Thesis and HiWi Topics

We are offering interesting research topics to students in all of the areas we are working in: You can work with us both by writing a thesis or as a HiWi. Below you can find a short description of each of our research areas, together with a selection of open research topics that you could work on. We usually have more topics than we advertise, so if you are interested in a particular area and want to contribute to it, feel free to approach us.

Runtime Enforcement

Runtime Enforcement

When a program does not comply with given security requirements itself, one can employ a dynamic enforcement mechanism to make the program compliant while it is executed. A dynamic enforcement mechanism can be seen as an encapsulation that protects a program from a malicious environment or, vice versa, the environment from a malicious program. Dynamic enforcement is an active research area which comprises both theoretical aspects (e.g., the question which security policies are enforceable) as well as practical aspects (e.g., how to implement dynamic enforcement mechanisms). At MAIS, we particularly focus on distributed dynamic enforcement, which bears challenges like race conditions and incomplete information about the global state of the program.

Service Automata

Service Automata are a concept developed at MAIS for runtime enforcement of properties in distributed systems. They are a flexible and generic enforcement mechanism, meaning that they can be instantiated with different policies. Security Automata have been modeled in the process algebra CSP. This formalization of the mechanism allows formal proofs that the desired security guarantees of a system are enforced.

CliSeAu

CliSeAu is a proof-of-concept implementation of Service Automata. It can be used to enforce properties on distributed systems consisting of programs written in Java and Ruby as well as Android applications. Evaluations on case studies have shown that CliSeAu has only little runtime overhead.

Open research topics
  • Efficient runtime enforcement for distributed applications (contact Yuri Gil Dantas)
  • Policy languages for decentralized distributed runtime enforcement (contact Tobias Hamann)
  • Security enforcement in Android applications / smart phones, service-oriented architectures, business processes, file systems, etc. (contact Tobias Hamann)
  • A library of standard enforcement strategies (contact Yuri Gil Dantas)
  • Security enforcement for Software-Defined Networking (contact Yuri Gil Dantas)
  • Dynamic enforcement mechanisms for mitigating timing side channels (contact Yuri Gil Dantas)
  • And more... Contact us if you are interested!

Contact:
Yuri Gil Dantas

Contact:
Tobias Hamann

Security Engineering

Creating information systems that process private information requires special care to ensure the systems' security. Deferring the consideration of security aspects until the system is implemented is risky since the mitigation of security issues may require expensive changes to the system's design. The approach of security engineering is to determine security requirements up-front and design the system such that it conforms to these requirements.

At MAIS, we develop methodology and tools for the design and verification of secure information systems and investigate how these designs can be implemented such that their security guarantees are preserved.

MAKS

MAKS, the Modular Assembly Kit for Security, is a framework for reasoning about information-flow properties on the specification level in a modular fashion. There are many different security properties in the literature. In many cases, it is difficult to compare these properties. Hence, it is unclear which one is adequate for specifying a particular security requirement on a system. MAKS addresses this problem by providing simple building blocks for security properties that can be combined depending on the particular needs of the scenario at hand. Many properties from the literature can be constructed using MAKS. Additionally, MAKS provides compositionality guarantees for the building blocks. This allows for a design process of secure systems in which security only has to be proven for the individual components of a system. The security of the entire system then follows automatically from the built-in compositionality results.

Open research topics
  • Developing the theoretical foundations of MAKS
  • And more... Contact us if you are interested!

I-MAKS

I-MAKS is a formalization of the MAKS framework in the automated proof assistant Isabelle/HOL. It enables partially automated security proofs of system specifications. Furthermore, it includes a front-end for the process algebra CSP, which makes it easier to specify systems. Since all parts of the I-MAKS formalization and all proofs done within it are machine-checked by Isabelle/HOL for correctness, using I-MAKS provides a high degree of confidence in security guarantees established with it.

Research topics
  • Extending I-MAKS by further modules
  • Applying I-MAKS in case studies to evaluate it
  • Developing a front-end for an additional system specification language
  • Developing a front-end for defining security guarantees
  • And more... Contact us if you are interested!

Contact:
Yuri Gil Dantas

Contact:
Tobias Hamann

Information-Flow Security


Contact:
Lorenzo Gheri

When running a program that requires access to confidential data, one wants to be sure that no information about the confidential data is leaked to untrusted third parties. For instance, a banking application requires access to a user's login credentials, but no information about the login credentials must be leaked to the developers of the app even if they legitimately receive other information, e.g. usage statistics. Such security requirements can be formally expressed with information-flow properties. Program analysis techniques, such as security type systems, can check automatically whether a program satisfies a given information-flow property. In the scenario of the banking application, a positive result of the analysis combined with a so-called soundness result for the analysis technique guarantees that no information about the user's login credentials is leaked to the developers.

At MAIS, we develop and improve information-flow properties and sound analysis techniques for these properties. Furthermore, we develop tools for the automatic verification of programs based on these analysis techniques.

SPASCA

Information leakage in computer systems can be clustered in different classes. Two examples of such classes are information leakage through data content and information leakage through execution time. At MAIS we develop the Secure-Programming Assistant and Side-Channel Analyzer (SPASCA), an information-flow analysis tool for Java source code programs. SPASCA can be used to detect information leakage in programs written in a rich sequential Java subset. It implements two static type-based information-flow analyses: a timing-insensitive  analysis detecting only leakage through data content, and a timing-sensitive analysis also detecting information leakage through execution time. The timing-sensitive analysis considers a transcript model of time where the transcript contains the program counter and array accesses. To aid the software engineer in developing secure software,SPASCA is seamlessly integrated as plug-in for the Eclipse IDE.

