News
Next Seminar on 09.10.2024
Written on 02.10.2024 18:30 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 2024-10-09 at 14:00 (Session A) and 14:30 (Session B).
Session A: (14:00 - 14:30, 14:30 - 15:00, 15:00 - 15:30)
Mohd Kashif, Divya Nidadavolu, Mohamad Altamer
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Password: BT!u5=
Session B: (14:30 - 15:00)
Faiq Iftikhar Awan
https://cispa-de.zoom-x.de/j/66136901453?pwd=YVBSZU9peUpvUlk4bWp3MDR4cGlUUT09
Meeting-ID: 661 3690 1453
Password: sxHhzA004}
Session A
14:00 - 14:30
Speaker: Mohd Kashif
Type of Talk: Master Intro
Advisor: Nico Döttling
Title: Haskel to FHE Transpiler
Research Area: RA0: Algorithmic Foundations and Cryptography
Abstract: We propose a fully homomorphic encryption transpiler that allows developers to convert high-level code (Haskell) that works on unencrypted data into high-level code that operates on encrypted data.
14:30 - 15:00
Speaker: Divya Nidadavolu
Type of Talk: Master Intro
Advisor: Xiao Zhang, Mario Fritz
Title: Double Trouble: Enhancing Robustness of Traffic Sign Classifiers Against Dual Adversarial Challenges
Research Area: RA3: Threat Detection and Defenses
Abstract: The advancement of deep learning has greatly improved intelligent transportation systems, especially in traffic sign recognition, which is vital for autonomous driving. While models trained on datasets like the German Traffic Sign Recognition Benchmark (GTSRB) have shown promise, their susceptibility to adversarial attacks is a growing concern. Data poisoning attacks can target specific subsets of traffic signs, leading to dangerous misclassifications, such as confusing stop signs with other signs. Additionally, out-of-distribution (OOD) attacks exploit the model's unfamiliarity with unusual conditions, causing further vulnerabilities. This thesis aims to enhance the robustness of traffic sign recognition models against these threats, ensuring their reliability and safety in real-world autonomous driving scenarios.
15:00 - 15:30
Speaker: Mohamad Altamer
Type of Talk: Bachelor Intro
Advisor: Cristian-Alexandru Staicu and Dr. Dolière Francis Somé
Title: Content Delivery Networks and CSP: Addressing Web Security Risks
Research Area: RA5: Empirical and Behavioural Security
Abstract: The global companies of today are putting in very serious efforts to ensure that content is presented to the user fast and at any part of the world. Content Delivery Networks (CDNs) now are an essential piece in enabling fast access to web resources globally. However, security concerns arise, particularly when public CDNs are used to deliver content like scripts on web pages, which poses risks to user data. This thesis investigates the relationship between the use of CDNs and Content Security Policy, an important feature in web security, intended to reduce risks associated with the delivery of content from third-party sources. While the CSP feature is useful for restricting content, it becomes insufficient when defining a public CDN as a trusted source By studying the drawbacks of CSP in conjunction with the inherent vulnerabilities in CDNs, This research investigates the security vulnerabilities of public CDNs, examining multiple services including Cloudflare, Amazon, and Google CDN.. The obtained results will contribute important insights for development, research, and usage, highlighting that more proper strategies need to be adopted to enhance the security of web applications. Ultimately, this work is going to contribute towards a more secure and trustworthy internet environment by eliminating the risks associated with the wide use of CDNs.
Session B
14:30 - 15:00
Speaker: Faiq Iftikhar Awan
Type of Talk: Master Final
Advisor: Andreas Zeller, Marius Smytzek
Title: More Tests, Better Repair?
Research Area: RA3: Threat Detection and Defenses
Abstract: An automated program repair is a tool that can automatically look for bugs in a program and fixes it using techniques like fault-localization, maximum branch coverage etc. Furthermore, test generation uses fuzzers to randomly generate test cases that increase branch coverage of a test subject. Fuzzers are software tools that can generate a large volume of random or semi- random data that can be directly fed into a test subject or program. With this definition in mind, we ask a question. Does more tests translate to better repair? We present a comprehensive analysis based on statistical data and results that tries to an- swer this question. Our approach utilizes recently published tools such as Avicenna, ISLa and Tests4Py to answer this simple question analytically. These tools serve as building blocks for a solution that can use minimal amount of tests to create a specification about a program. Then generate new test cases according to that specification and repair a program using test cases that provide most amount of coverage. Such repairs are then compared against a baseline. What level of enhancement, if any, does an increase in test cases contribute to the effectiveness of a program repair solution?