RESEARCH TOPICS
At the Chair for Systems Security, we work on the following topics:
- Program / Binary Analysis
- Intelligent Security Systems
- Web Privacy
- Network Security
- Mobile Network Security
Our recent publications provide an overview of the current work, source code and data sets for most of our research projects are available at https://github.com/RUB-SysSec. If you have questions, please reach out to Prof. Thorsten Holz or the other members of the research group.
PROGRAM / BINARY ANALYSIS
Program analysis describes the process of automated extraction or inference of program properties that allow an analyst to make statements about the program’s behavior, design, or security/safety properties. Amongst others, these techniques are commonly employed in tools such as compilers to facilitate efficient code generation. Furthermore, such techniques also find their application in the backwards process as well – if no source code is available, the binary representation of a program can be (manually or automatically) reverse engineered in order to obtain a higher-level representation again. We apply such techniques to either find and exploit vulnerabilities (e.g., via techniques such as fuzz testing or code-reuse attacks) or to develop defenses (e.g., techniques such as control-flow integrity or randomization). The techniques developed by us can typically be applied on the binary level such that no access to source code is needed. In our research, we cover the following topics:
– Reverse Engineering
– Binary Analysis
– Compilers
– Code Obfuscation
– Abstract Interpretation
– Fuzzing
– Program Synthesis
– Model Checking (MC)
– Symbolic Execution (SE)
– Satisfiability Modulo Theories (SMT)
– Firmware Re-Hosting / Emulation
– Control-Flow Integrity or Randomization
Selected Publications
– „IJON: Exploring Deep State Spaces via Fuzzing“ (IEEE S&P’20)
– „Grimoire: Synthesizing Structure while Fuzzing“ (USENIX Security’19)
– „Nautilus: Fishing for Deep Bugs with Grammars“ (NDSS’19)
– „Redqueen: Fuzzing with Input-to-State Correspondence“ (NDSS’19)
– „kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels“ (USENIX Security’17)
– „EthBMC: A Bounded Model Checker for Smart Contracts“ (USENIX Security’20)
– „Syntia: Synthesizing the Semantics of Obfuscated Code“ (USENIX Security’17)
– „Reverse Engineering x86 Processor Microcode“ (USENIX Security’17)
– „How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles“ (IEEE S&P’17)
– „Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications“ (IEEE S&P’15)
– Marx: Uncovering Class Hierarchies in C++ Programs (NDSS’17)
If you are interested in working on these topics, feel free to contact:
– Moritz Schlögel
– Tobias Scharnowski
– Nils Bars
– Lukas Bernhard
– Nico Schiller
INTELLIGENT SECURITY SYSTEMS
Systems based on machine learning (ML) are increasingly used in security and safety critical domains such as autonomous driving and threat detection. The underlying algorithms, however, were not developed with security in mind and are vulnerable to targeted attacks. In this research area, we investigate the offensive and defensive aspects of these attacks and strive to improve the robustness of machine learning in adversarial settings. Moreover, machine learning has created impressive results in areas such as natural language processing, image processing or playing games (such as Chess, Go, and Dota). Surprisingly, this has not (yet) been replicated for security. Machine learning provides new tools that allow us to rethink existing approaches and target previously unattainable tasks. These advancements require an integration of security and machine learning. We envision this interplay to take the form of a two-pronged approach. On the one hand, we need to adapt machine learning techniques to cooperate with existing tools, with the goal to make predictions based on their produced data. On the other hand, existing tools need to be augmented by machine learning techniques to interact with human experts, in order to accelerate manual processes and provide automatic decisions. Our research covers the following topics:
– Data Poisoning Attacks
– Evasion Attacks with Adversarial Examples
– Model Stealing Attacks
– Explainability and Transparency of ML Algorithms
– Generative Adversarial Networks (GANs)
– Machine Learning for Security
Selected Publications
– „Leveraging Frequency Analysis for Deep Fake Image Recognition“ (ICML’20)
– „Imperio: Robust Over-the-Air Adversarial Examples Against Automatic Speech Recognition Systems“ (arXiv:1908.01551)
– „Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding“ (NDSS’19)
If you are interested in working on these topics, feel free to contact:
– Thorsten Eisenhofer
– Joel Frank
WEB PRIVACY
Websites, apps, IoT devices, and business in general today heavily rely on personal data to tailor their services to the user’s preferences, integrate social media sharing, or make money through targeted advertising. Due to the complexity of the data processing ecosystem – which often involves various parties and multiple jurisdictions – it is often hard for users to understand and control what personal data is collected by whom and why. This has led regulators across the world to create new privacy laws restricting certain practices, making others more transparent, and provide “data subjects” with new rights regarding their personal data. We study various aspects of data collection practices, their mechanisms to meet the legal requirements, and how users perceive both these tracking systems and compliance mechanisms. We cover the following topics:
– Web tracking
– Profiling
– Compliance with legal requirements (e.g., GDPR)
– Privacy policies
– Consent mechanisms (e.g., “cookie banners”)
– Privacy by design and privacy by default
– … and many other aspects of usable privacy, data protection, and surveillance.