Open research topics

  • Developing a formally defined and sound analysis for SPASCA, that is suitable for concurrent programs
  • Improving the precision of SPASCA's analysis
  • Proving the soundness of the SPASCA type system in the automated proof assistant Isabelle/HOL
  • And more... Contact us if you are interested!

Cassandra

Mobile devices store and collect a wide range of sensitive information, such as the user's current location, his contacts, calendar entries, e-mails, photos, and many other kinds of information. Maintaining the privacy of this sensitive information is an open issue. In the past, many leaks of sensitive information by Android apps, both intentionally and unintentionally, have been reported. This is in spite of existing security mechanisms provided by Android.

Cassandra, the Certifying App Store for Secure Android Applications, addresses this problem by integrating an information-flow analysis into an app store. This allows users to check whether apps he would like to install respect his privacy requirements. In the development of Cassandra, we are addressing both theoretical and practical research questions. On the theory side, the analysis is formalized as a security type system. It is proven to be sound against a formal semantics of Android applications and a formal definition of security. This means that all applications passing the analysis are guaranteed to be secure. On the practical side, we have developed a system architecture that enables fast analyses as well as an optimized analysis algorithm. Here, we are also considering how to enable non-expert users to specify their privacy requirements and how to make sure that they can understand the results of the analysis.

Open research topics
  • Making the security analysis of Cassandra more flexible and precise by extending the type system
  • Analyzing the Android framework in order to remove the need for manual specification by experts
  • Extending an existing specification language to express more complex security requirements
  • And more... Contact us if you are interested!

Security under Weak Memory Models


Contact:
Benjamin Richter

Modern multi-core processors implement various optimizations intended to improve their performance, such as caches, reordering of instructions, and branch prediction. These optimizations can have effects that are unintuitive and unexpected. Weak memory models have been developed to describe the effects of processor optimizations. We have found that weak memory models have subtle effects on the security of programs: Security guarantees that have been established without taking into account processor optimizations no longer hold in general when a program is executed under a weak memory model. This is a significant issue, since many devices nowadays are equipped with multi-core processors.

At MAIS, we are further exploring the effects of weak memory models on security and developing techniques for re-establishing security guarantees. To this end, we are investigating a number of theoretical research questions, including how weak memory models can be incorporated in formal semantics, how different semantics incorporating weak memory models compare to each other, and what the impact of weak memory models is on security properties. This theoretical research is supported by the Isabelle/HOL proof assistant, which we use for modeling and verification. On the practical side, we are evaluating whether the executions possible under a given memory model are the same as those possible on an actual given processor and are investigating whether existing analyses and tools can be adapted to address the effects of the memory model of a given processor architecture.

Open research topics
  • Formal comparison of different approaches for modeling weak memory consistency
  • And more... Contact us if you are interested!

Side-Channel Analysis and Mitigation


Contact:
Alexandra Weber

Side channels are unintended indirect flows of information revealed by physical executions of a computer program. Examples of side channels include program's running time, cache behavior, power consumption, electromagnetic radiation, etc. Such unintended flows of information may be correlated to secrets e.g., private cryptographic keys, and this makes side channels a severe security vulnerability. By exploiting such correlation, the hacker can recover the secrets, and this is known as a side-channel attack. Due to improvements in security protection mechanisms, traditional security vulnerabilities like programming bugs are getting harder to exploit, and that is why side channels are becoming now more and more attractive to hackers. Among different types of side channels, timing side channels are particularly critical since timing attacks can be mounted remotely over computer networks and do not require direct physical access to the system under attack.

At MAIS, we develop methods and tools for sound detection of timing side channels, assessment of their seriousness, construction of timing attacks and design of proper countermeasures.

Open research topics
  • Conducting experiments with software-based energy side channels based on green IT features.
  • Analyzing the side-channel security of cryptographic implementations in case studies.
  • Extending the theoretical foundations of side-channel analysis tools.
  • Developing a taxonomy of coding guidelines for side-channel resilient code.
  • And more... Contact us if you are interested!


Parallelization and Re-engineering

In order to fully utilize modern hardware, improving sequential legacy software such that it can use multiple CPU cores is essential. This process is called parallelization. Parallelization can be performed as part of software re-engineering. Software re-engineering means gradually improving a software's quality without changing its functionality. Parallel design pattern, such as pipeline and task-pool, provide guidance how to selectively implement parallelism during re-engineering. When the sequential building blocks of a parallel pattern have been identified, the pattern can be used to parallelize the building blocks.

At MAIS, we develop techniques that establish the conditional correctness of (semi-) automatic parallelization tools and we develop techniques to exploit the parallel design pattern structure obtained through re-engineering to making analyses scale.

Open research topics
  • Automatic parallelization based on dependency information
  • Comparison of different dependency analyses techniques and tools
  • Usage of parallel design patterns
  • Performance characteristics of parallel programs
  • And more... Contact us if you are interested!

Contact:
Florian Dewald

Contact:
Thomas Höhl

 

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang