Thesis and HiWi Topics

We are offering interesting research topics to students in all of the areas we are working in: You can work with us both by writing a thesis or as a HiWi. Below you can find a short description of each of our research areas, together with a selection of open research topics that you could work on. We usually have more topics than we advertise, so if you are interested in a particular area and want to contribute to it, feel free to approach us.

Side-Channel Analysis and Mitigation


Contact:
Alexandra Weber

Side channels are unintended indirect flows of information revealed by physical executions of a computer program. Examples of side channels include program's running time, cache behavior, power consumption, electromagnetic radiation, etc. Such unintended flows of information may be correlated to secrets e.g., private cryptographic keys, and this makes side channels a severe security vulnerability. By exploiting such correlation, the hacker can recover the secrets, and this is known as a side-channel attack. Due to improvements in security protection mechanisms, traditional security vulnerabilities like programming bugs are getting harder to exploit, and that is why side channels are becoming now more and more attractive to hackers. Among different types of side channels, timing side channels are particularly critical since timing attacks can be mounted remotely over computer networks and do not require direct physical access to the system under attack.

At MAIS, we develop methods and tools for sound detection of timing side channels, assessment of their seriousness, construction of timing attacks and design of proper countermeasures.

Open research topics
  • Conducting experiments with software-based energy side channels based on green IT features.
  • Analyzing the side-channel security of cryptographic implementations in case studies.
  • Extending the theoretical foundations of side-channel analysis tools.
  • Developing a taxonomy of coding guidelines for side-channel resilient code.
  • And more... Contact us if you are interested!

Parallelization and Re-engineering


Contact:
Florian Dewald
In order to fully utilize modern hardware, improving sequential legacy software such that it can use multiple CPU cores is essential. This process is called parallelization. Parallelization can be performed as part of software re-engineering. Software re-engineering means gradually improving a software's quality without changing its functionality. Parallel design pattern, such as pipeline and task-pool, provide guidance how to selectively implement parallelism during re-engineering. When the sequential building blocks of a parallel pattern have been identified, the pattern can be used to parallelize the building blocks.

At MAIS, we develop techniques that establish the conditional correctness of (semi-) automatic parallelization tools and we develop techniques to exploit the parallel design pattern structure obtained through re-engineering to making analyses scale.

Open research topics
  • Automatic parallelization based on dependency information
  • Comparison of different dependency analyses techniques and tools
  • Usage of parallel design patterns
  • Performance characteristics of parallel programs
  • And more... Contact us if you are interested!

Information-Flow Security


Contact:
Alexandra Weber

When running a program that requires access to confidential data, one wants to be sure that no information about the confidential data is leaked to untrusted third parties. For instance, a banking application requires access to a user's login credentials, but no information about the login credentials must be leaked to the developers of the app even if they legitimately receive other information, e.g. usage statistics. Such security requirements can be formally expressed with information-flow properties. Program analysis techniques, such as security type systems, can check automatically whether a program satisfies a given information-flow property. In the scenario of the banking application, a positive result of the analysis combined with a so-called soundness result for the analysis technique guarantees that no information about the user's login credentials is leaked to the developers.

At MAIS, we develop and improve information-flow properties and sound analysis techniques for these properties. Furthermore, we develop tools for the automatic verification of programs based on these analysis techniques.

SPASCA

Information leakage in computer systems can be clustered in different classes. Two examples of such classes are information leakage through data content and information leakage through execution time. At MAIS we develop the Secure-Programming Assistant and Side-Channel Analyzer (SPASCA), an information-flow analysis tool for Java source code programs. SPASCA can be used to detect information leakage in programs written in a rich sequential Java subset. It implements two static type-based information-flow analyses: a timing-insensitive  analysis detecting only leakage through data content, and a timing-sensitive analysis also detecting information leakage through execution time. The timing-sensitive analysis considers a transcript model of time where the transcript contains the program counter and array accesses. To aid the software engineer in developing secure software,SPASCA is seamlessly integrated as plug-in for the Eclipse IDE.

Open research topics

  • Developing a formally defined and sound analysis for SPASCA, that is suitable for concurrent programs
  • Improving the precision of SPASCA's analysis
  • Proving the soundness of the SPASCA type system in the automated proof assistant Isabelle/HOL
  • And more... Contact us if you are interested!

