final
Advisor: Cristian-Alexandru Staicu
Title: AN EMPIRICAL STUDY OF THE SECURITY RISKS OF WEBSOCKETS USAGE IN MODERN WEB APPLICATIONS
Research Area: RA5: Empirical and Behavioural Security
Abstract: The challenge of determining when and how to update client-side data has long been an open problem, with several proposed solutions over time. Although some applications can rely on fetching data during page load, others—such as messaging platforms, stock trading applications, and online games—require a mechanism for the server to deliver updates at varying, often unpredictable, intervals. One prominent solution to this issue is the WebSocket protocol, defined by its corresponding RFC. WebSocket is currently supported by all major browsers and facilitates bidirectional communication between clients and servers, enabling the server to push updates to clients at any time without the need for repeated client requests or additional headers. Although, the WebSocket protocol has shown significant utility and has seen widespread adoption, its security landscape is not yet su!ciently explored. This lack of clarity is due to the lack of research addressing the potential vulnerabilities, misuse scenarios, and security flaws of the protocol. This study seeks to address this gap by performing a detailed, security-focused analysis of the WebSocket ecosystem.