E-mail senden E-Mail Adresse kopieren

E-Mail

Telefon

Adresse

CISPA / 2.01
Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Awards (Auswahl)

2023: Distinguished Paper Award: IEEE S&P

Kurzbiografie

Dr. Ali Abbasi ist Tenure-Track Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit in Saarbrücken. Er war Post-Doc am Lehrstuhl für Systemsicherheit der Ruhr-Universität Bochum und erwarb seinen Doktortitel an der Technischen Universität Eindhoven. Seine Forschungsinteressen umfassen die Sicherheit eingebetteter Systeme, die Sicherheit unternehmenskritischer Echtzeitsoftware und sichere Raumfahrt- und Automobilsysteme. Er leitet die Gruppe für eingebettete Sicherheit am CISPA, die neue Methoden zum Schutz eingebetteter Systeme gegen verschiedene Arten von Angriffen auf Hardware und Firmware entwickelt und umsetzt.

CV: Letzte Stationen

Seit 2022
Tenure-Track Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit
2019 – 2021
Postdoctoral Student an der Ruhr Universität Bochum
2017 – 2018
PhD Student an der Eindhoven University of Technology

Veröffentlichungen von Ali Abbasi

Jahr 2024

Jahr 2023

Konferenz / Medium

IEEE Symposium on Security and Privacy (S&P)

Jahr 2022

Konferenz / Medium

Usenix Security Symposium (USENIX-Security)

Konferenz / Medium

Eurosys Conference (EuroSys)

Lehre von Ali Abbasi

Summer 2023/24

Systems Security

About the course

In this course, important theoretical and practical aspects from the area of systems security are presented and discussed. The focus is on various aspects of software security and different attack and defense techniques are presented. More specifically, important attack methods (e.g., buffer overflows, race conditions, use-after-free, heap overflows, etc.) as well as defense strategies (e.g., non-executable memory, Address Space Layout Randomization, memory tagging, etc.) are discussed. Other topics of the lecture are fuzzing, symbolic execution, reverse engineering, obfuscation, and similar aspects of systems security. 

At the end of the course, students should be able to analyze security aspects of various types of software systems, detect vulnerabilities in the design and implementation, and independently develop security mechanisms. In addition, other aspects from the area of systems security, such as fuzzing and security aspects of operating systems, will be discussed. An important part of the course are exercises, which illustrate and deepen the material with practical examples.

Summer 2022/23

Reverse Engineering and Exploit Development for Embedded Systems

From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. As a result, the security of embedded systems is crucial to us.

Therefore, in this course, we will work toward understanding the fundamentals of developing software/hardware exploits against embedded systems. In this course. We will cover topics such as firmware extraction, modification, and different hardware serial protocols. We also cover topics such as exploit development for ARM-based embedded devices and write exploits for vulnerabilities such as uninitialized stack variables, off-by-one bugs, Use-after-free, and utilize techniques such as ROP, Signal-oriented programming, to attack embedded systems. We also attack micro-controllers and try to extract secrets from them by utilizing reverse-engineering techniques. Finally, we perform fuzz-testing on embedded firmware via re-hosting.

Summer 2022/23

Hardware Security

Secure software needs a reliable and truthworthy hardware. As a result, a secure hardware is crucial to build secure system.
This seminar covers research papers addressing various topics in hardware security. This includes topics such as hardware trojans, hardware side-channel, security hardware extensions, external memory security, security of hardware-based secure envlaves, hardware testing and hardware watermarking and counterfeit detection.
 
Winter 2021/22

Seminar Embedded Systems Security

From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. As a result, the security of embedded systems is crucial to us.

This seminar covers research papers addressing various topics in embedded systems security. This includes topics such as instruction profiling (template attack), fault injection and side-channel attacks, firmware static and dynamic analysis, intrusion detection in embedded systems, automotive/space systems security, and fuzzing embedded systems.