Dear All,
The next seminar(s) will take place on 19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany) - D1 Room 0.15. Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm. You can use the poster printing service of Saarland University (https://www.uni-saarland.de/en/page/uds-card/functions/printing.html -> Posterdruck A0).
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Marco Spies, Franziska Granzow, Altaf Shaikh, Alexandre Dugast, Arina Hallemans, Wojciech Kopański, Anupam Varshney, Nils Bernsdorf, Florian Romann, Manar Mohamed
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Marco Spies
Type of Poster: Bachelor Intro
Advisor: Nils Ole Tippenhauer
Title: HaLLM: Leveraging LLM Agents for Automated Rehosting
Research Area: RA4: Threat Detection and Defenses
Abstract: Firmware analysis plays a central role in ensuring the security and reliability of embedded systems, which are increasingly present in critical domains ranging from consumer electronics to industrial and medical applications. Dynamic analysis of firmware binaries has become an important method to uncover vulnerabilities. However, this process is hampered by the inherent diversity, complexity, and hardware-firmware coupling characteristic of embedded systems. Emulation-based rehosting is a promising approach to these challenges. By enabling firmware execution on virtual hardware, it facilitates larger-scale testing and deeper inspection compared to the resource-constrained physical devices. A commonly adopted method in this area is abstraction layer emulation, where hardware abstraction layer (HAL) functions are substituted with high-level software models. This technique helps to overcome environmental dependencies and peripheral interactions but still requires manual creation of these models, which is time-consuming and demands specialized expertise. In this thesis, we propose to explore the use of Large Language Models (LLMs) to assist in the automation of HAL-based rehosting. The idea is that, instead of relying solely on human analysts to manually design high-level replacements for hardware interactions, LLM agents could be employed to automatically generate the corresponding abstractions. By integrating LLM-driven automation into the rehosting pipeline, we aim to reduce manual effort, enhance scalability, and ultimately lower the barrier to systematic testing and security analysis.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Franziska Granzow
Type of Poster: Master Intro
Advisor: Nils Ole Tippenhauer, Ali Abbasi
Title: Fuzzing Embedded Systems with Power Side-Channels Using Low-Cost Measurement Devices
Research Area: RA5: Secure Mobile and Autonomous Systems
Abstract: Embedded systems are widely deployed in critical domains, making their security and reliability essential. Fuzzing is a powerful technique for detecting vulnerabilities, but in embedded systems, traditional feedback mechanisms such as code coverage are difficult to obtain due to hardware constraints or the lack of source code. Recent research has explored the use of power side-channel information as an alternative feedback source. However, existing approaches often rely on expensive equipment or highly controlled environments, limiting their practical applicability. In this work, we investigate whether low-cost measurement devices, such as ChipWhisperer, can effectively capture side-channel information to guide a fuzzer for real-world embedded systems. In addition to black-box fuzzing, we consider grey-box scenarios to assess the role of additional contextual information to improve fuzzing feedback.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Altaf Shaikh
Type of Poster: Master Intro
Advisor: Doreen Riepel, Nico Döttling
Title: Modularizing the Double Ratchet: Tight Security Bounds
Research Area: RA1: Algorithmic Foundations and Cryptography
Abstract: We study the security of the Double Ratchet which is the core key-evolution mechanism used by Signal. Prior work [CRT24] established tight composition bounds for a multi-user Double Ratchet by modelling the PRF-PRNG as a random oracle. This thesis aims to remove that idealization: following the modular decomposition of [ACD19], we treat the Double Ratchet as the composition of a continuous key-agreement (CKA) scheme, a PRF-PRNG, and a forward-secure AEAD (FS-AEAD), and we will preserve the intended CKA and FS-AEAD security properties while replacing the PRF-PRNG random-oracle model with a standard-model multi-user abstraction. Concretely, we will (i) formalize a multi-user security definition that captures the interaction aspects needed for tight reductions, (ii) adapt and extend the modular proof techniques used in [ACD19, CRT24], and (iii) apply reduction techniques similar to those in [BSJ+17, Appendix A] to obtain tight (or provably near-tight) bounds. As a first step we focus on the one-session / two-party case to isolate the key technical challenges, then generalize to the full multi-user setting. Secondary directions include relating our abstraction to PRF-ODH-style assumptions and investigating implications for related ratchet designs (e.g., Triple Ratchet). The expected outcome is a modular, standard-model security statement for the Double Ratchet with explicit concrete bounds, reducing reliance on random-oracle heuristics and strengthening the theoretical foundations of secure instant-messaging protocols.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Alexandre Dugast
Type of Poster: Master Intro
Advisor: Srishti Gupta, Lea Schönherr
