News
Next On-Site Seminar on 11.03.2026, CISPA C0 Room 0.02
Written on 04.03.2026 22:25 by Xinyi Xu
Dear All,
The next seminar(s) will take place on 11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken) - C0 0.02. Presenters and their advisors are encouraged to present in person. We especially encourage other students and teachers to attend and present in person as well.
For presenters,
1. We would book the room half an hour in advance, so you are encouraged to arrive a few minutes early to set up your own poster.
2. For this session, you need to print the poster on your own. The size of the poster should be 116x86cm or 86x116cm. You can use the poster printing service of Saarland University (https://www.uni-saarland.de/en/page/uds-card/functions/printing.html -> Posterdruck A0).
3. You need to present your poster in a much smaller group, but you are encouraged to roam around and ask questions about other posters.
4. We encourage you to bring your laptop to present your demo; there will be small tables in the room where you can put your laptop.
Presenters: Dan Jose, Justin Steuer, Joys K Mathew, Simonas Kanapeckas, Nik Schönberg, Sandip Kumar Mourya, Marius Busch, Robin Gebhardt, Fabian Pütz, Nikhil George
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Dan Jose
Type of Poster: Master Intro
Advisor: Eric Ackermann, Sven Bugiel
Title: Exploring stronger security on the CAN Bus with Northcape
Research Area: RA5: Secure Mobile and Autonomous Systems
Abstract: As modern in-vehicle infotainment (IVI) systems become more advanced and feature-rich, their complexity increases and expands the attack surface. As IVI systems often support vehicle controls, typically isolated CAN systems like the engine and chassis are now accessible from the infotainment system. With CAN functions accessible to application software on the infotainment, a malicious app can theoretically gain control of the car, posing a threat to property and personal safety. Also by design, CAN does not provide authenticity leading to the possibility of transmitting spoofed messages on the network. This work proposes using Northcape to mitigate the mentioned threats. Northcape is a hardware capability architecture that considers segments in main memory its objects and tasks in an RTOS its subjects. Together with Skadi, a capability-aware operating system based on Zephyr, it can achieve mutual isolation between subsystems without relying on trusted software. By maintaining this strong compartmentalization, we allow tasks to directly access the CAN subsystem and apply message authentication on TX paths in hardware, per task.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Justin Steuer
Type of Poster: Master Intro
Advisor: Andreas Zeller, Stanimir Iglev
Title: Differential Fuzzing of RESTful API Client Generation Tools
Research Area: RA4: Threat Detection and Defenses
Abstract: Representational State Transfer APIs (REST APIs) are used across various industries for a large variety of use cases, including integration of third-party platforms, e-commerce, location-based services, and more. To facilitate the adoption of APIs, the OpenAPI Specification was developed, which defines a standardized way to describe the structure and syntax of an API, typically through a YAML or JSON file. The wide adoption of the specification has led to the creation of various API generation libraries, which, given an OpenAPI specification, can automate the creation of certain components related to the API, such as server stubs, documentation, and API clients. As the OpenAPI specification itself is decoupled from any specific programming language, various tools exist that focus on one or more programming languages. Despite the widespread use of these tools, there is little academic work on them at the time of writing. In particular, while API testing has been a topic of academic interest for years, testing the wide range of available tools used for client generation remains a largely unexplored topic. This work introduces a fuzzing tool designed to assess automated OpenAPI client library generators through differential testing. The tool will support three comparison strategies: cross-language testing within a single generator, cross-tool evaluation, and differential regression testing across different versions of the same software. To evaluate the fuzzer, a broad selection of relevant generators will be examined to uncover their specific limitations and potential faulty behaviors.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Joys K Mathew
Type of Poster: Master Intro
Advisor: Jane Im
Title: Understanding Users’ Consent-Granting Preferences for Using Social Media Data to Train Large Language Models
Research Area: RA6: Empirical and Behavioural Security
Abstract: We aim to understand how people express their preferences regarding granting consent for tech companies to use their social media data (e.g., posts, comments) to train large language models (LLMs). In particular, we focus on understanding users’ affirmative consent for these contexts, which means that users voluntarily and clearly indicate permission rather than having it inferred or assumed. We will conduct semi-structured interviews with social media users to understand in which conditions they would be willing to grant affirmative consent for their posts and comments to be used to train tech companies’ LLMs, as well as how they would like to grant them.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Simonas Kanapeckas
Type of Poster: Bachelor Intro
Advisor: Lucjan Hanzlik
Title: From eID to Wallet: User-Friendly, Age-Compliant and Privacy-Preserving Smart Accounts
Research Area: RA1: Algorithmic Foundations and Cryptography
Abstract: Traditional blockchain wallets rely on private key management, creating significant usability and security challenges for mainstream adoption. This thesis presents a wallet framework built on ERC-4337 account abstraction, demonstrating how flexible authentication mechanisms can replace traditional key management. We implement and evaluate five increasingly sophisticated authentication levels: (1) baseline ECDSA signatures, (2) WebAuthn/passkey biometric authentication using P-256 elliptic curve cryptography, (3) Lithuanian government eID card signatures leveraging P-384 ECDSA, (4) zero-knowledge proof-based age verification from eID certificates, and (5) a comprehensive system combining multiple authentication methods and age verification (2-4). Each level showcases different capabilities of account abstraction while addressing real-world use cases and problems like usability, compliance and privacy. This work demonstrates that account abstraction enables truly flexible wallet authentication, from passwordless biometric login to government-backed digital signatures, paving the way for more accessible and regulatory-compliant blockchain applications.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Nik Schönberg
