Research Topics

The chair for IT security conducts research in the following topics:

Leveraging Virtualization Techniques for System Security

System virtualization is a technology to run multiple operating systems on one physical host. The virtualization layer can also implement security features at a whole new level. The focus of our virtualization security research is the detection of intrusions by means of a method called Virtual Machine Introspection (VMI).

Adversarial Machine Learning

Machine learning has yield significant advances in decision-making for complex systems, but are they secure in the adversarial settings? The line of research on adversarial learning aims at employing geometry and optimization methodologies to analyze the vulnerability of classifiers in adversarial settings. The goal is to develop robust learning algorithms.

Robust Learning from Multiple Experts

With the recent advent of social network services, labeled training data can be easily obtained from massive amount of Internet users. However, those labels usually contain a lot of noise due to different expertise level of Internet users. The questions is, how to integrate those labels and perform robust learning algorithm?

Static Vulnerability Detection

In order to detect software vulnerabilities as early as possible, we develop automatic code checkers for the source code and for the binary level, and integrate them into the Eclipse IDE. We use the symbolic execution approach with automatic theorem proving.

Malware Zoo

The Chair for IT security hosts a private malware zoo to support the research activities of our students and partnered organizations. The infrastructure supports the execution of static and dynamic analysis, gathering of data from partners such as Virustotal, and access to LRZ for statistical and Machine Learning operations. We welcome collaboration with academic researchers, R&D efforts from partner organizations, and individuals conducting defensive research that require infrstructure support. For information on how to access the Zoo, please please contact Alexander Lüdtke.

Secure Architectures

Most security weaknesses in programs are low-level due to improper or missing sanitization, buffer overflows, improper or missing authentication/encryption, allowing an upload of executable files, and so on. It turns out that around 92% of such weaknesses can be completely eliminated or mitigated by a well-though software architecture. We are looking at architectural solutions to ensure noninterference between certain components and noninference of sensitive information from publicly obtainable data.

Anomaly Detection under Constraints

Anomaly detection approaches are used in many problems of IT Security, such as malware detection, access control and authentication. Machine learning methods of anomaly detection are used in case that rule-based or heuristic systems do not satisfy the needs to analyze statistically variable data. Very often anomaly detection approaches need to be executed on resource-constrained devices, such as mobile phones, routers and similar. There we encounter constraints in resources: memory, bandwidth, power, CPU. We develop and test adaptive machine learning methods to optimize anomaly detection in this setting.

Anomaly Detection with Graph Structure

Using control flow graphs (CFG) to mitigate software vulnerabilities by control-flow integrity(CFI) policies is an essential technique in software security, especially for code reuse attacks. However, there is an open question that can we leverage CFG, or graph structure in general, to detect software vulnerabilities and malware? And what are the advantages and disadvantages of this area? How about the robustness of the graph-based anomaly detection system under the influence of the adversarial samples? In this research topic, we design Android malware detection system with function call graphs and native code, cross-platforms malware detection system, malware detection system with program dependence graphs(including control flow graphs and data flow graphs)

Mitigation of Advanced Code Reuse Attacks

As the threat posed by advanced Code-Reuse Attacks (CRAs) is on the rise we want to develop tools that can mitigate such state of the art attacks e.g., the one dubbed Counterfeit Object-Oriented Programming (COOP). These types of attacks are particularly hard to defend against since traditional Control Flow Integrity (CFI) approaches are useless.

Distances in multithreaded programs

The diameter of a multithreaded program in the interleaving semantics is defined as the largest finite distance realizable in the transition graph of the program. We would like to show that in the finite-state case, this distance is subexponential, perhaps polynomial or even linear in the number of the threads.