Research Topics
The chair for IT security conducts research in the following topics:
Leveraging Virtualization Techniques for System Security
System virtualization is a technology to run multiple operating systems on one physical host. The virtualization layer can also implement security features at a whole new level. The focus of our virtualization security research is the detection of intrusions by means of a method called Virtual Machine Introspection (VMI).
Adversarial Machine Learning
Machine learning has yield significant advances in decision-making for complex systems, but are they secure in the adversarial settings? The line of research on adversarial learning aims at employing geometry and optimization methodologies to analyze the vulnerability of classifiers in adversarial settings. The goal is to develop robust learning algorithms.
Robust Learning from Multiple Experts
With the recent advent of social network services, labeled training data can be easily obtained from massive amount of Internet users. However, those labels usually contain a lot of noise due to different expertise level of Internet users. The questions is, how to integrate those labels and perform robust learning algorithm?
Static Vulnerability Detection
In order to detect software vulnerabilities as early as possible, we develop automatic code checkers for the source code and for the binary level, and integrate them into the Eclipse IDE. We use the symbolic execution approach with automatic theorem proving.
Read more »
Malware Zoo
The Chair for IT security hosts a private malware zoo to support the research activities of our students and partnered organizations. The infrastructure supports the execution of static and dynamic analysis, gathering of data from partners such as Virustotal, and access to LRZ for statistical and Machine Learning operations. We welcome collaboration with academic researchers, R&D efforts from partner organizations, and individuals conducting defensive research that require infrstructure support. For information on how to access the Zoo, please please contact Alexander Lüdtke.
Secure Architectures
Most security weaknesses in programs are low-level due to improper or missing sanitization, buffer overflows, improper or missing authentication/encryption, allowing an upload of executable files, and so on. It turns out that around 92% of such weaknesses can be completely eliminated or mitigated by a well-though software architecture. We are looking at architectural solutions to ensure noninterference between certain components and noninference of sensitive information from publicly obtainable data.
Read more »
Anomaly Detection under Constraints
Anomaly detection approaches are used in many problems of IT Security, such as malware detection, access control and authentication. Machine learning methods of anomaly detection are used in case that rule-based or heuristic systems do not satisfy the needs to analyze statistically variable data. Very often anomaly detection approaches need to be executed on resource-constrained devices, such as mobile phones, routers and similar. There we encounter constraints in resources: memory, bandwidth, power, CPU. We develop and test adaptive machine learning methods to optimize anomaly detection in this setting.
Anomaly Detection with Graph Structure
Mitigation of Advanced Code Reuse Attacks
Distances in multithreaded programs
The diameter of a multithreaded program in the interleaving semantics is defined as the largest finite distance realizable in the transition graph of the program. We would like to show that in the finite-state case, this distance is subexponential, perhaps polynomial or even linear in the number of the threads.
Read more »