Title: Security Assessment of Multi-Agent Systems Leveraging MCP: A Prompt Injection Perspective
Research Area: RA4: Threat Detection and Defenses
Abstract: Multi-agent systems (MAS) built on large language models represent a novel and increasingly capable approach to task automation. These systems enable specialised agents to collaborate through shared memory and dynamic tool integration. The Model Context Protocol (MCP) facilitates structured communication between agents and external tools or data sources, enabling context-aware interactions and modular orchestration. While combining MAS with MCP provides access to external resources such as files, calendars and web content, allowing for flexible and scalable orchestration, it also introduces architectural complexity and new security risks, particularly from injection attacks that exploit the agents' susceptibility to embedded instructions. This work focuses on answering the following question: how do injection attacks propagate across agents in a multi-agent setting, potentially leading to systemic compromise? This thesis explores the vulnerability of MCP-enabled MAS to injection attacks, including: a) indirect injection via malicious web content; b) tool poisoning through manipulated MCP-integrated tool metadata; and c) multi-turn injection chains. Using a LangGraph-based testbed, the thesis aims to analyse attack interactions and propagation. This will contribute to a deeper understanding of vulnerabilities in MAS architectures and inform future mitigation strategies.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Arina Hallemans
Type of Poster: Master Intro
Advisor: Laura Plein
Title: Privacy-Preserving Synthetic Data Generation combining Fuzzing with Machine Learning
Research Area: RA4: Threat Detection and Defenses
Abstract: Machine learning models are increasingly applied in various sensitive domains such as healthcare, finance, and insurance. These models often need to be trained on data containing personally identifiable information or sensitive attributes, which raises significant privacy concerns. In critical domains, it is also essential to thoroughly test models under realistic conditions to ensure their reliability. However, testers typically do not have access to the original datasets, as these are usually restricted due to confidentiality and data protection requirements. Sharing data not only enables training machine learning models and testing models in critical domains but also drives knowledge development in research and allows collaboration across organizations. However, as data sharing introduces privacy concerns and is strictly constrained by legal regulations such as the GDPR in the EU we need a solution that provides a balance between preserving the privacy and maintaining the utility of the data. Traditional anonymization techniques have been shown to be vulnerable to re-identification attacks, especially if the attacker has access to additional information. In contrast, privacy-preserving synthetic data holds better on privacy promises, such as reducing the risk of membership or attribute inference attacks, and thus enables realistic testing without exposing sensitive information. Despite these advantages it poses a greater challenge in terms of data usability. The goal of this work is to present a privacy-preserving synthetic data generator that aims to maintain the syntactic and semantic characteristics of the original dataset while minimizing privacy risks. The proposed method combines fuzzing techniques with machine learning approaches to iteratively improve the quality of the generated data. The generator creates synthetic data without accessing the original dataset, reducing the risk of direct data leakage.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Wojciech Kopański
Type of Poster: Master Intro
Advisor: Sven Bugiel
Title: Studying Android Passkey Implementations in the Wild
Research Area: RA6: Empirical and Behavioural Security
Abstract: Despite the growing industry push for passkeys – the most promising passwordless authentication method, their adoption remains limited. The existing research works have examined the prevalence of passkeys in popular websites and investigated the obstacles developers face when implementing passkey authentication. However, the integration of passkeys within the mobile space remains unexplored. This work proposes an empirical study of passkey implementation by conducting a quantitative analysis of Android applications employing them, as well as investigating the unique possible implementation methods. Additionally, the study aims to evaluate the relevant third-party services and guidelines for mobile developers.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Anupam Varshney
Type of Poster: Bachelor Intro
Advisor: Lea Schönherr, David Pape
Title: Effects of Quantization on Attacks Against Large Language Models
Research Area: RA4: Threat Detection and Defenses
