Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft Bildinformationen anzeigen

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft

Seminar System Security

The central topic of this seminar are security papers presented at top conferences.

The seminar is expected to take place as a block seminar at the end of the lecture period.

Topics

  1. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate https://ieeexplore.ieee.org/document/8835212

  2. Blind Certificate Authorities https://ieeexplore.ieee.org/document/8835242

  3. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers https://www.ndss-symposium.org/ndss-paper/time-does-not-heal-all-wounds-a-longitudinal-analysis-of-security-mechanism-support-in-mobile-browsers/

  4. Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks https://www.ndss-symposium.org/ndss-paper/latex-gloves-protecting-browser-extensions-from-probing-and-revelation-attacks/

  5. Post-Quantum Authentication in TLS 1.3: A Performance Study https://www.ndss-symposium.org/ndss-paper/post-quantum-authentication-in-tls-1-3-a-performance-study/

  6. ParmeSan: Sanitizer-guided Greybox Fuzzing https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund

  7. HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing https://www.ndss-symposium.org/ndss-paper/hotfuzz-discovering-algorithmic-denial-of-service-vulnerabilities-through-guided-micro-fuzzing/

  8. Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps https://ieeexplore.ieee.org/document/9152205

  9. FuzzGen: Automatic Fuzzer Generation https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou

  10. Detecting Fake Accounts in Online Social Networks at the Time of Registrations https://dl.acm.org/doi/pdf/10.1145/3319535.3363198

  11. Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks https://www.ndss-symposium.org/ndss-paper/cross-origin-state-inference-cosi-attacks-leaking-web-site-states-through-xs-leaks/

  12. The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws https://dl.acm.org/doi/pdf/10.1145/3372297.3417869

  13. CDN Judo: Breaking the CDN DoS Protection with Itself https://www.ndss-symposium.org/ndss-paper/cdn-judo-breaking-the-cdn-dos-protection-with-itself/

  14. FreeDom: Engineering a State-of-the-Art DOM Fuzzer https://dl.acm.org/doi/pdf/10.1145/3372297.3423340

  15. DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels https://dl.acm.org/doi/10.1145/3372297.3417280

  16. Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors https://www.ndss-symposium.org/ndss-paper/et-tu-alexa-when-commodity-wifi-devices-turn-into-adversarial-motion-sensors/

  17. Encrypted DNS--> Privacy? A traffic analysis perspective https://www.ndss-symposium.org/ndss-paper/encrypted-dns-privacy-a-traffic-analysis-perspective/

  18. Let's Revoke: Scalable Global Certificate Revocation https://www.ndss-symposium.org/ndss-paper/lets-revoke-scalable-global-certificate-revocation/

  19. How not to prove your election outcome https://ieeexplore.ieee.org/document/9152765

  20. Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization https://www.ndss-symposium.org/ndss-paper/not-all-coverage-measurements-are-equal-fuzzing-by-coverage-accounting-for-input-prioritization/

  21. EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit https://www.usenix.org/conference/usenixsecurity20/presentation/yue

  22. Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral https://dl.acm.org/doi/10.1145/3372297.3417864

Further topics might be added in the future, though we do not promise this. (last Update: 2022-03-01 10:10)
You can also suggest your own topic by writing a mail to Juraj (juraj.somorovsky(at)upb(dot)de). DO NOT put a suggested topic on your list without prior approval.

Dates & Deadlines

  • First week: distribution of topics.
  • 20.5.: Submission deadline for preliminary seminar thesis version (at least 5 pages of text; excluding title page, table of contents, references, figures, ...) describing the main paper problem AND briefly describe 2 related papers citing your paper.
  • 24.6.: Submission deadline for the prefinal seminar thesis.
  • 8.7.: Submission deadline for the reviews.
  • 13.7.: Submission deadline for your presentation slides (you can still change your slides a bit before the talk).
  • 14.7. and 15.7.: Block Seminar, Presentation of your work.
  • 22.7.: Submission deadline for the final version of the seminar thesis.

The seminar will be organized over Panda. Deadlines are till the end of the day (23:59 local time/as according to Panda).

Meetings

We will have five meetings in FU.511, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 8.4. 9:15 Introduction
  • 22.4. 9:15 Research Skills
  • 29.49:15 Writing Skills
  • 24.6. 9:15 Review Skills
  • 1.7. 9:15 Presentation Skills

Registration of Topics

Over Jupyter. We might ask for further preferences if too many Students requested the same topics.

Grading and Demands

The final grade cosists of your presentation (30%), your paper (60%), and your reviews (10%). Additionally, you must meet all deadlines.

Presentation

20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar thesis

Essay of length 12 to 20 pages written according to the standards of a scientific paper.

Reviews

We will follow a peer review procedure similar to scientific publications:

  • You submit your thesis (paper) at Panda
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you write will influence your final grade
  • The reviews you receive will not influence your final grade (but you should address/apply them in your final version)
  • Each student has to write 2 reviews (each 1-2 pages)
Sie interessieren sich für:

Die Universität der Informationsgesellschaft