Master Thesis: [PDF] Systematic security analysis of signed PDF documents

Status

Description

The thesis aims to extend and improve previous research.

First, a general security analysis of features supported by the PDF specification is done. Afterwards, a tool set is created to enhance the process of both the development of test cases and their evaluation afterwards following a fuzzing approach.

For this purpose, an existing Python-based tool should be refactored and extended.

The thesis consists of three parts:
  • Systematic analysis of insecure PDF features allowed in incremental updates
  • Tool-Set for (semi-)automated generation of PDF test-cases
  • Tool-Set for (semi-)automated evaluation of manipulated PDF documents

Challenge

In following folder you can find 4 exploits and 2 applications (Foxit and PDF Studio). Your task is to analyze and understand the exploits. You should answer the following questions for each exploit.

  • Which application is vulnerable against which exploit?
  • Which class of attacks against PDF Signatures do you recognize?
  • Where in the PDF do you find the exploit?
  • What does the exploit do? How it circumvents the validation logic?

Submit the answers to these questions to vladislav.mladenov@rub.de.

Requirements

  • Python
  • Lecture Message-Level Security

Contact

Supervision:  Christian Mainka, Vladislav Mladenov, Simon Rohlmann

Contact: vladislav.mladenov@rub.de

Start date: immediately