News
Next On-Site Seminar on 16.07.2025, CISPA C0, Room 0.01
Written on 10.07.2025 00:40 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken) - CISPA C0 Room 0.01, Stuhlsatzenhaus 5, 66123 Saarbrücken. Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
The seminar has been moved to Room C0 0.01.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm. You can use the poster printing service of Saarland University (https://www.uni-saarland.de/en/page/uds-card/functions/printing.html -> Posterdruck A0).
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Tim Christmann, Souhila Zidane, Omar Al Jbawi, Norman Becker, Moritz Hübner, Marjo Toska, Jan-Julius Kallenborn, Kevin Gni, Tobias Schneider
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Tim Christmann
Type of Poster: Bachelor Intro
Advisor: Sven Bugiel, Noah Mauthe
Title: Capabilities as a Solution Against Tracking Across Android Apps
Research Area: RA5: Empirical and Behavioural Security
Abstract: Trusted Web Activities and Custom Tabs enable Android developers to seamlessly integrate web content into native applications, offering a powerful tool for features such as Single Sign-On and in-app monetization. However, as shown by HyTrack, this integration also introduces severe privacy risks by blurring the boundary between web and app contexts, allowing persistent tracking through the browser’s shared cookie storage. In this work, we propose a novel mitigation framework that applies capability-based access control to browser cookie handling. Cookie access is encapsulated in fine-grained, identity-bound capabilities, ensuring that only trusted first-party or explicitly authorized third-party web servers – defined by a developer-controlled policy – can access the shared browser state. All other untrusted third-party servers are confined to isolated, in-app cookie jars. This empowers well-meaning developers to continue leveraging third- party libraries while preventing them from performing unauthorized cross-app tracking. At the same time, essential features such as Single Sign-On and personalized content delivery remain fully functional. Our approach balances privacy and usability, allowing tracking-resistant web-app integration without degrading the user experience.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Souhila Zidane
Type of Poster: Master Intro
Advisor: Laura Plein
Title: Learning and Predicting Configuration Changes for Websites
Research Area: RA6: Others
Abstract: Websites are omnipresent in todays world, the development of the latest technologies enables users to interact not only with static web pages, but also with dynamic, colorful websites that feature responsive layouts and adaptive designs for all devices. All of this has been made possible thanks to the structure of the DOM (Document Object Model) and the styling capabilities of CSS. Yet, editing and debugging CSS remains a challenging and time consuming task, especially for users who are not familiar with how the DOM and CSS relate to each other. This is particularly true for individuals with little to no prior web development knowledge. AI (Artificial Intelligence) is extensively used in various areas of software development including code generation, optimization, and debugging. Some tools even provide design assistance by translating visual designs into HTML and CSS (e.g., Figma plugins). However, there is still no dedicated tool that works effectively on existing websites such that it does not only suggest or generate code but also interacts with the current website code. In this thesis, I will explore how we can build a tool that understands the connection between HTML structure and CSS styling to assist users who want to make visual changes to their websites. With the help of mutations, which are small, controlled changes applied to CSS code, we can build a model that learns the connection between HTML structure and CSS styling, the resulting model can than be used as a tool to assist developers while debugging as well as developing their websites. As a first step, I will start by fine-tuning an existing GPT model, and in later stages of the work I plan to train a model from scratch. The core idea is to make use of these mutations which simulate common layout changes like adjusting the alignment of elements, and appearance changes like modifying the color or the styling. Such mutations are automatically generated using Python scripts, to create a dataset for training and evaluating a model that will learn how to suggest the right CSS changes based on the user intent input, which will be expressed through simple natural language prompts. Thus, if a user says ``I want this button to be green'', our model will predict the required css changes to achieve the desired visual change.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Omar Al Jbawi
Type of Poster: Bachelor Intro
Advisor: Cristian-Alexandru Staicu, Dolière Francis Somé
Title: Security Analysis of JavaScript Events in Web Applications
Research Area: RA5: Empirical and Behavioural Security
Abstract: Today’s web finds nearly all user actions—clicks, scrolls, form submissions, and messages—generating JavaScript handlers that are capable of hiding malicious activity entirely within the browser. Conventional security controls, focused on network traffic and server logs, leave these client-side attacks unseen. This thesis aims to fill that gap by achieving comprehensive event coverage—not only inspecting arbitrary JS code, but also capturing every user-interaction-driven handler (e.g. button clicks, input listeners, message callbacks). To do this, we employ ProwseBox: a transparent browser instrumentation framework that runs during real user sessions and emits structured logs of every event listener, handler execution, and API call (e.g. fetch, innerHTML, eval). These thick logs are treated with lightweight statistical outlier detection and tailored pattern matching to tag events automatically for things like DOM-based XSS, unauthorized data exfiltration, and other privacy leaks.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Norman Becker
Type of Poster: Master Intro
Advisor: Tural Mammadov
Title: Investigating the Behavioural Understanding of Programs by Large Language Models: Input, Output and Code Prediction
Research Area: RA3: Threat Detection and Defenses
Abstract: Large Language Models (LLMs) have made significant progress in code generation, yet their ability to understand and reason about program behaviour remains an open question. This thesis investigates the ability of LLMs to predict program components, specifically code, input, or output, when one of them is missing. Building on previous work that focused solely on input-output pairs, we extend the task to include code by exploring the prediction of missing components. Our model constructs code, input, or output based on the other two. This capability has important implications for applications such as reverse engineering, debugging, secure code generation, test-driven code synthesis, input reconstruction, reverse fuzzing, behavioural monitoring, and safe execution modelling. To evaluate the models, we construct controlled datasets centred around string manipulation tasks in JavaScript, utilising various code fragment permutation and mutation techniques. We experiment with both open-weight and closed-weight LLMs. Our first results show that fine-tuned open-weight models already outperform closed-weight models. Our findings provide valuable insights into LLMs’ ability to reason about code, inputs and outputs.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Moritz Hübner