Cassandra

Mobile devices store and collect a wide range of sensitive information, such as the user's current location, his contacts, calendar entries, e-mails, photos, and many other kinds of information. Maintaining the privacy of this sensitive information is an open issue. In the past, many leaks of sensitive information by Android apps, both intentionally and unintentionally, have been reported. This is in spite of existing security mechanisms provided by Android.

Cassandra, the Certifying App Store for Secure Android Applications, addresses this problem by integrating an information-flow analysis into an app store. This allows users to check whether apps he would like to install respect his privacy requirements. In the development of Cassandra, we are addressing both theoretical and practical research questions. On the theory side, the analysis is formalized as a security type system. It is proven to be sound against a formal semantics of Android applications and a formal definition of security. This means that all applications passing the analysis are guaranteed to be secure. On the practical side, we have developed a system architecture that enables fast analyses as well as an optimized analysis algorithm. Here, we are also considering how to enable non-expert users to specify their privacy requirements and how to make sure that they can understand the results of the analysis.

Open research topics
  • Making the security analysis of Cassandra more flexible and precise by extending the type system
  • Analyzing the Android framework in order to remove the need for manual specification by experts
  • Extending an existing specification language to express more complex security requirements
  • And more... Contact us if you are interested!

Runtime Enforcement


Contact:
Tobias Hamann

When a program does not comply with given security requirements itself, one can employ a dynamic enforcement mechanism to make the program compliant while it is executed. A dynamic enforcement mechanism can be seen as an encapsulation that protects a program from a malicious environment or, vice versa, the environment from a malicious program. Dynamic enforcement is an active research area which comprises both theoretical aspects (e.g., the question which security policies are enforceable) as well as practical aspects (e.g., how to implement dynamic enforcement mechanisms). At MAIS, we particularly focus on distributed dynamic enforcement, which bears challenges like race conditions and incomplete information about the global state of the program.

Service Automata

Service Automata are a concept developed at MAIS for runtime enforcement of properties in distributed systems. They are a flexible and generic enforcement mechanism, meaning that they can be instantiated with different policies. Security Automata have been modeled in the process algebra CSP. This formalization of the mechanism allows formal proofs that the desired security guarantees of a system are enforced.

CliSeAu

Runtime Enforcement

CliSeAu is a proof-of-concept implementation of Service Automata. It can be used to enforce properties on distributed systems consisting of programs written in Java and Ruby as well as Android applications. Evaluations on case studies have shown that CliSeAu has only little runtime overhead.

Open research topics
  • Efficient runtime enforcement for distributed applications
  • Policy languages for decentralized distributed runtime enforcement
  • Security enforcement in Android applications / smart phones, service-oriented architectures, business processes, file systems, etc.
  • A library of standard enforcement strategies
  • Security enforcement for Software-Defined Networking
  • Dynamic enforcement mechanisms for mitigating timing side channels
  • And more... Contact us if you are interested!

 Security under Weak Memory Models


Contact:
Florian Dewald

Modern multi-core processors implement various optimizations intended to improve their performance, such as caches, reordering of instructions, and branch prediction. These optimizations can have effects that are unintuitive and unexpected. Weak memory models have been developed to describe the effects of processor optimizations. We have found that weak memory models have subtle effects on the security of programs: Security guarantees that have been established without taking into account processor optimizations no longer hold in general when a program is executed under a weak memory model. This is a significant issue, since many devices nowadays are equipped with multi-core processors.

At MAIS, we are further exploring the effects of weak memory models on security and developing techniques for re-establishing security guarantees. To this end, we are investigating a number of theoretical research questions, including how weak memory models can be incorporated in formal semantics, how different semantics incorporating weak memory models compare to each other, and what the impact of weak memory models is on security properties. This theoretical research is supported by the Isabelle/HOL proof assistant, which we use for modeling and verification. On the practical side, we are evaluating whether the executions possible under a given memory model are the same as those possible on an actual given processor and are investigating whether existing analyses and tools can be adapted to address the effects of the memory model of a given processor architecture.

Open research topics
  • Formal comparison of different approaches for modeling weak memory consistency
  • And more... Contact us if you are interested!


A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang