Project Description: Machine Learning (ML) systems are vital components of everyday products and services in our society. ML models have been popularly employed in law enforcement (e.g., COMPASS), legal use cases (e.g., LegalBERT), and programming language tasks (e.g., CodeBERT, Github Copilot, etc.). Despite the criticality of these use cases, ML systems are often biased towards … full description “Analyzing the Evolution of Fairness properties in ML-based Code repositories (available)”
Category: Systems Security
Attacking Large Pre-trained Programming Language Models (PLMs) via Backdoors (completed)
Project Description: Backdoors refer to a class of Machine Learning (ML) attacks where an adversary trains an ML model to intentionally misclassify any input to a specific label [1]. This is typically achieved by poisoning the training data, such that inputs are misclassified to a target label when the backdoor trigger is present. For instance, … full description “Attacking Large Pre-trained Programming Language Models (PLMs) via Backdoors (completed)”
Automated Debugging of Invalid Inputs generated by Fuzzers (available)
Project Description: Fuzzing is a popular testing method used to ensure the reliability, security and correctness of software systems. These tools allow developers to find bugs and vulnerabilities in software systems automatically. For instance, AFL is a popular fuzzer that has exposed thousands of bugs in open-source software provided by Google, Amazon and Firefox [1]. … full description “Automated Debugging of Invalid Inputs generated by Fuzzers (available)”
Automatic Patch-based Exploit Generation (completed)
When a vulnerability is found, it generally goes through a responsible disclosure process. This means that the vendor will be contacted to write a fix before the vulnerability is made public. The patch will be pushed to its users and the vulnerability details become public. In theory, this is a safe process for vulnerability exposure … full description “Automatic Patch-based Exploit Generation (completed)”
Autonomous Cars – Evaluation of Security Countermeasures (available)
Project Description Autonomous and connected vehicles will be a part of reality in the near future. There are many development efforts currently underway to pave the way for the deployment of autonomous vehicles (self-driving cars) in public areas. These vehicles are a collection of complex and sophisticated computational architectures. Cybersecurity is among many challenges that … full description “Autonomous Cars – Evaluation of Security Countermeasures (available)”
Building a dataset of IoT device firmwares (completed)
Performing security analysis of IoT devices is often expensive as it requires purchasing the IoT device, which is not practical at scale. To avoid this some researchers perform security analysis over the apps used by those IoT devices. Although this analysis can be useful it has some limitations as only one element of the ecosystem … full description “Building a dataset of IoT device firmwares (completed)”
Control-flow Bending POCs (completed)
Research has shifted over the years when it comes to binary exploitation. With more accurate and practical implementations of Control-flow Integrity (CFI) [1] [2] [3], the question arises as to what attack surface is still available – and how to exploit it. In particular, what attacks can be performed when staying within the boundaries of … full description “Control-flow Bending POCs (completed)”
Control-flow graphs for Automatic-Exploit Generation (completed)
Research has shifted over the years when it comes to binary exploitation. With more accurate and practical implementations of Control-flow Integrity (CFI) [1][2], the question arises as to what attack surface is still available – and how to exploit it. In particular, what attacks can be performed when staying within the boundaries of a (perfect) … full description “Control-flow graphs for Automatic-Exploit Generation (completed)”
Detecting broken security in hybrid Android apps (completed)
Many modern Android applications make use of a webview – a component providing easy access to the rendering engine and JavaScript interpreter of a full browser. The content shown by a webview can be loaded from a local resource or a remote server via HTTP and integrates seamlessly with the app. Webviews are popular with developers, … full description “Detecting broken security in hybrid Android apps (completed)”
Disassembling x86 binaries for static analysis and reverse engineering (completed)
The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro. Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then … full description “Disassembling x86 binaries for static analysis and reverse engineering (completed)”
Empirical evaluation of static verifiers for the Go programming language (available)
Go is a language that natively supports many constructs to synchronise concurrent threads. Because of this, developing code that contains subtle concurrency bugs is rather common. To address this problem, several groups of researchers have put forwards tools to find concurrency bugs in Go codebases. The objective of this project is to evaluate how some … full description “Empirical evaluation of static verifiers for the Go programming language (available)”
Formal Verification for Blockchains (available)
In this project you will explore the world of formal verification andblockchains, specifically the new Ethereum 2.0 ‘Proof-of-Stake’ blockchain [1]. This is a more energy-efficient replacement for the original Ethereum ‘Proof-of-Work’ blockchain. As in any blockchain, correctness of thedistributed ‘consensus’ protocol [2] used to maintain the chain and extend it with new blocks is critical. … full description “Formal Verification for Blockchains (available)”
Invisible Malware using Intel SGX Enclaves (completed)
A fundamental security problem when hosting applications on cloud platforms is the increased risk of sensitive data loss (e.g. due to negligent or malicious employees of the cloud provider). An exciting approach to mitigating such attacks are new trusted execution environments (e.g. Intel SGX), recently available on commodity CPUs. Intel SGX allows users to create … full description “Invisible Malware using Intel SGX Enclaves (completed)”
Predicting Debug Symbols for Closed Source Binaries (completed)
Reverse engineering binaries, whether malicious or benign, is made more difficult by the absence of debug information. Variables and functions have had their identifiers “stripped”, so reverse engineers have to manually name them during analysis based on human understanding of the code functionality. The goal of this project is to use machine learning to predict … full description “Predicting Debug Symbols for Closed Source Binaries (completed)”
Security Evaluation of Broadcasting Network – Protecting the Entertainment Media (available)
Project Description With an increase in the use of internet technologies in various fields, the traditional broadcasting industry also started to adopt systems, software and services based on internet technologies to provide their contents to viewers. Most of the connected media devices deployed still tend to have a low-security threshold inherited from the era of … full description “Security Evaluation of Broadcasting Network – Protecting the Entertainment Media (available)”
Smart cars – Accident scene reconstruction (available)
Smart cars have a number of sensors monitoring the status of the vehicle and at the same time assisting the driver. These sensors traditionally monitor temperature, battery levels, etc. They are relatively simple circuits that may also alert the driver for possible vehicle damage. Some of these are also working towards collision mitigation by monitoring … full description “Smart cars – Accident scene reconstruction (available)”
System Provenance Collection from a Client Workstation (completed)
A client workstation in an enterprise network is used by individual employees. They use this workstation to perform different activities, including accessing the data stored in the enterprise data repositories (i.e., Database). These activities, which relate to accessing the data and then using it on a workstation are the crucial missing element in data compliance … full description “System Provenance Collection from a Client Workstation (completed)”
System Provenance Collection from a Database Server (completed)
A database server is a collection of an Operating System (OS) at its core that hosts a database – accessible from various services and devices in an enterprise network. The activities observed on the database server are of immense importance to show compliance with data governance policies. A crucial element of such a compliance is … full description “System Provenance Collection from a Database Server (completed)”
WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications (completed)
WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications Microarchitectural covert channels are a threat to data confidentiality in multi-tenant environments (cloud platform, mobile phone, etc.). This type of leakage channel aims at tunnelling information across isolation boundaries (sandboxing, censorship, etc.) by exploiting timing variations during program execution. Indeed, the state of microarchitectural components … full description “WebAssembly-based microarchitectural covert channel attacks: capabilities, proof-of-concept, and implications (completed)”