Type of Poster: Bachelor Intro
Advisor: Cristian-Alexandru Staicu
Title: Electron-Diff: Large-Scale Longitudinal Analysis of Packaged Electron Applications
Research Area: RA5: Empirical and Behavioural Security
Abstract: Electron remains the most popular framework for building cross-platform desktop applications. Using web technologies like JavaScript, HTML and CSS, Electron allows web code to access system-facing APIs by removing some browser security guardrails. This has the potential to introduce significant security risks when not properly implemented, which over time has resulted in numerous security-related changes to the framework. This evolving environment motivates our longitudinal study of Electron applications, where we look at longitudinal trends of development and deployment to understand the security and privacy posture of the ecosystem. By using a semi-automated static analysis pipeline on a significant set of app versions and releases, we aim to examine the effects of new security recommendations and secure defaults on subsequent releases, vulnerability response patterns, cross-platform consistency, and the relationship between project complexity and security posture. With our findings, we will provide insight into the effectiveness of Electron's security strategy and gain a better understanding of the security evolution in the Electron ecosystem.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Marjo Toska
Type of Poster: Master Intro
Advisor: Thorsten Holz, Bhupendra Acharya
Title: Exploration of Social Media Impersonation Attacks Targeting Public Figures
Research Area: RA6: Others
Abstract: The rise of social media has led to an increasing number of im- personation scams, where malicious actors create fake accounts that mimic public figures to deceive users. In this work, we ana- lyze the prevalence and characteristics of such fraudulent accounts across Instagram, X, LinkedIn, and YouTube. We collected 4,122 verified accounts belonging to public figures, including celebrities, CEOs, founders, etc. Using their full names and usernames as search queries, we identified approximately 2 million related accounts that misuse these identities in various ways. Our analysis examines patterns in profile creation, naming con- ventions, and engagement strategies employed by these imperson- ators. We highlight the risks posed by these accounts, including fi- nancial scams, misinformation, and reputation damage. By shedding light on the scale and tactics of impersonation, this research under- scores the need for improved detection mechanisms and stronger identity verification measures on social media platforms.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Jan-Julius Kallenborn
Type of Poster: Bachelor Intro
Advisor: Bhupendra Acharya, Thorsten Holz
Title: Exploring Abusive Practices in Gaming Communities: Revealing the Modus Operandi of Attackers
Research Area: RA5: Empirical and Behavioural Security
Abstract: In this research, we aim to conduct an in-depth investigation into the exploitation of social engineering techniques to perform abuse within gaming communities. By targeting the intersection of the most active gamer demographic and the age group most vulnerable to these attacks, adversaries have a good starting point for malicious activity. We will explore how these attackers engage with users across gaming communities and analyze their modus operandi as well as how the might diverge from traditional strategies. These insights gained will support the development of automated detection and prevention mechanism which are tailored for the gaming environment, enhancing the cybersecurity aspects of this rapidly growing community.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Kevin Gni
Type of Poster: Master Intro
Advisor: Wouter Lueks
Title: Chamade: An application layer framework for context-aware webpage fingerprinting defences
Research Area: RA3: Threat Detection and Defenses
Abstract: With the rapid shift of the digital landscape to mobile devices in the past decade, conventional defences against web fingerprinting face three major challenges: (1) inability to leverage contextual information (e.g. scheduled app activities) which unfairly rules out considerable opportunities to improve the defence; (2) tight integration to OS kernel and facilities since they work on TCP/UDP and require modification to the host’s network stack; and (3) crippled portability between diffrent host devices and OSes - all of which render the adoption of existing defences on mobile devices extremely hard. With Chamade, we attempt to address these challenges with two key insights: the separation of the computation of defence logic and the actualising of the defence actions, as well as moving the defence from transport to application layer. This allows us to keep the decision-making core tight and tiny, which benefits portability. This also enables the entire defence to run natively in the userspace with no need for unofficial and unportable hacks. Most importantly, this allows the app to actively feed the defence contextual information that is otherwise inaccessible to conventional defences (most notably scheduled network activities that the app knows it will carry out at a certain timeout in the furture, i.e. the pattern is known). Ultimately, for this work, we hope to come up with a concrete HTTP request library integrating the above designs and with it, to pave the way for real-world deployment of web fingerprinting defences in the mobile realm.
16.07.2025, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Tobias Schneider
Type of Poster: Master Intro
Advisor: Dominic Steinhöfel, Andreas Zeller
Title: No-Code Interface to Communicate Test Data Constraints​
Research Area: RA3: Threat Detection and Defenses
Abstract: The increasing demand for high-quality software necessitates rigorous testing, a process heavily reliant on effective test data. However, defining and managing test data constraints often involves complex, technical specifications, posing usability challenges for stakeholders, e.g., developers, testers, and particularly non-technical people. This complexity leads to time-consuming learning processes, hindering software quality and increasing operational costs. These issues are addressed by this thesis by exploring, designing, and evaluating no-code interfaces for specifying test data constraints, aiming to significantly enhance usability in test data constraint communication.​