Presentation sessions

Session 01: January 29th, 2019, 2 pm - 4 pm. Room F0.225

T02-1 Compiler Optimizations: Performance vs Security 1
T10 Control-Flow Analysis and Call Graph Generation
T02-2 Compiler Optimizations: Performance vs Security 2
T16 Precise, Summary-Based Static Analysis using Weighted Pushdown Systems

Session 02: January 29th, 2019, 10 am - 12 pm. Room F0.225

T07 Security Patterns in Software Architecture
T09 Usability of Security Specification Languages
T04 Investigating Java 11’s Nest-Based Access Control
T05 The Static Analysis Results Interchange Format (SARIF)

Session 03: January 29th, 2019, 2 pm - 4 pm. Room F1.310

T03 Security Engineering at the Level of Software Architectures
T14 Object-Capabilities as Means of Permission and Authority in Software Systems
T06 Assessing the Security of Software Architectures
T15 Type Systems as Means to Secure Software Systems

Session 04: January 29th, 2019, 10 am - 12 pm. Room F1.310

T01 Survey on Adaptive Data Flow Analysis
T08 Similarity Metrics for Automata
T11 A Survey on Targeted Testing of Android Applications
T13 Assessing the Software Security Competence and Training Needs of Java Developers

SEMINAR TOPICS

T01 - Survey on Adaptive Data Flow Analysis

Mentor: Goran Piskachev

Keywords: Static analysis, adaptive, self-tunning, data flow analysis

Abstract: In static analysis, the trade-off between precision and scalability is an important decision for researchers. There are static analysis methods that try to solve this problem by introducing adaptive behavior. One aspect is to adapt the sensitivity of the analysis (e.g. context sensitivity, flow sensitivity). Some methods propose adaptive error checkers and adaptations on the security context. This seminar thesis will explore these approaches and will propose criteria for establishing a framework for an overview of the adaptivity property in static code analysis.

T02 - Compiler Optimizations: Performance vs Security

Mentor: Martin Mory

Keywords: Compilers, Optimization, Security, Cryptography, Side-Channel Attacks

Abstract: Modern compilers perform optimizations, aiming to reduce the program size, memory usage and most importantly the runtime. However, in some contexts, such as cryptography implementations, optimizations may lead to side channels, leading to vulnerabilities in the resulting executable. The goal of this seminar topic is to identify recent findings about the security implications of compiler optimizations.

T03 - Security Engineering at the Level of Software Architectures

Mentor: Christopher Gerking

Keywords: Software Architecture

Abstract: A software architecture represents the first step towards designing a system according to given requirements. The goal for this topic is to research and survey both analytical and constructive approaches that address security requirements at the level of software architectures. Based on a well-chosen set of criteria (e.g., security properties addressed, security solutions supported, type of target system), the task is to give an illustrative and comparative overview on the selected literature.

T04 - Investigating Java 11’s Nest-Based Access Control

Mentor: Eric Bodden

Keywords: Security, Access Control, Java 11

Abstract: In the past, our lab has identified significant weaknesses in the implementation of Java’s access-control mechanisms. Those weaknesses have caused a large number of exploitable vulnerabilities, many of which allowed attackers to take over the entire Java virtual machine. In Java 11, Oracle introduced “Nest-based access control” (http://openjdk.java.net/jeps/181), which changes the way in which inner ”nested”  classes obtain access to fields and methods defined in their parent classes. The goal of this project is to explain Nest-based access control, how it differs from previous mechanisms, and to identify to what extent it changes Java’s attack surface. In particular, it would be interesting to understand whether any of the previous weaknesses we identified also apply to nest-based access control.

T05 - The Static Analysis Results Interchange Format (SARIF)

Mentor: Eric Bodden

Keywords: Static Analysis, Tooling, Programming

Abstract: Larger software-development companies currently use a growing number of static-analysis tools to detect bugs and vulnerabilities in the code they produce. Yet, those companies are interested in having a common infrastructure or dash board to inspect, triage and mitigate the bugs and vulnerabilities those tools report. For this purpose, the company GrammaTech, one of the market leaders, has developed the "Static Analysis Results Interchange Format (SARIF)”, a new file format that static-analysis tools can use to export their results, so that they then become visualized by GrammaTech’s product CodeSonar. The goal of this project is to explain the SARIF file format, and to implement a connector that exports SARIF files for our static-analysis tool CogniCrypt (www.cognicrypt.de). The seminar paper should include a description of the design and implementation of this connector.

T06 - Assessing the Security of Software Architectures

Mentor: Sven Merschjohann

Keywords: Software Architecture

Abstract: Assessing a software architecture in regard of security is important in order to make sure that the system's security objectives are met. This thesis focusses on different methods used in literature for assessing the security of software architectures. In particular, the task is to gather literature on approaches to assess a software architecture regarding its security and to give an overview and comparison based on fitting self-chosen criteria.

T07 - Security Patterns in Software Architecture

Mentor: Johannes Geissmann

Keywords: Security Pattern, Software Architecture, Survey

Abstract: Developing software systems secure-by-design is an important task for modern software systems. Security patterns are well-known solutions to common security requirements of such systems. Your task is to conduct a survey on security patterns and to describe recent research on this topic. For this, you present at least two relevant approaches in detail and compare them with other, related approaches. In addition, you state current limitations and open research questions in this field.