Selected Publications
– „(Un)informed Consent: Studying GDPR Consent Notices in the Field“ (CCS’19)
– „Measuring the Impact of the GDPR on Data Sharing in Ad Networks“ (ASIACCS’20)
– „We Value Your Privacy … Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy“ (NDSS’19)
– „“Your Hashed IP Address: Ubuntu“ – Perspectives on Transparency Tools for Online Advertising“ (ACSAC’19)
If you are interested in working on these topics, feel free to contact:
NETWORK SECURITY
In this research area, we measure network security aspects of large-scale datasets like the detection of phishing-relevant domains in newly registered domains, distributed denial-of-service attacks on the Internet, and similar events. For that purpose, we often collect data to analyze previously overlooked issues, e.g., measuring the network time synchronization ecosystem or analyzing wrongly configured devices connected to the Internet. We are in particular interested in Social Network Analysis (e.g., Facebook), the analysis of infrastructure protocols of the Internet (e.g., the Domain Name System), and the analysis of attack vectors like phishing and scamming. Amongst other topics, we work in the following areas:
– Social Network Security and Privacy aspects
– Infrastructure Protocols (e.g., DNS, NTP, IP)
– Threat Landscapes (APTs, OSINT, Blacklists, etc.)
– Domain names
– Honeypots
Selected Publications
– „On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways“ (NDSS’20)
– „Beyond the Front Page: Measuring Third Party Dynamics in the Field“ (Web Conference 2020)
– „Masters of Time: An Overview of the NTP Ecosystem“ (EuroS&P’18)
– „No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells“ (Web Conference 2016)
If you are interested in working on these topics, feel free to contact:
MOBILE NETWORK SECURITY
If you are watching videos, browsing Instagram, or chatting with your friends — mobile networks connect you to the Internet nearly everywhere. They are quite different from your home WiFi: the large infrastructure with thousands of base stations, SIM cards, international roaming, and billing all bring their own unique challenges. You might think that such a critical infrastructure is well tested, but in fact, many of todays tools for software testing will not work with telecom networks yet. If you are interested in changing this, work with us and
– bring pentesting to telco networks,
– find bugs in nation-wide infrastructure, and
– exploit over-the-air vulnerabilities in smartphones.
Selected Publications
– „Breaking LTE on Layer Two“ (IEEE S&P’19)
– „Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE“ (USENIX Security’20)
– „On Security Research Towards Future Mobile Network Generations“ (IEEE Commun. Surv. Tutorials)
– „IMP4GT: IMPersonation Attacks in 4G NeTworks“ (NDSS’20)
– „LTE Security Disabled—Misconfiguration in Commercial Networks“ (WiSec’19)
– „Lost Traffic Encryption: Fingerprinting LTE/4G Traffic on Layer Two“ (WiSec’19)
If you are interested in working on these topics, feel free to contact: