Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)
Dr. Ali Abbasi ist Tenure-Track Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit in Saarbrücken. Er war Post-Doc am Lehrstuhl für Systemsicherheit der Ruhr-Universität Bochum und erwarb seinen Doktortitel an der Technischen Universität Eindhoven. Seine Forschungsinteressen umfassen die Sicherheit eingebetteter Systeme, die Sicherheit unternehmenskritischer Echtzeitsoftware und sichere Raumfahrt- und Automobilsysteme. Er leitet die Gruppe für eingebettete Sicherheit am CISPA, die neue Methoden zum Schutz eingebetteter Systeme gegen verschiedene Arten von Angriffen auf Hardware und Firmware entwickelt und umsetzt.
UNSPECIFIED
IEEE Symposium on Security and PrivacyIEEE Symposium on Security and Privacy
USENIX-Security
USENIX Security SymposiumUSENIX Security Symposium (USENIX Security), 2022.
USENIX-Security
USENIX Association31st USENIX Security Symposium (USENIX Security 22)
EuroSys
EuroSys 2022EuroSys 2022
Reverse Engineering and Exploit Development for Embedded Systems
From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. As a result, the security of embedded systems is crucial to us.
Therefore, in this course, we will work toward understanding the fundamentals of developing software/hardware exploits against embedded systems. In this course. We will cover topics such as firmware extraction, modification, and different hardware serial protocols. We also cover topics such as exploit development for ARM-based embedded devices and write exploits for vulnerabilities such as uninitialized stack variables, off-by-one bugs, Use-after-free, and utilize techniques such as ROP, Signal-oriented programming, to attack embedded systems. We also attack micro-controllers and try to extract secrets from them by utilizing reverse-engineering techniques. Finally, we perform fuzz-testing on embedded firmware via re-hosting.
Do not register directly, before contacting us (abbasi@cispa.de). While we do not have a formal registration requirement, it is absolutely essential that you only apply for this course when you already passed the system security course, or have a very strong background in system security. There is a high probability that you fail the course if you do not have such a background. It is not worth it, do not try.
The lecture will take place in two weeks from 28 August to 1st September and 4th to 8th September. There will be lectures in the morning followed by practical exercises in the afternoon. The exam will be the week after on 13th September.
To pass the course, you must score at least 50% on the final oral exam. In the final exam, you can reach 100 points, so you need to achieve at least 50 points in the final exam to pass the course. To be admitted to the exam, you must achieve at least 50% of the points from the exercises.
You will typically have the task of exploiting a vulnerable program to extract a secret flag.
At the end of the semester, there will be an oral exam for a duration of 30 minutes. All questions of the exam are in English.
Register for the course here in the CISPA CMS pending prior communication.
Hardware Security
The seminar is structured into three parts:
You will be assigned a topic (related to your assigned paper) for which you will read and summarize the current research in a survey paper. (6 pages). The resulting survey papers will undergo a peer review process similar to academic conferences.
Each participant will read up a paper and give an overview presentation about it. Other individuals should also read the paper and prepare research questions about the paper and a one page description of the paper. Students then will discuss limitations and open issues given the previously conducted work.
Each participant will read two survey paper and write a review about it. The reviewer then decides if the paper should get accepted or rejected.