News
Next On-Site Seminar on 08.07.2026, CISPA D1 Room 0.15
Written on 01.07.2026 19:16 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany) - D1_Room0.15. Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm. You can use the poster printing service of Saarland University (https://www.uni-saarland.de/en/page/uds-card/functions/printing.html -> Posterdruck A0).
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Moritz Ditter, Nicolas Gundall, Vladyslava Semenova, Laurant Halili, Ukasha Sohail, Mirzokhid Mukhsidov, Lars Schirra
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Moritz Ditter
Type of Poster: Master Intro
Advisor: Jonas Hielscher, Alexander Ponticello
Title: Security Advice in Easy Language
Research Area: RA7: Others
Abstract: Users of digital services face an overwhelming amount of security advice from experts, their workplaces, media, and friends and family. Much of this advice is written without considering people who struggle with natural or subject-specific language. While previous research has looked at the quality, sources, and efficacy of security advice, accessibility has recently been proposed as a third dimension of human-centered security, alongside security and usability. This is especially important for people with cognitive impairments or learning disabilities, who are increasingly required to use online services. As far as we know, no research yet addresses translating security advice into easy language. Our work takes a first step by focusing on the translation process. We ask which problems translators face and what assistance they need to produce technically sound translations.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Nicolas Gundall
Type of Poster: Bachelor Intro
Advisor: Jannis Rautenstrauch, Ben Stock
Title: Evaluation of Setup-Based Measurement Variations in Web Crawling
Research Area: RA6: Empirical and Behavioural Security
Abstract: Web crawling is the basis of many research papers on Web security and privacy. When conducting a crawl, researchers have a choice between a variety of setups differing in crawling tools, configurations and other methodological options. Such setup differences may however have impacts on Web measurements. Since many studies perform crawling experiments with one fixed setup, it is unclear to which extent their results may be affected by setup-based measurement impacts. In this thesis, we build a framework allowing for a systematic evaluation of such interactions. We do simultaneous crawls with multiple setups varying in some aspect, then use the results of these crawls to perform measurements commonly found in Web security and privacy research. This allows us to estimate the measurement impacts of each setup choice.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Vladyslava Semenova
Type of Poster: Master Intro
Advisor: Katharina Krombholz, Simon Anell
Title: Security and Trust Perception in Digital Public Services Among Ukranian Refugees
Research Area: RA6: Empirical and Behavioural Security
Abstract: People must use digital services because government and most essential public systems are becoming more digital. Currently, in Germany there are over 1.33 million refugees from Ukraine. All of them had to go through registration in the country and use government systems and other public services, often without knowing the system well and mostly without prior knowledge of the language. Limited language skills, time pressure, and the complexity of a foreign government system make it hard to understand things like login processes, privacy notices, identity checks, and other security steps. Most information is only available in German, which is a big barrier even for people with some language knowledge. Because of this, users often need help from other people, which may lead to sharing or exposing personal data. These problems can lower trust in digital systems, make people depend on others more, and create risks for security and access. This work investigates the digital exclusion of Ukrainian refugees and explores their experiences with security and data protection mechanisms in German digital public services. The study aims to understand how Ukrainian immigrants with limited German proficiency perceive and navigate security-related mechanisms, whether they are able to complete tasks independently, and how they cope with challenges when using these systems.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Laurant Halili
Type of Poster: Bachelor Intro
Advisor: Xiao Zhang
Title: Towards Robust Defenses against DreamBooth-Style Personalization Attacks under Image Transformations
Research Area: RA2: Trustworthy Information Processing
Abstract: The development of text-to-image generation models in the last few years has made it possible to create realistic personalized deepfakes from only a handful of publicly available pictures. DreamBooth is one example of this functionality, with just a few images of a target person, an attacker can fine-tune a diffusion model to generate realistic new pictures of that individual in arbitrary scenes. This creates a serious privacy risk, especially when personal images are for example publicly available on social media platorms. Anti-DreamBooth was proposed as a defense against this threat by adding small perturbations to published images to disrupt later personalization attacks. However, previous studies have demonstrated that Anti-DreamBooth remains vulnerable to several practical preprocessing attacks, raising the question of how such defenses can be made more robust. This thesis will investigate how the defense of the Anti-DreamBooth framework can be improved, such that preprocessing attacks, that are easy to apply do weaken the defense of the framework less. It will first reproduce the Anti-DreamBooth framework, so that the training, the creation of the perturbations, and the evaluation can be executed in a more modern environment. Then it applies some common preprocessing attacks like JPEG compression, Gaussian Blur and median filtering to the perturbation and evaluates how much the effectiveness of the defense is reduced by these attacks. Based on the observed weaknesses and inspired by recent work in this area, the thesis implements and evaluates a preprocessing-aware improvement to the Anti-DreamBooth framework that aims to make the defense more robust against such attacks. The expected outcome is a reproducible evaluation framework, a systematic analysis of where Anti-DreamBooth succeeds and fails, and practical insights into how defenses against personalized deepfakes can be improved.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Ukasha Sohail
