Status
Available
Description
The thesis aims to extend and improve previous research.
First, a general security analysis of features supported by the PDF specification is done. Afterwards, a tool set is created to enhance the process of both the development of test cases and their evaluation afterwards following a fuzzing approach.
For this purpose, an existing Python-based tool should be refactored and extended.
The thesis consists of three parts:
- Systematic analysis of insecure PDF features allowed in incremental updates
- Tool-Set for (semi-)automated generation of PDF test-cases
- Tool-Set for (semi-)automated evaluation of manipulated PDF documents
Challenge
In following folder you can find 4 exploits and 2 applications (Foxit and PDF Studio). Your task is to analyze and understand the exploits. You should answer the following questions for each exploit.
- Which application is vulnerable against which exploit?
- Which class of attacks against PDF Signatures do you recognize?
- Where in the PDF do you find the exploit?
- What does the exploit do? How it circumvents the validation logic?
Submit the answers to these questions to vladislav.mladenov@rub.de.
Requirements
- Python
- Lecture Message-Level Security
Contact
Supervision: Christian Mainka, Vladislav Mladenov, Simon Rohlmann
Contact: vladislav.mladenov@rub.de
Start date: immediately