Topic list
Ali Abbasi
State-Aware Fuzzing on Trusted OS for IoT Devices
Trusted Execution Environments (TEEs) embedded in IoT devices offer a deployable solution to secure IoT applications at the hardware level. By design, within TEEs, the Trusted Operating System (Trusted OS) is the primary component. It allows the TEE to implement security-based design techniques, such as data encryption and identity authentication. If a Trusted OS is exploited, the TEE can no longer ensure security. However, Trusted OSes for IoT devices have undergone limited security analysis. Recently, a fuzzer named Syztrust claimed to address this issue.
Your task is to replicate the experiments of Syztrust [1] and thoroughly document the process. Syztrust is a fuzzer for trusted execution environments that utilize ARM CoreSight technology. We will provide you with a tracking device and a development board to replicate the work.
Requirements: This project requires a strong background in low-level software development and Operating System.
Detect Malicious Packages in PyPI
PyPI has been the target of malware writers as anyone could publish packages in it without going through a good security check. Those malware are often heavily obfuscated and try to be evasive. The malicious part of the program will only be executed when a specific condition is satisfied. For instance, the malware will not run the malicious part when it finds itself in a debugger or the target is not available in the victim machine.
Your task is to modify the Python interpreter to build a dynamic analysis tool to force the malware to expose those malicious behaviors. You also need to run the tool on PyPI to identify previously unknown malicious packages and write a sample analysis report.
Requirements: This project requires a strong background in low-level software development (C/C++) and knowledge of Operating System
Pouya Narimani
Research on Data Extraction from Assembly and Pseudo C Codes
The project involves compiling different binary files from different RTOS implementations, leveraging their Board Support Packages (BSPs). The goal here is to use BSPs and build environment of existing RTOS and compile diverse configuration of different boards equipped with unique hardware peripherals. The subsequent stage demands the decompilation of these binary files into assembly or pseudo C codes (we will provide you with APIs to perform decompilation, you do not implement a decompiler). Following this step, we have to extract the information in these codes and properly organize them for our use cases. Here, we require precision, especially in classifying information.
Requirements: 1) Having ability to quickly grasp existing build systems of RTOSes 2) Proficiency in Python for data extraction, collection, and organization. 3) A basic understanding of assembly and the C language 4) Experience with diverse data design language
Ulysse Planta
Lockstep-state for embedded network stacks
To ensure that a vulnerability cannot cause a network stack to become unresponsive upon receiving a malicious frame, we keep two states of the network stack. One corresponds to the most up-to-date state that is utilized when receiving a frame and one is delayed by one frame. In case a timeout/memory error occurs while processing the frame we can switch to the delayed state that was not affected by the malicious frame, making it seem like it was never processed. While the second state is updated by following frames, the compromised state is rolled back to the known good delayed state before the malicious frame and will from now on serve as the delayed state. This could be extended to being able to roll back the state by more than one frame.
The Project covers a proof of concept implementation of this mechanism for network stacks in the context of embedded systems, utilizing hardware features (like DMA) as much as possible. The resulting implementation shall be benchmarked in regard to runtime and memory overhead to check for the feasibility of this mechanism. At the end, a short write-up shall present the results.
Requirements: This project requires a strong background in low-level software development. Knowledge about embedded real-time operating systems is a plus.
Bhupendra Acharya
Measure the prevalence of scams and phishing attacks in social media
In this project, we plan to measure online scams and abuse that are prevalent on social media platforms. For this, we plan to deploy a tool that collects and engages with such channels. Additionally, analyzes end-to-end scamming modus operandi techniques to develop a proactive defense mechanism to fight against such scams and abuses in the wild.
Requirements: Student is expected to have proficient technical expertise in programming languages (Python, Java) and building scalable frameworks with databases that integrate with third-party services (LLMs, APIs, etc).
The project is suitable for a team of 2 students.
Wouter Lueks
Offline-First for Better Privacy
Web applications (they are everywhere!) have loads of privacy risks: Access patterns and API calls reveal what users do – and defending is hard! Offline-first application keep all data local, and only interact with the network to synchronize database state. In this project you will:
(1) Learn about offline-first applications, synchronization and traffic analysis, (2) use offline-first to automatically provide strong privacy protection; (3) implement a privacy-friendly prototype application.
Requirements: excellent programming skills in javascript
Securing Private Monero Transactions
Blockchain users often use key-sharing to protect their keys (and thus their money!). But on anonymous blockchains such as Monero, protecting your keys might kill anonymity. Unless you use Tandem. In this project you will: (1) Learn how Monero achieves anonymity; (2) Analyze how to best use Tandem to protect funds; (3) Implement Tandem in the Monero library.
Requirements: programming skills in C
Private Record Linkage: Does it even work?
Record Linkage joins tables even if keys contain errors. Used in: large scale data analysis such as medicine, humanitarian sector, etc. But combining tables in the clear is horrible for privacy. In this project you will: (1) Investigate the space of (privacy-friendly) record linkage techniques; (2) Implement and evaluate one of them; (3) Evaluate privacy risks in concrete scenarios.
Requirements: Familiarity with mathematics/statistics, threat modeling. Experience with modern cryptography is a plus
Rafael Dutra
FormatFuzzer: Effective Fuzzing of Binary File Formats (Project 1: New applications)
In order to fuzz a program that parses a binary file (such as a PNG image), we need to generate many random inputs with the correct file format structure. We developed a framework called FormatFuzzer (https://github.com/uds-se/FormatFuzzer) that can parse, mutate and generate random valid files for several different formats. It works by using an existing specification of the format structure (https://www.sweetscape.com/010editor/templates.html) to parse and generate those binary files. There are hundreds of file formats for which those templates exist, such as PNG, OGG, GIF, JPEG, TIFF, ZIP, PCAP, MP4, SWF, MIDI, WAV, AVI, BMP, MP3, ELF, PDF
We have different possible projects available in extending FormatFuzzer and applying it to fuzzing.
We have already performed fuzzing experiments for 10 different file formats, but there are hundreds of more formats that can be fuzzed. Your task on this project would be to fuzz new target programs and file formats (for which binary templates already exist). You'll have to compile the target programs with AFL instrumentation in order to run the fuzzing experiments with AFL in combination with FormatFuzzer.
Requirements: Familiarity with fuzzing/AFL recommended
FormatFuzzer: Effective Fuzzing of Binary File Formats (Project 2: Mine input constraints)
In order to fuzz a program that parses a binary file (such as a PNG image), we need to generate many random inputs with the correct file format structure. We developed a framework called FormatFuzzer (https://github.com/uds-se/FormatFuzzer) that can parse, mutate and generate random valid files for several different formats. It works by using an existing specification of the format structure (https://www.sweetscape.com/010editor/templates.html) to parse and generate those binary files. There are hundreds of file formats for which those templates exist, such as PNG, OGG, GIF, JPEG, TIFF, ZIP, PCAP, MP4, SWF, MIDI, WAV, AVI, BMP, MP3, ELF, PDF
We have different possible projects available in extending FormatFuzzer and applying it to fuzzing.
There are hundreds of file format specifications available as binary templates, but those are designed originally only for parsing the binary files. If we want to generate new binary files from scratch, we need extra information (such as the possible of values allowed for each field inside the file structure). We would like to mine such constraints on the input structure automatically, so that we learn what is necessary to produce valid files. Your job in this project will be to use an existing corpus of valid files and apply several mutations on those files, then feeding them to the target program, which will be used as an oracle to check the validity of the files. The goal is to learn constraints which need to be satisfied for the file to be valid. Later, the binary templates can be augmented with such constraints in order to generate valid files. The implementation can be done in any language of your preference.
Requirements: Familiarity with fuzzing recommended
Fabian Thomas
Linux Page Table Viewer
Microarchitectural attacks often require interaction with low-level data structures, such as page tables. On Linux there is already a tool (PTEditor) that can read and write Linux page tables from C/C++ code, but there is no interactive viewer/editor yet. This project is about engineering such a viewer/editor based on PTEditor. The tool should provide a GUI that visualizes the page table and allows for live patching. Further, it should run as a statically linked Web App on remote machines, so that easy access via SSH port forwarding is possible.
Requirements: Familiarity with programming C/C++, Web Apps, and Linux
Lorenz Hetterich
Adding User Mode to Minimal Kernel
Everything running on a system can add noise to microarchitectural experiments. To combat this, we built a minimal kernel running only a single application on a single processor core. This kernel currently runs everything in privileged supervisor (kernel) mode and cannot easily run parts of the experiments in user mode. However, for some experiments, the interaction between user and supervisor mode is important. This project is about adding a minimal user mode to our kernel. It should be possible to switch between user and supervisor mode at any time during execution.