Type of Poster: Bachelor Intro
Advisor: Deepak Garg, Pierfrancesco Ingo
Title: Benchmarking Multiparty Computation Algorithms for Privacy-Preserving Machine Learning
Research Area: RA2: Trustworthy Information Processing
Abstract: Privacy-preserving machine learning (PPML) allows multiple parties to perform machine learning tasks together without revealing their data to each other. This not only allows for the training of models on sensitive data without the need to expose said data, but also for inference in the scenario where one party holds the model, a different party holds the queries to the model, and neither is willing to share their information with the other party. One way of executing PPML is multiparty computation (MPC), which allows multiple parties to jointly evaluate a function on their inputs without revealing the inputs to each other. In recent years, many PPML-oriented MPC-protocols have been proposed. However, performance evaluations for these protocols are often limited to the specific points of improvement of the newly proposed work and the comparative evaluation is limited. The goal of this work is to perform a broader, systematic evaluation of a selection of MPC protocols on a curated selection of machine learning primitives and tasks, thus setting the foundations of a framework that picks the best protocol for any given PPML task.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Sandip Kumar Mourya
Type of Poster: Master Intro
Advisor: Nils Ole Tippenhauer
Title: Temporal Accuracy in Rehosted Firmware
Research Area: RA5: Secure Mobile and Autonomous Systems
Abstract: Modern vehicles rely on deeply timing-dependent Electronic Control Units (ECUs) for safety-critical functions, yet current firmware rehosting frameworks sacrifice temporal accuracy for performance—creating a dangerous blind spot for timing-dependent vulnerabilities. This thesis proposes a timing-accurate firmware rehosting framework that preserves real-time constraints through a Temporal Fidelity Layer (TFL), enabling realistic security analysis of race conditions, replay attacks, and timing violations. Built upon the Renode simulation framework and leveraging Zephyr RTOS, our approach addresses hardware-specific timing emulation, real-time constraint modeling, and multi-ECU synchronization challenges. The work aims to establish the first scalable, hardware-free pipeline for discovering timing-sensitive vulnerabilities in automotive firmware.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Marius Busch
Type of Poster: Bachelor Intro
Advisor: Michael Schwarz, Daniel Weber
Title: SGX Iago Fuzzer: Modifying Syscall Return Values at the Trust Boundary
Research Area: RA4: Threat Detection and Defenses
Abstract: SGX is a widespread trusted execution environment (TEE) on Intel CPUs. Applications are split into a secure trusted enclave and an untrusted host application. In the SGX threat model, only the CPU is trusted, and all other parts, including the operating system (OS), can be attacker-controlled. This scenario enables a very specific type of so-called Iago attacks: The enclave cannot perform system calls on its own and must rely on the untrusted OS. A malicious OS could now return unexpected values for syscalls and if the enclave does not check that properly, it might be exploited. This thesis presents a framework that fuzzes syscall return values during enclave execution and observes the behaviour of the enclave to identify potential vulnerabilities caused by insufficient validation.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Robin Gebhardt
Type of Poster: Bachelor Intro
Advisor: Daniel Weber, Michael Schwarz
Title: AMD Microcode Defenses: Prevent Microarchitectural Attacks via Microcode
Research Area: RA4: Threat Detection and Defenses
Abstract: Modern x86 CPUs appear to be CISC, but internally use RISC instructions, called microcode. Microcode is used to emulate complex instructions like rdrand, cmpxchg and rdtsc and runs at the highest privilege level. When shipped, the initial microcode is stored in mask ROM. Although that cannot be changed, vendors have the ability to push microcode updates to patch certain instructions. These updates are encrypted and signed, to prevent reverse engineering and loading of inauthentic patches. However, AMD’s Signature Verification is flawed, thus it is possible to write custom microcode. With this ability, we want to look into how custom microcode can mitigate microarchitectural attacks, like side-channel attacks, by e.g. modifying rdtsc to act as a monotonic counter.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Fabian Pütz
Type of Poster: Bachelor Intro
Advisor: Michael Schwarz
Title: Retrofitting x86 with custom pointer authentication
Research Area: RA4: Threat Detection and Defenses
Abstract: Pointer authentication (PAC) is a security feature, which uses the unused bits of pointers to store a cryptographic signature of that pointer. When the pointer is then changed, e.g., due to a buffer overflow, it becomes invalid. PAC is supported by modern ARM CPUs, but it is not available on x86 CPUs. Google's research into EntrySign, now allows us to create custom microcode updates for AMD CPUs. In this thesis, we will explore how these custom microcode updates can be used to implement pointer authentication for x86 CPUs.
11.03.2026, 14:00 - 16:00, CISPA C0 (Stuhlsatzenhaus 5, 66123 Saarbrücken)
Presenter: Nikhil George
Type of Poster: Master Intro
Advisor: Prof. Rayna Dimitrova
Title: Quantitative Information Flow Analysis for Probabilistic Programs
Research Area: RA3: Reliable Security Guarantees
Abstract: Quantitative Information Flow (QIF) offers a formal way to measure how much secret information can leak through probabilistic programs. In this work, we treat the attacker’s evolving knowledge as part of the program state itself by encoding them as discrete values. We track the posterior probabilities of high‑security (secret) variables and update them at the points in the program where new updates or information leaks using a python program and convert it into a corresponding PRISM model. We use Storm, a probabilistic model checker, which lets us explore the system and verify properties such as the probability of reaching states where sensitive information may be exposed. The model also includes elements like a program counter to follow control flow and labels to help easily track reachability of states and program locations. We are working on adding constraints to limit their execution to address the overheads of non‑terminating loops that keep updating posterior probabilities. By combining QIF techniques with probabilistic model checking in a PRISM‑compatible format, this approach aims to provide a clear, structured way to reason about how vulnerable different program states are and how information leakage occurs according to attacker's point of view.