privacySFB https://privacy-sfb.cispa.saarland .html Sonderforschungsbereich 1223 Fri, 28 Sep 2018 12:50:15 +0000 en-US hourly 1 https://wordpress.org/?v=4.8.2 https://privacy-sfb.cispa.saarland/wp-content/uploads/sites/10/2016/01/sfb_maze_256-150x150.png privacySFB https://privacy-sfb.cispa.saarland .html 32 32 CISPA Researchers Win NSA Best Scientific Cybersecurity Paper Competition 2016 https://privacy-sfb.cispa.saarland/blog/cispa-researchers-win-nsa-best-scientific-cybersecurity-paper-competition-2016/ .html Thu, 14 Dec 2017 09:18:05 +0000 Andrea Ruffing Awards General https://cispa.saarland/index.html%3Fp=6018.html The publication &#8220;You Get Where You&#8217;re Looking For: The Impact of Information Sources on Code Security&#8221; by Prof. Michael Backes and his co-authors has won the 2016 5th Annual Best Scientific Cybersecurity Paper Competition of the National Security Agency (NSA). The paper was originally presented at the 2016 IEEE Symposium on Security and Privacy in &#8230; <a href="https://cispa.saarland/blog/michael-backes-wins-nsa-best-scientific-cybersecurity-paper-2016/">Continue reading <span>CISPA Researchers Win NSA Best Scientific Cybersecurity Paper Competition 2016</span> <span>&#8594;</span></a> <p>The publication “You Get Where You&#8217;re Looking For: The Impact of Information Sources on Code Security&#8221; by Prof. Michael Backes and his co-authors has won the 2016 5th Annual Best Scientific Cybersecurity Paper Competition of the National Security Agency (NSA). The paper was originally presented at the 2016 IEEE Symposium on Security and Privacy in San Jose, California and deals with the question why software developers write programs containing security gaps and which information sources they use to look up security- or privacy-relevant issues. Michael Backes’ co-authors were Yasemin Acar, Sascha Fahl, Doowon Kim, Michelle L. Mazurek and Christian Stransky. Stransky is currently a PhD student in the research group of Michael Backes at CISPA. The Annual Best Scientific Cybersecurity Paper Competition recognizes the best scientific cybersecurity papers published within the respective year. The award ceremony was hosted by the Research Directorate at the National Security Agency.</p> <p>For more information, please refer to the <a href="https://cps-vo.org/node/41119#award">press release </a> on the competition&#8217;s website. </p> CISPA – Helmholtz Center i.G. is officially founded! https://privacy-sfb.cispa.saarland/blog/cispa-helmholtz-center-i-g-is-officially-founded/ .html Wed, 13 Dec 2017 16:00:30 +0000 Andrea Ruffing General https://cispa.saarland/index.html%3Fp=6006.html On December 13, 2017, the official founding document was signed by Franziska Broer, Managing Director of the Helmholtz Association, Wolf-Dieter Lukas, German Federal Ministry for Education and Research, Annegret Kramp-Karrenbauer, Minister President of Saarland, and Michael Backes (Founding Director of the CISPA &#8211; Helmholtz Center i.G.). This is the first big step towards the Helmholtz &#8230; <a href="https://cispa.saarland/blog/cispa-helmholtz-center-i-g-is-officially-founded/">Continue reading <span>CISPA &#8211; Helmholtz Center i.G. is officially founded!</span> <span>&#8594;</span></a> <p>On December 13, 2017, the official founding document was signed by Franziska Broer, Managing Director of the Helmholtz Association, Wolf-Dieter Lukas, German Federal Ministry for Education and Research, Annegret Kramp-Karrenbauer, Minister President of Saarland, and Michael Backes (Founding Director of the CISPA – Helmholtz Center i.G.). This is the first big step towards the Helmholtz Center for Information Security at Saarbruecken. We are looking forward to the chances and challenges that lie ahead. For more information please refer to the press release by the <a href="https://www.saarland.de/6767_230967.htm" rel="noopener" >State Chancellery of Saarland</a> </p> <p><a href="https://cispa.saarland/wp-content/uploads/2017/12/CISPA-helmholtz-gruendung-01.jpg"><img src="https://cispa.saarland/wp-content/uploads/2017/12/CISPA-helmholtz-gruendung-01-300x200.jpg" alt="" width="300" height="200" class="alignnone size-medium wp-image-6007" /></a></p> <p>Foto (CISPA): from left to right: Franziska Broer, Wolf-Dieter Lukas, Annegret Kramp-Karrenbauer, Michael Backes signing the founding contract. </p> CISPA Spring School 2018: System Security https://privacy-sfb.cispa.saarland/blog/cispa-spring-school-2018-system-security/ .html Tue, 05 Dec 2017 16:13:15 +0000 Andrea Ruffing Events https://cispa.saarland/index.html%3Fp=5959.html Save the date: April 3, 2018 &#8211; April 6, 2018 Our Spring School on System Security comprises 4 research areas: &#8211; Attacking Android Apps &#8211; Grammar-based Testing &#038; Fuzzing &#8211; Finding Web Security Flaws &#8211; Crafting Softw... <p>Save the date:<br /> April 3, 2018 &#8211; April 6, 2018</h3> <div class='clear'></div> <blockquote> <p> Our Spring School on System Security comprises 4 research areas:<br /> &#8211; Attacking Android Apps<br /> &#8211; Grammar-based Testing &#038; Fuzzing<br /> &#8211; Finding Web Security Flaws<br /> &#8211; Crafting Software Exploits</p> <p> For further information and enquiries, please contact <span title="" class="pep-email">spring-school(aeht)cispa.saarland</span> </p> </blockquote> <div class='clear'></div> Christian Rossow is among the “40 talents under the age of 40” https://privacy-sfb.cispa.saarland/blog/christian-rossow-is-among-the-40-talents-under-the-age-of-40/ .html Thu, 16 Nov 2017 16:27:43 +0000 Andrea Ruffing General https://cispa.saarland/index.html%3Fp=5943.html The magazine &#8220;Capital&#8221; has awarded 40 young individuals with the title &#8220;talents under the age of 40&#8221;. Professor Christian Rossow, CISPA researcher and head of the System Security Group, has received the award in the category &#8220;Science and Society&#8221;. At CISPA, Rossow&#8217;s research comprises for example cyber criminals and their attacks. Read the full press &#8230; <a href="https://cispa.saarland/blog/christian-rossow-is-among-the-40-talents-under-the-age-of-40/">Continue reading <span>Christian Rossow is among the &#8220;40 talents under the age of 40&#8221;</span> <span>&#8594;</span></a> <p>The magazine &#8220;Capital&#8221; has awarded 40 young individuals with the title &#8220;talents under the age of 40&#8221;. Professor Christian Rossow, CISPA researcher and head of the System Security Group, has received the award in the category &#8220;Science and Society&#8221;. At CISPA, Rossow&#8217;s research comprises for example cyber criminals and their attacks. </p> <p>Read the full <a href="https://www.uni-saarland.de/nc/aktuelles/artikel/nr/18352.html">press release</a> by Saarland University (in Germany)</p> <p><a href="https://cispa.saarland/wp-content/uploads/2017/11/2821_Rossow_Portrait-cut.jpg"><img src="https://cispa.saarland/wp-content/uploads/2017/11/2821_Rossow_Portrait-cut-265x300.jpg" alt="" width="265" height="300" class="alignnone size-medium wp-image-5944" /></a></p> <p>Source: CISPA</p> CISPA Researcher Christoph Sorge Explains Secure Passwords on Spiegel Online https://privacy-sfb.cispa.saarland/blog/cispa-researcher-christoph-sorge-explains-secure-passwords-on-spiegel-online/ .html Tue, 22 Aug 2017 15:30:18 +0000 Andrea Ruffing Headlines https://cispa.saarland/index.html%3Fp=5901.html In an article on the online news website &#8220;Spiegel Online&#8221;, CISPA Researcher Christoph Sorge, Professor for Legal Informatics at Saarland University, talks about secure passwords and password manager. Read the full article (in German) (So... <p>In an article on the online news website &#8220;Spiegel Online&#8221;, CISPA Researcher Christoph Sorge, Professor for Legal Informatics at Saarland University, talks about secure passwords and password manager.