News
Next On-Site Seminar on 27.08.2025, CISPA D1, Room 0.15
Written on 20.08.2025 23:52 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany) - D1 Room 0.15. Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm. You can use the poster printing service of Saarland University (https://www.uni-saarland.de/en/page/uds-card/functions/printing.html -> Posterdruck A0).
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Nikita Gupta, Chinmay Joshi, Niklas Kempf, Oguz Akin, Chinmay Joshi, Oliver Schedler, Sneha Soney, MohammadMahdi Javid
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Nikita Gupta
Type of Poster: Master Intro
Advisor: Andreas Rau
Title: A Multi-Agent System for Automated Web Accessibility Evaluation of Time-Based Media
Research Area: RA3: Threat Detection and Defenses
Abstract: Due to the increasing use of web applications, ensuring accessibility and compliance of webpages with the Web Content Accessibility Guidelines (WCAG) at scale remains a significant challenge. Most automated testing tools fall short when it comes to evaluating complex, time-based media requirements such as audio and video. On the other hand, many manual tools are labor-intensive, inconsistent, and unscalable. To bridge this gap, this research proposes the development of an AI-driven solution that leverages multi-modal constructs to fully automate the detection of accessibility violations, particularly in time-based media, across multiple webpages. The central part of this thesis is a new reasoning component that incorporates an AI agent’s analysis of multimedia into higher-level analysis for WCAG compliance. This includes an agentic framework that can evaluate pre-recorded audio and video data for the presence and accuracy of captions (of videos), audio descriptions (of videos), and transcripts (of audios and videos). This extensible framework lays the groundwork for integrating additional automated accessibility testing techniques in the future, and also automates some of the most time-consuming testing rules of compliance checking.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Chinmay Joshi
Type of Poster: Master Intro
Advisor: Rebekka Burkholz
Title: Analysis of memorization dynamics under unbiased dataset pruning
Research Area: RA1: Trustworthy Information Processing
Abstract: Data pruning techniques such as InfoBatch aim to maintain model performance while reducing computational costs by filtering out training samples with lower contributions. However, this selective sampling alters data distribution and learning dynamics, with implications for both memorization and generalization. We introduce controlled label and input noise to simulate a spectrum of sample difficulties and compare standard training with InfoBatch-based training. We investigate memorization through multiple perspectives—including manifold geometry metrics and subgroups' loss trajectories—to uncover how InfoBatch differentially treats data subpopulations.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Niklas Kempf
Type of Poster: Bachelor Intro
Advisor: Nils Ole Tippenhauer
Title: Security Assessment of Open-Source Home Automation Integrations using Coverage-Guided Fuzzing
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: Open-source smart-home platforms rely on thousands of community-maintained integrations. Home Assistant alone lists over 3200 integrations as of today. Yet a recent empirical study shows that the unit-test ratio is only averaging 42%, leaving plenty room for undiscovered security flaws. Drawing inspiration from coverage-guided fuzzing successes in the IoT field, like Z-Fuzzer, this thesis seeks to investigate if and how coverage-guided fuzz testing can be established in open-source smart-home projects.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Oguz Akin
Type of Poster: Bachelor Intro
Advisor: Lea Schönherr, Sina Mavali
Title: Robustness of AI-Generated Image Detection Against Localized Inpainting Attacks
Research Area: RA3: Threat Detection and Defenses
Abstract: The increase of high-fidelity AI-generated images (AIGI) makes it necessary for reliable detection methods to get ahead of misinformation waves. However, the robustness of these detectors against well-known post-processing manipulations like image inpainting remains significantly ignored. This thesis evaluates the robustness of three main AIGI detection paradigms: proactive watermarking, reactive passive detection, and generalized training-free methods. Using the state-of-the-art SEMI-TRUTHS benchmark, this work will systematically measure the performance degradation of six well-known detectors. The expected results will identify which detection methodologies are the most resilient and robust to inpainting in order to provide a clear benchmark to guide the development of more trustworthy detection systems in the future.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Chinmay Joshi
Type of Poster: Master Intro
Advisor: Rebekka Burkholz
Title: Analysis of memorization dynamics under unbiased dataset pruning
Research Area: RA1: Trustworthy Information Processing
Abstract: Data pruning techniques such as InfoBatch aim to maintain model performance while reducing computational costs by filtering out training samples with lower contributions. However, this selective sampling alters data distribution and learning dynamics, with implications for both memorization and generalization. We introduce controlled label and input noise to simulate a spectrum of sample difficulties and compare standard training with InfoBatch-based training. We investigate memorization through multiple perspectives—including manifold geometry metrics and subgroups' loss trajectories—to uncover how InfoBatch differentially treats data subpopulations.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Oliver Schedler