Abstract: Post-training quantization enables memory- and latency-efficient deployment of large language models (LLMs), yet its security implications remain underexplored. This work presents a systematic, comprehensive study on how common 4-bit weight-only quantization schemes influence LLM robustness under realistic attack scenarios. We evaluate five quantized variants of Llama-3.2 3B (BnB-4bit, AWQ, HQQ, GPTQ, and SmoothQuant) across diverse attack types aligned with the OWASP LLM risk framework: Prompt Manipulation, Alignment-Breaking, and Evasion & Robustness attacks. Experiments include black-box attacks (PWWS, AutoDAN, Indirect Prompt Injection, Prompt Injection, Prompt-Extraction) and a white-box gradient-based jailbreak (GCG). Our findings reveal that quantization reshapes rather than uniformly reduces vulnerabilities: AWQ stabilizes activations, preserving semantics; GPTQ and SmoothQuant weaken gradient-based attacks through weight rounding or activation smoothing; while prompt-leakage attacks largely persist. To capture robustness changes quantitatively, we propose the Quantization Sensitivity Score (QSS), measuring per-attack robustness shifts relative to the full-precision baseline. Finally, we link QSS with task utility (MMLU, GSM8K) for comparison, SmoothQuant achieves near-baseline accuracy (MMLU 61.4, GSM8K 75.5) while maintaining moderate QSS (7.3 pp), offering the best balance between efficiency, utility, and security.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Nils Bernsdorf
Type of Poster: Master Intro
Advisor: Michael Schwarz
Title: Efficient Instruction Sequence Generation for Fuzzing Closed-Source CPUs using Reinforcement Learning
Research Area: RA4: Threat Detection and Defenses
Abstract: Hardware fuzzing has been demonstrated to be an effective technique for discovering security vulnerabilities in both open- and closed-source CPU designs. However, the effectiveness of a hardware fuzzer greatly depends on its ability to generate instruction sequences that trigger a diverse set of microarchitectural events within the CPU. To achieve this, state-of-the-art fuzzers for open-source CPU designs commonly make use of Register Transfer Level (RTL) coverage as a feedback mechanism to guide instruction selection. However for closed-source commercial CPUs, where such coverage information is unavailable, existing fuzzers often do not rely on any feedback mechanism and instead choose instructions according to a simple static policy. This thesis aims to address this shortcoming by developing a novel sequence generation approach for fuzzing closed-source CPUs. Lacking a precise coverage metric, we propose to use hardware debug interfaces such as performance counters to observe certain microarchitectural events within the CPU. We hypothesize that increasing the frequency of these events, will trigger more microarchitectural edge cases and therefore reduce the time until a bug is found. Due to the highly temporal and sparse nature of the performance counter increments, we propose to model sequence generation as a Reinforcement Learning (RL) task, where in each step the RL agent receives an observation of the processor's current state and selects the next instruction to execute. The agent is then guided towards maximizing the performance counters by giving a reward every time a counter is incremented.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Florian Romann
Type of Poster: Master Intro
Advisor: Eric Ackermann, Sven Bugiel
Title: Navigating the Sea of Options: Exploring Compile-Time Configuration Fuzzing for Zephyr
Research Area: RA5: Secure Mobile and Autonomous Systems
Abstract: Embedded devices are everywhere, from consumer electronics to automotive and industrial monitoring systems. Zephyr, a real-time operating system supporting over 800 hardware platforms, handles this diversity through over 8400 configuration options. To ensure the security of Zephyr and its boards, Zephyr's configurability must be considered when testing. Recent advances in configuration fuzzing have discovered over 500 bugs in configurable sofware. However, these approaches target runtime configurations that can be fully tested using one binary, but Zephyr's configurability is set at compile-time, resulting in a distinct binary for every configuration. This fragmentation scatters coverage feedback across configurations and requires recompilation for every tested configuration. This thesis presents Compass, the first compile-time configuration fuzzer for Zephyr. Compass uses Fandango to generate semantically valid configurations from Zephyr's Kconfig specification, respecting complex constraints and interdependencies. Using line coverage, Compass enables coverage tracking across multiple builds and selects configurations that maximize code exploration. Finally, the selected configurations are fuzzed on emulated hardware. Our evaluation will analyze the efficiency of the configuration generation of Compass and compare its fuzzing performance to the-state-of-the-art.
19.11.2025, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Manar Mohamed
Type of Poster: Master Intro
Advisor: Nico Döttling
Title: New Scheme for Group Action Adaptor Signatures
Research Area: RA1: Algorithmic Foundations and Cryptography
Abstract: We propose a new Adaptor Signature scheme for generic Group Actions. An adaptor signature allows a signer to generate a pre-signature for an instance of a hard relation. Only a party that knows the witness to the instance of the hard relation can adapt the pre-signature into a full valid signature using the witness. From both the pre-signature and the signature, the signer can extract the witness. Adaptor Signatures have many applications such as atomic swaps and payment channel networks. Our work is focused on the group action setting. Starting from Joux’s MPCitH post-quantum signature framework for Group Actions, we extend his framework to construct Adaptor Signature for the group-action DLog relation. Our scheme satisfies the standard security notions of strong unforgeability, pre-signature adaptability, witness extractability, witness hiding and adapted signature unlinkability.