</p> <p/> <p>Read the full <a href="https://www.spiegel.de/netzwelt/web/passwort-manager-im-test-5-helfer-gegen-das-kennwort-chaos-a-1162548.html" >article (in German)</a></p> <p/> <p><a href="https://cispa.saarland/wp-content/uploads/2017/08/CISPA-Mitarbeiter_crop_65563.jpg"><img src="https://cispa.saarland/wp-content/uploads/2017/08/CISPA-Mitarbeiter_crop_65563-300x200.jpg" alt="" width="300" height="200" class="alignnone size-medium wp-image-5902" /></a></p> <p>(Source: Oliver Dietze)</p> <p/> The Genomics Revolution: The Good, The Bad, and The Ugly https://privacy-sfb.cispa.saarland/blog/the-genomics-revolution-the-good-the-bad-and-the-ugly/ .html Tue, 22 Aug 2017 09:47:32 +0000 Andrea Ruffing Distinguished Lectures Events Talks https://cispa.saarland/index.html%3Fp=5899.html Abstract Advances in DNA sequencing and genomic research have paved the way to a variety of revolutionary applications and made genetic testing increasingly available to the masses. The increasing understanding of the human genome&#8217;s relation to diseases, disorders, and response to treatments brings promise of improvements in preventive and personalized healthcare. This very same progress, &#8230; <a href="https://cispa.saarland/blog/genomicsrevolution/">Continue reading <span>The Genomics Revolution: The Good, The Bad, and The Ugly</span> <span>&#8594;</span></a> <p><span style="text-decoration: underline">Abstract</span></p> <p>Advances in DNA sequencing and genomic research have paved the way to a<br /> variety of revolutionary applications and made genetic testing<br /> increasingly available to the masses. The increasing understanding of<br /> the human genome&#8217;s relation to diseases, disorders, and response to<br /> treatments brings promise of improvements in preventive and personalized<br /> healthcare. This very same progress, however, also prompts worrisome<br /> privacy concerns, as the genome is a treasure trove of highly personal<br /> and sensitive information. Besides carrying information about ethnic<br /> heritage, genetic conditions, and predisposition to diseases, access to<br /> an individual&#8217;s genome also entails access to that of their present and<br /> future relatives. The leakage of such information can open the door to a<br /> variety of abuses and threats not yet fully understood. In this talk, we<br /> overview biomedical advances in genomics and discuss associated privacy,<br /> ethical, and security challenges. We also begin to address<br /> privacy-preserving genomic tests by discussing a set of techniques for<br /> secure genome analysis and sharing. We explore a few alternatives to<br /> securely store genomic data and allow authorized parties to run tests in<br /> such a way that only the required minimum amount of information is<br /> disclosed, discussing the state of the art as well as open problems.</p> <p><span style="text-decoration: underline">Speaker&#8217;s Bio</span></p> <p>GEmiliano De Cristofaro is an Associate Professor at University College<br /> London (UCL).  Prior to joining UCL in 2013, he was a research scientist<br /> at Xerox PARC. In 2011, he received a PhD in Networked Systems from the<br /> University of California, Irvine, advised (mostly while running on the<br /> beach), by Gene Tsudik. His research interests include privacy<br /> technologies, applied cryptography, and systems security. He will serve as<br /> program co-chair of the security and privacy track at WWW 2018, and <br /> has served as program co-chair of the Privacy Enhancing Technologies Symposium<br /> (PETS) in 2013 and 2014, and of the Workshop on Genome Privacy and<br /> Security (GenoPri 2015). His homepage is available at https://emilianodc.com.</p> <p>&nbsp;</p> Hackers, Swindlers, and Trolls: Understanding and Measuring Abuse on Online Services https://privacy-sfb.cispa.saarland/blog/hackers-swindlers-and-trolls-understanding-and-measuring-abuse-on-online-services/ .html Tue, 22 Aug 2017 09:38:58 +0000 Andrea Ruffing Distinguished Lectures Events Talks https://cispa.saarland/index.html%3Fp=5897.html Abstract Online services are abused by a multitude of malicious parties, from cybercriminals using them to monetize botnets and malware, to scammers looking to defraud innocent users, to trolls spreading hate speech and bullying. Despite the threats that they pose to the safety of Internet users, we still lack a satisfactory knowledge of how different &#8230; <a href="https://cispa.saarland/blog/understandingandmeasuringabuse/">Continue reading <span>Hackers, Swindlers, and Trolls: Understanding