Type of Poster: Master Intro
Advisor: Matthias Fassl, Carolyn Guthoff
Title: Evaluating Design Methods for Age-Appropriate CSE Protection
Research Area: RA5: Empirical and Behavioural Security
Abstract: Messenger Apps can pose a risk to young adults' well-being by letting them see inappropriate content or confronting them with unwanted behavior from other users, ranging from sexual content over cyberbullying to cyber grooming. The goal of my study is twofold. One aim is to find feasible implementations for content warnings on WhatsApp. However, this is embedded into the broader proposition of finding viable approaches to involve youth in the (co-)design process in general. I choose a participatory design approach using interviews and focus groups to improve our knowledge of user needs, achieve high user value, and for immediate validation of ideas.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Sneha Soney
Type of Poster: Master Intro
Advisor: Cristian-Alexandru Staicu, Masudul Hasan Masud Bhuiyan
Title: Homoglyphs in Software Engineering: In Programming Languages, the Wild, and LLMs
Research Area: RA5: Empirical and Behavioural Security
Abstract: Homoglyphs are visually similar Unicode characters that can appear identical to humans. While they have been studied in the context of various attacks, including phishing, domain spoofing, typo squatting and malware evasion, they also introduce a potential risk in software development by allowing keywords, identifiers or syntax elements to be disguised in source code deceiving human reviewers. Motivated by this, this study investigates the prevalence and handling of homoglyphs in software development environments. This thesis addresses four key questions. First, whether homoglyph variants of programming language keywords, operators and delimiters can be used as valid identifiers across multiple programming languages. Second, scanning large scale code repositories and package repositories like GitHub, PyPi and Maven to measure the real-world usage of homoglyphs. Third, how different IDEs, code hosting web interfaces detect, highlight or warn about such homoglyphs. Fourth, how machine learning based code analysis systems handle homoglyphs containing code. By exploring these questions, this thesis aims to provide an understanding of the presence and treatment of homoglyphs in software development environments.
27.08.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: MohammadMahdi Javid
Type of Poster: Bachelor Intro
Advisor: Ali Abbasi, Tim Blazytko, Meng Wang
Title: Evaluating Presence and Quality of Security Defenses in Embedded Tool-Chains
Research Area: RA4: Secure Mobile and Autonomous Systems
Abstract: Embedded systems are tiny, task-focused computers integrated into numerous modern devices, ranging from smartwatches and medical equipment to cars and aircraft. These systems perform critical tasks that ensure passenger safety, keep production lines operational, and even save lives. Because their firmware is deployed on resource-constrained hardware and often runs for years without maintenance, they are a prime target for adversaries, who can exploit vulnerabilities to gain access to sensitive data or even take control of the device. The consequences of such attacks can be devastating, leading to financial losses, safety hazards, and even loss of life. Notable incidents, such as ransomware targeting infusion pumps and cyberattacks compromising vehicle braking systems, highlight the need for robust security measures in embedded systems. As these devices become increasingly interconnected and sophisticated, the potential attack surface expands, making their security even more critical. This thesis therefore focuses on the empirical assessment of the presence and quality of key exploit mitigations, particularly memory-safety defenses, Control-Flow Integrity (CFI), RELRO, AddressSanitizer, and other hardening techniques—implemented across diverse industrial tool-chains. These tool-chains are based on customized forks of various compilers. We compile binaries with each vendor’s tool-chain, incorporating the provided hardenings, and then analyse them statically and dynamically to inspect segment attributes and confirm the presence of the mitigations. If mitigation is present, we investigate whether it can be bypassed or whether improper initialization renders it ineffective. We systematically compile a table of all available tool-chains, noting every security mitigation they claim to support. For each claim, we verify that the mitigation appears in the compiled binary, assess whether it has been applied correctly, judge its effectiveness, and point out any weaknesses we find. To scale the study, we introduce a lightweight automated framework that facilitates firmware security analysis and offers practical suggestions for improving firmware security. A set of existing embedded binaries serves as a test suite for the framework; the framework inspects the implementation of security features through static analysis and ELF parsing, identifies weaknesses, and provides further recommendations on how each mitigation can be implemented more effectively. Through this evaluation, the study offers actionable recommendations for enhancing mitigation practices, addresses gaps in current security implementations, and enumerates the deficiencies identified across leading embedded tool-chains (QNX, NXP, Infineon, etc.).