T08 - Similarity Metrics for Automata

Mentor: Lisa Nguyen

Keywords: Automata, similarity metric

Abstract: In software engineering, graphs and automata are often used to represent data (e.g., networks, paths). The problem of graph similarity (how close two graphs are to each other), and in particular, automata similarity, is a complex one. In this seminar, the student will research concrete solutions to this problem. In particular, the student will (1) Perform a literature review on existing, concrete approaches for computing similarity for automata. (2) Report on the pros and cons of each approach, and propose guidelines to choose which ones to use.

T09 - Usability of Security Specification Languages

Mentor: Stefan Krüger

Keywords: Usability, DSL, language Design

Abstract: Security specification languages allow domain experts to define properties programs must adhere to in order to stay secure. The security domain inherently comes with higher requirements in terms of accuracy and correctness of such specifications. Program analyzers often make use of them to check client programs for their compliance with said specifications. Should the underlying specifications miss certain properties or misdefine a certain property, the analyzers may report secure code as being insecure or - even worse - mark insecure code as secure.
One key aspect in avoiding such mistakes is the usability of the specification language. A specification language that makes it difficult for its users to express relevant constraints in an appropriate manner is likely to make the problem worse. In this project, the student will assess the usability of CrySL - a speicification languages for cryptographic APIs.

T10 - Control-Flow Analysis and Call Graph Generation

Mentor: Johannes Späth

Keywords: Static Analysis, Abstract Interpretation, Call Graph, Control-Flow

Abstract: Control-Flow Analysis and Call Graph Generations are terms of two closely related research areas of computer science. Control-Flow Analysis stems from the area of abstract interpretation and call graph generation is located in the area of static analysis. However both terms share the same goal and are used to resolve dispatched callee method at a call site in a program. The task of the student is to perform a literature review of the term Control-Flow Analysis and compare it to standard call graph generation algorithms in static analysis.

T11 - A Survey on Targeted Testing of Android Applications

Mentor: Linghui Luo

Keywords:Targeted testing, execution, dynamic analysis, Android applications

Abstract: Many static analysis tools for detecting security issues in Android apps have been developed in recent years. However, the reported issues are inconclusive. Targeted testing is an enabler to validate these static analysis findings.

T12 - Automatic Verification of Cryptographic Protocols with ProVerif

Mentor: Thorsten Koch

Keywords: verification, cryptographic protocols, ProVerif

Abstract: Although security protocols are ubiquitous in our daily life (e.g. in wireless networks), their development is still notoriously error-prone. Bruno Blanchet presents an verification approach for cryptographic protocols to enable the analysis of the protocol in an early stage of the development. The ProVerif approach is a symbolic approach and supports a wide variety of cryptographic primitives. For the verification, it takes as input a textual model of the security protocol and translates it into a set of Horn clauses. The verification algorithm itself is  based on resolution with free selection to determine whether a fact is derivable from the clauses. If the fact is not derivable, then the desired security property is proved. In this seminar, you will explain the verification approach of ProVerif  and its limitations, and compare the approach with other symbolic approaches, like Tamarin (Schmidt et al. , 2012) or    AVISPA (Armando et al. , 2005)

T13 - Assessing the software security competence and training needs of Java developers

Mentor: Stefan Dziwok

Keywords: java, software security, assessment, skills, competence, evaluation, training

Abstract: In order to develop secure software, Java developers require appropriate theoretical and practical knowledge, e.g., to correctly apply static code analysis. The goal of this seminar thesis is to design a survey to assess the software security competence of a group Java developers (especially concerning static code analysis) such that the survey enables to conclude the training needs for this group.

T14 - Object-Capabilities as Means of Permission and Authority in Software Systems

Mentor: Ben Hermann

Keywords:Object-Capabilities, Theory, Software Security

Abstract: What do we mean when a system is secure? How do we characterize its security? Recent research in the field of Object-Capability security helps to find answers.

T15 - Type Systems as Means to Secure Software Systems

Mentor: Ben Hermann

Keywords:Type Systems, Theory, Software Security

Abstract: One class of security problems are confidentiality issues. They occur whenever information is leaked to parties that are not permitted to receive the information. But, how can we prove that a system does not have such issues? Type systems may be the answer to that.

T16 - Precise, summary-based static analysis using weighted pushdown systems

Mentor: Philipp Schubert

Keywords: Static program analysis, summary-based analysis, white-box approach

Abstract: Static analysis is able to automatically detect bugs, security breaches and aids compiler optimization. Precise, summary-based static analysis techniques for distributive data-flow problems, such as IFDS, IDE and WPDS can be used to tackle the scalability issue of static program analysis, if applied correctly. Weighted pushdown systems (WPDS) can be used to solve data-flow problems not only elegantly and efficiently, but also allow the generation of witnesses that specify under which contexts the findings are obtained. However, several derivations of WPDS exist and a user has to trade-off advantages and disadvantages.