and Measuring Abuse on Online Services</span> <span>&#8594;</span></a> <p><span style="text-decoration: underline">Abstract</span></p> <p>Online services are abused by a multitude of malicious parties, from cybercriminals using them to monetize botnets and malware, to scammers looking to defraud innocent users, to trolls spreading hate speech and bullying. Despite the threats that they pose to the safety of Internet users, we still lack a satisfactory knowledge of how different types of malicious users operate. In this talk I will provide an overview of our recent work in the area. I will first illustrate the findings that we made when deploying honeypot accounts on Gmail and deliberately giving access to them to cybercriminals. I will then talk about the problem of scams happening on online dating sites, focusing on why blocking malicious activity on these platforms is a particularly challenging task. Finally, I will talk about our measurement study of 4chan, the &#8220;dark underbelly of the Internet,&#8221; in which we characterized &#8220;raid&#8221; behavior, a phenomenon that sees online trolls gather and deliberately attacking an entity on a third party service, such as a Youtube video or a Twitter account.</p> <p><span style="text-decoration: underline">Speaker&#8217;s Bio</span></p> <p>Gianluca Stringhini is an Assistant Professor in the Department of Computer Science and Security and Crime Science at University College London. He obtained his PhD from UCSB in 2014, where he worked under the supervision of Christopher Kruegel and Giovanni Vigna. Gianluca works in the area of data-driven security, analyzing large datasets to better understand complex cybercriminal operations and developing mitigation techniques to fight them. He was awarded a Google Faculty Research Award in 2015, a Symantec Research Labs Fellowship in 2012, and multiple Best Paper Awards. He published in top security conferences such as CCS, NDSS, and USENIX Security, as well as top measurement and web conferences such as IMC, WWW, and ICWSM.<br /> &nbsp;</p> CISPA Researchers publish 6 papers at CCS 2017 https://privacy-sfb.cispa.saarland/blog/cispa-researchers-publish-6-papers-at-ccs-2017/ .html Wed, 09 Aug 2017 15:54:44 +0000 Andrea Ruffing General https://cispa.saarland/index.html%3Fp=5885.html 6 papers by CISPA researchers were accepted at this year&#8217;s CCS, the ACM Conference on Computer and Communications Security. The conference will take place in Dallas, USA from Oct 30 &#8211; Nov 3, 2017. The accepted papers in in detail: Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch &#8230; <a href="https://cispa.saarland/blog/cispa-researchers-publish-6-papers-at-ccs-2017/">Continue reading <span>CISPA Researchers publish 6 papers at CCS 2017</span> <span>&#8594;</span></a> <p>6 papers by CISPA researchers were accepted at this year&#8217;s CCS, the ACM Conference on Computer and Communications Security. The conference will take place in Dallas, USA from Oct 30 &#8211; Nov 3, 2017. </p> <p>The accepted papers in <a href="https://acmccs.github.io/institutions/" >in detail:</a></p> <p>Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code<br /> Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me updated: An Empirical Study of Third-Party Library Updatability on Android<br /> Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs<br /> Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android<br /> Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles<br /> Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops</p> Physical-Layer Security Aspects of ICS and IoT https://privacy-sfb.cispa.saarland/blog/physical-layer-security-aspects-of-ics-and-iot/ .html Mon, 24 Jul 2017 08:40:07 +0000 Andrea Ruffing Events Talks https://cispa.saarland/index.html%3Fp=5869.html Abstract Physical processes that are sensed and actuated play an important role in the general Internet of Things (IoT), and in particular in Industrial Control Systems (ICS). From a security perspective, the physical layer allows for novel interactions of the (local) attacker with the system, and manipulating the physical process itself could be the target &#8230; <a href="https://cispa.saarland/blog/physical-layersecurityaspectsoficsandiot25071720-7-17/">Continue reading <span>Physical-Layer Security Aspects of ICS and IoT</span> <span>&#8594;</span></a> <p><span style="text-decoration: underline">Abstract</span></p> <p>Physical processes that are sensed and actuated play an important role in the general Internet of Things (IoT), and in particular in Industrial Control Systems (ICS). From a security perspective, the physical layer allows for novel interactions of the (local) attacker with the system, and manipulating the physical process itself could be the target of the attacker. In addition, physical processes could also be leveraged for attack detection, and laws of physics constrain even strong attackers. As result, research in that area needs to be interdisciplinary and connect traditional engineering domains such as wireless communications, systems engineering, and information security. In this talk, a number of physical-layer security aspects relating to wireless communications, IoT, and ICS are discussed. In particular, focus will be on attacks and detection mechanisms for ICS, and time-of-arrival-based localization used in GPS and distance bounding.</p> <p><span style="text-decoration: underline">Speaker&#8217;s Bio</span></p> <p>He is an Assistant Professor at the Information Systems Technology and Design Pillar, at the Singapore University of Technology and Design (SUTD). He earned his Dr. Sc. in Computer Science from ETH Zurich (Switzerland) in 2012. At ETH, he was part of the System Security group led by Prof. Srdjan Capkun. Before coming to ETH, he received a degree in Computer Engineering (Dipl. Ing.) from the Hamburg University of Technology (Germany) in 2007. His Masters’ thesis on side-channel attack-resistant embedded crypto was supervised by Prof. Dieter Gollmann (TUHH), and Dr. Heike Neumann (NXP). The thesis won the K-H Ditze award for TUHH’s best Masters’ thesis in 2007. He was also awarded a DAAD scholarship to study for one year at the University of Waterloo, Ontario, Canada between 2004-2005.</p> <p>&nbsp;</p> Machine Learning for Programming https://privacy-sfb.cispa.saarland/blog/machine-learning-for-programming/ .html Mon, 17 Jul 2017 08:00:50 +0000 Andrea Ruffing Events Talks https://cispa.saarland/index.html%3Fp=5871.html Abstract In this talk I will discuss a new generation of software tools based on probabilistic models learned from large codebases of code a.k.a &#8220;Big Code&#8221;. By leveraging the massive effort already spent by thousands of programmers, these tools make useful predictions about new, unseen programs, thus helping to solve important and difficult software tasks. &#8230; <a href="https://cispa.saarland/blog/machinelearningforprogramming/">Continue reading <span>Machine Learning for Programming</span> <span>&#8594;</span></a> <p><span style="text-decoration: underline">Abstract</span></p> <p>In this talk I will discuss a new generation of software tools based on probabilistic models learned from large codebases of code a.k.a &#8220;Big Code&#8221;. By leveraging the massive effort already spent by thousands of programmers, these tools make useful predictions about new, unseen programs, thus helping to solve important and difficult software tasks. As an example, I will illustrate our systems for statistical code completion, deobfuscation and defect prediction. Two of these systems (jsnice.org and apk-deguard.com) are freely available and already have thousands of users. In the talk, I will present some of the core machine learning and program analysis techniques behind these learning tools.</p> <p><span style="text-decoration: underline">Speaker&#8217;s Bio</span></p> <p>Veselin Raychev obtained his PhD from ETH Zürich in 2016 on the topic of “Learning from Large Codebases”. Before this, he worked as a software engineer at Google on the public transportation routing algorithm of Google Maps as well as several other projects. Currently he is a co-founder and CTO of DeepCode GmbH &#8211; a company developing &#8220;Big Code&#8221; programming tools.</p> <p>&nbsp;</p>