A Toolkit for Micro-architectural Attacks on Mobile Devices (available)

Micro-architectural attacks leverage side-effects from modern processor features during the execution of secret-dependent code. These attacks have emerged in recent years as a potent vector for recovering cryptographic keys and other secret data. Despite this, very few implementations of published attacks have been released publicly on mobile devices, which has raised questions about their reproduciblity. … full description “A Toolkit for Micro-architectural Attacks on Mobile Devices (available)”

Analyzing security of ECG biometrics (completed)

Biometric systems rely on physiological or behavioural characteristics that can be measured by sensors to verify identity. Electrocardiogram (ECG)-based biometrics is one of the new and most promising types. ECG signals measure the electrical activity of the heart and several studies have found them suitable for human identification. To match the signals with the registered … full description “Analyzing security of ECG biometrics (completed)”

Automatic Patch-based Exploit Generation (available)

When a vulnerability is found, it generally goes through a responsible disclosure process. This means that the vendor will be contacted to write a fix before the vulnerability is made public. The patch will be pushed to its users and the vulnerability details become public. In theory, this is a safe process for vulnerability exposure … full description “Automatic Patch-based Exploit Generation (available)”

Autonomous Cars – Evaluation of Security Countermeasures (available)

Project Description Autonomous and connected vehicles will be a part of reality in the near future. There are many development efforts currently underway to pave the way for the deployment of autonomous vehicles (self-driving cars) in public areas. These vehicles are a collection of complex and sophisticated computational architectures. Cybersecurity is among many challenges that … full description “Autonomous Cars – Evaluation of Security Countermeasures (available)”

Building a dataset of IoT device firmwares (completed)

Performing security analysis of IoT devices is often expensive as it requires purchasing the IoT device, which is not practical at scale. To avoid this some researchers perform security analysis over the apps used by those IoT devices. Although this analysis can be useful it has some limitations as only one element of the ecosystem … full description “Building a dataset of IoT device firmwares (completed)”

Combatting Fake News Using Mobile Trusted Execution Environments (available)

The distribution of fake news – hoaxes, propaganda, and outright false articles – by pseudo-news outlets is a major issue. Fake news can undermine trust in legitimate sources of news and the integrity of the democratic process. Existing methods to combat this issue have significant shortcomings. Manual take-downs are slow and lack scalability, particularly if … full description “Combatting Fake News Using Mobile Trusted Execution Environments (available)”

Control-flow graphs for Automatic-Exploit Generation (available)

Research has shifted over the years when it comes to binary exploitation. With more accurate and practical implementations of Control-flow Integrity (CFI) [1][2], the question arises as to what attack surface is still available – and how to exploit it. In particular, what attacks can be performed when staying within the boundaries of a (perfect) … full description “Control-flow graphs for Automatic-Exploit Generation (available)”

Detecting broken security in hybrid Android apps (completed)

Many modern Android applications make use of a webview – a component providing easy access to the rendering engine and JavaScript interpreter of a full browser. The content shown by a webview can be loaded from a local resource or a remote server via HTTP and integrates seamlessly with the app. Webviews are popular with developers, … full description “Detecting broken security in hybrid Android apps (completed)”

Disassembling x86 binaries for static analysis and reverse engineering (completed)

The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro. Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then … full description “Disassembling x86 binaries for static analysis and reverse engineering (completed)”

Invisible Malware using Intel SGX Enclaves (completed)

A fundamental security problem when hosting applications on cloud platforms is the increased risk of sensitive data loss (e.g. due to negligent or malicious employees of the cloud provider). An exciting approach to mitigating such attacks are new trusted execution environments (e.g. Intel SGX), recently available on commodity CPUs. Intel SGX allows users to create … full description “Invisible Malware using Intel SGX Enclaves (completed)”

Micro-architectural Attacks on RISC-V Devices (available)

RISC-V is a royalty-free instruction set architecture (ISA) introduced in 2010 with substantial differences to ARM and X86-64 platforms. Its open-source nature threatens to disrupt the status quo of these widely deployed proprietary processor architectures. RISC-V devices have, very recently, started to reach the commercial marketplace. Future potential deployments of such RISC-V devices includes industrial … full description “Micro-architectural Attacks on RISC-V Devices (available)”

Predicting Debug Symbols for Closed Source Binaries (completed)

Reverse engineering binaries, whether malicious or benign, is made more difficult by the absence of debug information. Variables and functions have had their identifiers “stripped”, so reverse engineers have to manually name them during analysis based on human understanding of the code functionality. The goal of this project is to use machine learning to predict … full description “Predicting Debug Symbols for Closed Source Binaries (completed)”

Security Evaluation of Broadcasting Network – Protecting the Entertainment Media (available)

Project Description With an increase in the use of internet technologies in various fields, the traditional broadcasting industry also started to adopt systems, software and services based on internet technologies to provide their contents to viewers. Most of the connected media devices deployed still tend to have a low-security threshold inherited from the era of … full description “Security Evaluation of Broadcasting Network – Protecting the Entertainment Media (available)”

Smart cars – Accident scene reconstruction (available)

Smart cars have a number of sensors monitoring the status of the vehicle and  at the same time assisting the driver. These sensors traditionally monitor temperature, battery levels, etc. They are relatively simple circuits that may also alert the driver for possible vehicle damage. Some of these are also working towards collision mitigation by monitoring … full description “Smart cars – Accident scene reconstruction (available)”

System Provenance Collection from a Client Workstation (completed)

A client workstation in an enterprise network is used by individual employees. They use this workstation to perform different activities, including accessing the data stored in the enterprise data repositories (i.e., Database). These activities, which relate to accessing the data and then using it on a workstation are the crucial missing element in data compliance … full description “System Provenance Collection from a Client Workstation (completed)”

System Provenance Collection from a Database Server (completed)

A database server is a collection of an Operating System (OS) at its core that hosts a database – accessible from various services and devices in an enterprise network. The activities observed on the database server are of immense importance to show compliance with data governance policies. A crucial element of such a compliance is … full description “System Provenance Collection from a Database Server (completed)”

WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications (completed)

WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications   Microarchitectural covert channels are a threat to data confidentiality in multi-tenant environments (cloud platform, mobile phone, etc.). This type of leakage channel aims at tunnelling information across isolation boundaries (sandboxing, censorship, etc.) by exploiting timing variations during program execution. Indeed, the state of microarchitectural components … full description “WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications (completed)”