Research Overview
My research usually focuses on the automation of finding bugs (fuzzing yay!), understanding them, and either fixing or exploiting them. Beyond that, I do work on code (de-)obfuscation.
If any of this rings a bell & you’d like to write your thesis on them, feel free to email me (even if no matching topic is listed below, we might be able to find one that works for us both).
Be advised: Usually, most topics require either some familiarity with the topic / background knowledge or are better suited for Master theses.
Are you interested in diving deep into applied Security Competitions? Check out our university’s CTF team: FluxFingers
Moritz Schloegel
Master's Thesis: Dynamic Instrumentation to Detect Uninitialized Memory
Memory Sanitizer (MSan) [1,2] is a sanitizer with the goal of detecting uninitialized memory accesses. To this end, it inserts instrumentation during the compilation of the program to track whether memory has been initialized. For correct functionality, this requires the complete code to be instrumented, in particular, all libraries must be re-compiled with MSan. For projects using many shared libraries, this becomes an increasingly tedious process. Without instrumentation, however, MSan may not detect whether uninitialized memory is used or whether memory was initialized in a library, thus reporting many false positives and rendering it useless.
In this thesis, you will develop an approach to *dynamically* add MSan instrumentation to libraries (therefore avoiding the need to recompile all libraries). This can be achieved, for example, through the means of dynamic binary instrumentation (DBI), such as DynamoRIO [3]. Such dynamic instrumentation would allow to use MSan to fuzz test programs without having to recompile all libraries.
Related Work / Relevant Links
Requirements
- Ability to program in C/C++
- Familiarity with binary code / reverse engineering
- Previous experience with or interest in working with LLVM
Bachelor's Thesis: On the Impact of Code Obfuscation on Fuzzing
Code obfuscation describes largely any technique that does not change the functionality of a program but makes it harder to analyze and reverse engineer. Usually, these techniques lead to somewhat „bloated“ code as complexity is achieved by adding instructions. This becomes even more apparent when investigating the performance overhead of obfuscation, which usually causes a slowdown of a factor in the hundreds if not thousands. Now, when fuzzing applications, we usually want fast execution times such that our fuzzer can efficiently test thousands of inputs per second.
In this thesis, you will analyze the impact of different obfuscation techniques on fuzzing efficiency.