Project Topics List
Bhupendra Acharya (Group Thorsten Holz)
Web Attacks and Abuses
In this project, we study various web and network abuses, aiming to decipher the scammer's modus operandi. We explore how scammers manipulate victims into transacting by performing various social engineering tricks that often result in losing private secrets, and credentials. Additionally, we investigate the intricate network of message sharing among scammers across popular social media platforms like WhatsApp, Facebook, Telegram, and others, which serve as a breeding ground for various cyber attack attacks. Through such a study, we plan to measure the taxonomy of attacks, and provide mitigation against blocking such attacks.
Requirements: python, database, and basic web security knowledge
Till Schlüter (Group Nils Tippenhauer)
Characterization of Microarchitectural Components Through Off-Chip Debugging
When we characterize microarchitectural components, we often run experiment code and measurement code on the same target CPU. The measurement code changes the microarchitectural state of the CPU as well, making measurements imprecise.
ARM-based processors often have interfaces for off-chip debugging. Your task is to explore such debug interfaces: what microarchitectural state information can we extract from the processor using these interfaces?
Requirements: You have experience in writing and debugging C code
Robert Künnemann & Kevin Morio & Aurora Naska
What happens at WhatsApp's session management layer?
Aurora Naska's recent work has found bugs in Signal's session management layer, which is the part of the protocol that manages old keys, that your communication partners may still use because of bugs in the OS, or reviving a device from backup, etc.
WhatsApp probably has some bugs there, too, but we cannot see exactly what it does. We could though, if *Y*O*U* help us spy on it. Frida is a popular instrumentation toolkit used by pentesters to inspect what software does. It can, for instance, observe function calls. Kevin Morio is an expert user of Frida and will work you in. Your goal is to instrument the session layer, i.e., provide outputs whenever WhatsApp calls functions from it's own fork of libsignal.
Requirements: Interest in learning Frida
The project is suitable for a team of 2 students or a single student.
Eric Ackermann
Stealthy FPGA Supply Chain Attack
Development and verification of electronic circuits increasingly relies on Hardware Description Languages (HDLs) like Verilog, which enable simulation and synthesis of circuits for Field Programmable Gate Arrays (FPGAs) or even ASICs. Hardware designers generally reason about HDL and test their designs in simulation. Thus, if a synthesis compiler was to compromise security of a design without altering its perceived function, the change might not be noticed.
Therefore, in this project, we will demonstrate how one can implant a backdoor into the Xilinx Vivado FPGA compiler that weakens cryptographic random number generators during synthesis, facilitating cryptographic attacks against the hardware devices.
Requirements: You should have basic knowledge of (symmetric) cryptography.
Prior knowledge of HDLs is not required for the project, as the implementation of the attack will mostly be restricted to writing TCL scripts. Still, you should be willing to learn the basics of Verilog during the project.
The project is suitable for a team of 2 students or a single student.
Fabian Thomas (Group Michael Schwarz)
Page-Table Viewer/Editor for Linux
Microarchitectural attacks often require interaction with low-level data structures, such as page tables. On Linux, there is already a tool (PTEditor) that can read and write Linux page tables using C/C++ code, but there is no interactive viewer/editor yet. This project is about engineering such a viewer/editor based on PTEditor. The tool should provide a GUI that visualizes the page table and allows for live patching. Further, it should run as a statically linked Web App on remote machines to enable easy access via SSH port forwarding.
Requirements: Familiarity with programming C/C++, Web Apps, and Linux
Lorenz Hetterich (Group Michael Schwarz)
Adding New Architectures to an Instruction Execution Framework
To analyze the semantics of undocumented CPU instructions or find bugs with documented instructions, it is helpful if instructions can be executed with arbitrary states (register values, memory mappings) and the state after execution can be collected. We have already built a small architecture-independent framework that can handle memory mappings and relies on architecture-dependent code for the register state, but it currently only supports one architecture. Your task is to add further architectures (RISCV, 64-bit Arm, x86, ...) to our framework and improve the generic part.
Requirements: Familiarity with programming C/C++, Assembly
Leon Trampert (Group Michael Schwarz)
Lab Management System
Our group has accumulated many machines with different microarchitectures to enable our research. These machines need to be managed. We need to control which user can access which machines, and we need to see when machines crash, which happens quite often during our experiments. We already started building a Web interface with a django backend that allows us to add new users, manage their access privileges, and show status information about the machines in our lab. Your task will be to make this system more reliable and add new features.
Requirements: Python (django), JavaScript
Rafael Dutra
In order to fuzz a program that parses a binary file (such as a PNG image or a PDF document), we need to generate many random inputs with the correct file format structure.
We developed a framework called FormatFuzzer (https://github.com/uds-se/FormatFuzzer) that can generate random valid files for several different formats. It works by processing an existing specification of the format structure (010Editor binary template https://www.sweetscape.com/010editor/templates.html) in Python and creating C++ code that can both generate and parse those binary files.
There are hundreds of different file formats that could be supported, including
PNG, OGG, GIF, JPEG, TIFF, ZIP, PCAP, MP4, SWF, MIDI, WAV, AVI, BMP, MP3, ELF, PDF
We have different possible projects available in improving FormatFuzzer and applying it to fuzzing.
FormatFuzzer: PDF fuzzing
PDF documents are widely used and present a large attack surface for hackers trying to exploit potential vulnerabilities.
However, the complexity of the format makes it challenging for a fuzzer to produce valid and diverse PDF files.
In this project, your task will be to extend FormatFuzzer giving it the ability to successfully parse, mutate and generate PDF files.
This will involve making changes to the binary template for PDF and to FormatFuzzer's infrastructure in order to support new functionalities. You should perform fuzzing experiments applying the resulting fuzzer to real PDF readers and looking for potential vulnerabilities.
Requirements: The project uses binary template specifications which are written in a language similar to C/C++. Familiarity with C/C++ is recommended.
FormatFuzzer: Grammar-based Delta Debugging
Since FormatFuzzer can be used as a generator and a parser, we could apply it to the tasks of delta debugging (reducing failing inputs) or even generalizing failing inputs.
Given a file which triggers a known vulnerability in a target application, you should first minimize the file by removing optional chunks which are irrelevant to the bug.
Later you should identify which of the remaining chunks in the file can be abstracted away (when the content of those chunks can be modified while still triggering the bug).
Requirements: The project uses C++ and Python. Familiarity with those languages is recommended.
Hui-Po Wang
Gradient Auto-encoding for Differential Privacy Training
In this project, we want to investigate how to compress gradients with autoencoders to reduce the amount of DP noise added to machine learning training procedures. We will investigate the architecture choices and their generalizability across time-steps and datasets.
Requirements: basic knowledge about machine learning, python coding experiences, and probability theorem. It is preferable to also have Pytorch coding experience.
Rayna Dimitrova
Quantitative Information Flow Analysis for Probabilistic Programs
Quantitative Information Flow (QIF) is an approach to confidentiality analysis of software systems. The task of QIF is to measure how much information flows from sensitive to observable data, that is, to quantify the leakage of information about secrets, and how secrets change over time.
The goal of this project is to implement an automatic construction of probabilistic models in some of the input languages of the state-of-the-art model checker Storm, from programs written in a simple probabilistic programming language. This transformation enables the analysis of such programs against specifications that capture quantitative requirements regarding the temporal evolution of secrets under different adversary models. The construction of the abstract probabilistic models is formalized in a comprehensive write-up by a former intern in my group. Your task is to implement and possibly optimize the translation and perform analysis of different programs using the Storm tool. You can use a programming language of your choice for the implementation, Python or C++ would be appropriate choices.
Requirements: good programming skills, basic knowledge of probability theory; knowledge/interest in modeling and analysis of probabilistic systems is a plus.
The project is suitable for a team of 2 students or a single student.