Requirements: Familiarity with programming in C and Linux, basic understanding of x86 assembly and virtual memory
Daniel Weber
System State Saver
Microarchitectural attacks often require a specific system configuration. However, different experiments typically require different configurations. Not knowing the precise state during an experiment's execution can hinder reproducability. In this project, the goal is to write a tool that can take the current state (i.e., installed packages, model-specific registers, CPU configurations, Linux kernel modules and parameters) and store it in a file. Furthermore, the tool should be capable of restoring the state of a previously stored file to quickly configure machines to a previous state.
Requirements: Python or C/C++ programming
Lukas Gerlach
Lab Management System
Our group has accumulated many machines with different microarchitectures to enable our research. These machines need to be managed. We need to control which user can access which machines, and we need to see when machines crash, which happens quite often during our experiments. We already started building a Web interface with a django backend that allows us to add new users, manage their access privileges, and show status information about the machines in our lab. Your task will be to make this system more reliable and add new features.
Requirements: Python (django), JavaScript
Ruiyi Zhang
Explore Undocumented Instructions on x86-64
The length of instructions on the x86-64 vary from 1 to 16 bytes. While the manual documents a few instructions, there is still a large unexplored space. For Intel, there is a project, Haruspex, using speculative execution and two performance counter to effectively identify undocumented opcodes. The project has managed to explore the ISA on 3 specific Intel processors. However, it is only open-sourced as "pseudo-code". Your task is following the described method and reproducing the project via a Linux kernel module.
Requirements: Familiarity with programming C/C++, assembly, and Linux kernel module
Kevin Morio
Runtime Verification of Security Protocols
This student project aims to perform runtime verification of a chosen security protocol. It involves creating a formal model of the protocol, instrumenting an existing implementation, and verifying it against the model to ensure its correctness and security. Students will gain practical experience in security protocol analysis and implementation verification.
Requirements: Students should have a basic understanding of security protocols, formal modeling, and programming, along with the ability to critically analyze and debug code.
The project is suitable for a team of 2 students or a single student.
Alexi Turcotte
Generate Inputs for Jupyter Notebooks
Data science is often done in so-called “Notebooks”, applications that mix code performing data science tasks and text interpreting results. This is an understudied area in the space of software engineering and security as these notebooks are _extremely difficult to analyse_; they are written in _dynamic_ programming languages, which are difficult to analyse statically, and often require very specific input data to run (which is rarely available!), challenging _dynamic_ approaches to analysis. The specific nature of input data is due to data manipulation code found in the notebooks, e.g., accessing columns, joining data, grouping data, etc. Thankfully, this data manipulation code offers very strong hints as to the structure of input data as well as constraints on that data. In this project, I’d like for you to (a) develop a simple program analysis to glean such hints and constraints from the code, and (b) develop an input generator based on these hints.
If you have a burning desire to work with a friend on this, there are several ways to work concurrently on this project: develop simultaneous analyses for R and Python (or other data science languages), as the input generator can be shared, or have one student develop a framework for automatically determining a valid execution environment for a given Jupyter notebook (i.e., determine and provision a Docker container with the dependencies required to execute the notebook).
Requirements: knowledge of Python or R, program analysis experience a plus
The project is suitable for a team of 2 students or a single student.
Florian Hantke
An empirical approach to understanding hacker mindsets
As cyber threats against organisations increase globally, understanding the techniques and strategies of hackers has become paramount. To dive deeper into the strategies and methodologies employed by hackers during infrastructure attacks, we want to observe these activities by hosting a live hacking competition. In this project, the goal is to provide the first steps in this direction by building a typical infrastructure network that mirrors an organisation's network, implementing a robust logging system to monitor hacking activities, and then lunching a pilot competition to ensure and evaluate the setup's effectiveness.
Rayna Dimitrova
Quantitative Information Flow Analysis for Probabilistic Programs
Quantitative Information Flow (QIF) is an approach to confidentiality analysis of software systems. The task of QIF is to measure how much information flows from sensitive to observable data, that is, to quantify the leakage of information about secrets, and how secrets change over time.