Type of Poster: Master Intro
Advisor: Tristan Hornetz, Michael Schwarz
Title: Auto-Lixom: A Compiler for Lixom Defense Scheme
Research Area: RA4: Threat Detection and Defenses
Abstract: Cryptographic keys are among the most sensitive assets in a computing system. Microarchitectural attacks such as Spectre and Meltdown have demonstrated that keys stored in memory can be leaked even across process boundaries, undermining the security guarantees of cryptographic software. Lixom is a defense scheme that addresses this threat by storing cryptographic keys as immediate values directly in executable code, then marking that code as execute-only memory (XOM), making it unreadable by any attacker including a privileged OS adversary. While Lixom has been shown to be effective, writing Lixom-compliant assembly by hand is complex and error-prone, requiring deep expertise in both x86-64 assembly and the Lixom programming rules. A single mistake can silently break the security guarantees without any indication of failure. This creates a significant barrier to adoption. In this thesis, we present Auto-Lixom, a compiler that automatically generates Lixom-compliant assembly from annotated C code, removing the need for manual assembly programming. Our approach proceeds in three phases. First, we formalize the Lixom-Light variant as a set of precise rules. Second, we implement a static verifier that checks assembly compliance against these rules. The verifier serves as a test oracle for the compiler. Third, we build the compiler as a custom LLVM IR pass that takes annotated C code as input and produces verified Lixom-compliant x86-64 assembly automatically.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Mirzokhid Mukhsidov
Type of Poster: Master Intro
Advisor: Lucjan Hanzlik
Title: IMPLEMENTING AND EXTENDING ONE-SHOT OFF-CHAIN PAYMENTS
Research Area: RA1: Algorithmic Foundations and Cryptography
Abstract: Off-chain payment systems offer a path to scalable digital payments without the throughput constraints of public blockchains, but most existing schemes rely on persistent channels or trusted intermediaries. We try to build a practical implementation and extension of ORBIT, a one-shot payment protocol grounded in garbled circuits and Waters Identity-Based Encryption (IBE). We deploy the full protocol end-to-end: a Flask/Rust server that garbles Waters circuits and interacts with the Sepolia Ethereum testnet, an Android application that uses the hardware-backed AndroidKeyStore to evaluate garbled circuits and recover activation keys, and a Solidity smart contract that verifies BN254 pairing equations on-chain to enforce cryptographic one-timeness. Beyond reproducing the base protocol, we extend ORBIT with a denomination system in which the Waters IBE tag encodes the payment value — a key derived for denomination d is cryptographically bound to its corresponding hashlock and cannot unlock a contract of a different value. We further implement re-delegation, allowing a token holder to transfer spending rights to a second party entirely offline, and demonstrate the complete issuance, activation, and use cycle on a live testnet. Together, these contributions bridge the gap between the theoretical ORBIT construction and a deployable, denomination-aware one-shot payment system.
08.07.2026, 14:00 - 16:00, CISPA D1 (Kaiserstraße 21 66386 St. Ingbert, Germany)
Presenter: Lars Schirra
Type of Poster: Bachelor Intro
Advisor: Alexi Turcotte, Andreas Zeller
Title: Language Based Language Testing — Now Executable
Research Area: RA4: Threat Detection and Defenses
Abstract: Compilers play a crucial role in software. Bugs in these systems lead to unexpected behaviour in the best case and severe vulnerabilities in generated binaries in the worst case. Ensuring correctness is non-trivial and verifying it statically is extremely hard in most cases, since correctness is a whole program property and codebases of compilers often span several million lines of code. Poorly tested compilers, including those for emerging domain-specific languages, pose a serious risk for applications relying on them. In the past, language based testing has proven to be effective at finding bugs in compilers, because it can automatically generate large numbers of valid, parsable programs. Fandango-rs provides tools to create a set of constraints and fixers that help to generate inputs that are syntactically and semantically valid. Previously, Fandango-rs was used to generate inputs that could compile without errors, but for reaching deep paths in compiler source code correctness alone does not suffice. To show how this problem can be solved, we propose a set of constraints that specify execution-validity, along with fixers that repair inputs to satisfy them demonstrated on C. The goal of this setup is to create inputs for C compilers that not only compile successfully, but also execute. We pair the constraints with a differential testing framework that enables comparison across compilers or optimization levels to find miscompilations and thus bugs. We evaluate our approach in two ways: the coverage of generated inputs using TinyC and undefined-behavior aware differential testing on the C compilers GCC and Clang against an AI generated C compiler (Claude’s) comparing outputs of compilation and execution to find discrepancies. In addition, we compare different optimization levels of GCC. As a proof of concept, our main contribution is a set of constraints and fixers for generating executable C programs, which enables us to perform execution-aware generation of test cases usable for differential compiler fuzzing.