The goal of this project is to implement an automatic construction of probabilistic models in some of the input languages of the state-of-the-art model checker Storm, from programs written in a simple probabilistic programming language. This transformation enables the analysis of such programs against specifications that capture quantitative requirements regarding the temporal evolution of secrets under different adversary models. The construction of the abstract probabilistic models is formalized in a comprehensive write-up by a former intern in my group. Your task is to implement and possibly optimize the translation and perform analysis of different programs using the Storm tool. You can use a programming language of your choice for the implementation, Python or C++ would be appropriate choices.
Requirements: good programming skills, basic knowledge of probability theory; knowledge/interest in modeling and analysis of probabilistic systems is a plus.
The project is suitable for a team of 2 students or a single student.
Simeon Hoffmann
Exploiting vulnerabilities in a modern setup
Today, many mitigations are in place to prevent exploitation of software vulnerabilities. Often, this makes exploiting vulnerabilities harder, but not outright impossible. As an example, consider the story of buffer overflows: The first buffer overflows were exploited by writing shellcode on the stack and then jumping to said shellcode. Then, a mitigation against these types of attacks was introduced: data execution prevention. To circumvent this mitigation, people started employing code reuse attacks, which defeated data execution prevention.
In this project, you will explore a vulnerability, its history and applied mitigations. You will create a vulnerable program that employs modern defenses and you will exploit it. Additionally, you will create documents that explain all parts of your employed technique, how it works, why it works, and what the limitations are. There are some ideas about vulnerability candidates (e.g. file pointer exploitation), but you are more than welcome to suggest a vulnerability that you are particularly interested in.
Requirements: Exploitation experience in the vulnerability area that you want to explore.
The project is suitable for a team of 2 students or a single student.
Creating Hands-On Exercises for Cybersecurity Education
Capture the flag events experience a rise in popularity. They provide a gamified environment to hone security skills. In this project, you will contribute to this community!
Your task is to create a challenge for an attack-defense CTF. You need to think of some interesting vulnerabilities, create a vulnerable application around these ideas, provide sample exploits for your vulnerabilities and integrate it in a hosting framework.
Requirements: CTF experience helps, but is not required.
Christine Utz
Improving the Automated Detection of Consent Notices on Websites
Automatically detecting consent notices (“cookie banners“) on websites and interacting with them has become increasingly important for Web measurement studies to simulate users‘ browsing habits and accurately measure websites‘ behavior. Existing work has used different mechanisms to detect and interact with consent notices, but their performance widely differs, as shown by a recent CySec project.
Your task:
- Get an overview of existing mechanisms for consent notice detection and identifytheir general approach towards detecting and interacting with notices.
- Propose and implement improvements for detection and new
ways to interact with notices (accept all, reject all, …).
Requirements: some familiarity with Python and JavaScript
Classifying Challenges in Automated Privacy Policy Retrieval and Extraction
Both online and offline services and companies rely on privacy policies to inform customers about their data collection practices. These documents are often very long, filled with legal jargon, and, as a result, rarely read. There is a rich body of work that tries to automatically analyze and summarize privacy policies and present the key information in a more user-friendly way. However, the lack of a unified location, format, and structure makes it difficult for researchers to find and correctly extract privacy policy text.
Your task:
- Set up the privacy policy extraction pipeline by Hosseini et al. (https://github.com/ITSec-WWU-Munster/Unifying-Privacy-Policy-Detection)
- Use it to retrieve the privacy policies of a representative set of websites.
- Conduct qualitative data analysis on the extracted texts. What factors made the policy hard to extract? Can you find patterns? Do you have any ideas how to overcome the underlying problems?
Requirements: Python, ideally also HTML and JavaScript
Investigating the World of Filter Lists
Filter lists, such as EasyList (https://easylist.to/), are the basis for many approaches to block unwanted elements that may interfere with people‘s browsing experience, such as advertising, tracking or cookie banners. These are often based on community effort. Their use in adblock and cookie banner blocking tools leads to different outcomes, but the exact reasons are unclear.
This is a more exploratory project. Tasks may evolve based on prior findings and your concrete interests; they may include:
- Provide an overview of the current ecosystem of filter lists on the Web (and possibly other ecosystems such as mobile or smart devices). Study their properties and come up with a classification. How do these lists and the underlying approaches differ by ecosystem?
- Build a filter list tailored to block trackers, but not legitimate traffic in the HbbTV (Hybrid Broadcast Broadband TV) ecosystem (for this, you will be given traffic from a set of HbbTV channels).
Requirements: Python