Send email Copy Email Address
Faculty

Ali Abbasi

Research Group
Cyber-Physical System Security Embedded Security Fuzzing Secure Connected and Mobile Systems Detecting and Preventing Software Issues Software Analysis and Testing Side Channels System Security

Email

Phone

Address

Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Further Information

Short Bio

Dr. Ali Abbasi is a tenure-track faculty at CISPA Helmholtz Center for Information Security. Previously, he was a Post-Doc researcher at the Chair of System Security at Ruhr-University Bochum and did his Ph.D. at the Eindhoven University of Technology. His research interests include embedded systems security, security of mission-critical real-time software, and secure space and automotive systems. He lead the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware.

CV: Last stations

Since 2022
Tenure-Track Faculty at CISPA Helmholtz Center for Information Security
2021 – 2022
Senior CarIT Security Architect at Mercedes-Benz AG
2019 – 2021
Postdoctoral Student at Ruhr University Bochum
2017 – 2018
PhD Student at Eindhoven University of Technology

Publications by Ali Abbasi

Year 2023

2023-05-22

Space Odyssey: An Experimental Software Security Analysis of Satellites

Conference / Medium

UNSPECIFIED
IEEE Symposium on Security and PrivacyIEEE Symposium on Security and Privacy

Tags
Reliable Security Guarantees
Authors
Download Visit Detail Page

Year 2022

2022-08-10

Loki: Hardening Code Obfuscation Against Automated Attacks

Conference / Medium

USENIX-Security
USENIX Security SymposiumUSENIX Security Symposium (USENIX Security), 2022.

Tags
Reliable Security Guarantees
Authors
Download Visit Detail Page
2022-08

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing

Conference / Medium

USENIX-Security
USENIX Association31st USENIX Security Symposium (USENIX Security 22)

Tags
Reliable Security Guarantees
Authors
Download Visit Detail Page
2022-04-06

Nyx-Net: Network Fuzzing with Incremental Snapshots

Conference / Medium

EuroSys
EuroSys 2022EuroSys 2022

Tags
Reliable Security Guarantees
Authors
Download Visit Detail Page

Teaching by Ali Abbasi

Summer 2022/23

Reverse Engineering and Exploit Development for Embedded Systems

From critical infrastructure to consumer electronics, embedded systems are all around us and underpin the technological fabric of everyday life. As a result, the security of embedded systems is crucial to us.

Therefore, in this course, we will work toward understanding the fundamentals of developing software/hardware exploits against embedded systems. In this course. We will cover topics such as firmware extraction, modification, and different hardware serial protocols. We also cover topics such as exploit development for ARM-based embedded devices and write exploits for vulnerabilities such as uninitialized stack variables, off-by-one bugs, Use-after-free, and utilize techniques such as ROP, Signal-oriented programming, to attack embedded systems. We also attack micro-controllers and try to extract secrets from them by utilizing reverse-engineering techniques. Finally, we perform fuzz-testing on embedded firmware via re-hosting.

 

 

Prerequisites

Do not register directly, before contacting us (abbasi@cispa.de). While we do not have a formal registration requirement, it is absolutely essential that you only apply for this course when you already passed the system security course, or have a very strong background in system security. There is a high probability that you fail the course if you do not have such a background. It is not worth it, do not try.

  • You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
  • You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
  • You should be familiar with Linux.

Time and Location and structure

The lecture will take place in two weeks from 28 August to 1st September and 4th to 8th September. There will be lectures in the morning followed by practical exercises in the afternoon. The exam will be the week after on 13th September.

Grading

To pass the course, you must score at least 50% on the final oral exam. In the final exam, you can reach 100 points, so you need to achieve at least 50 points in the final exam to pass the course. To be admitted to the exam, you must achieve at least 50% of the points from the exercises.

You will typically have the task of exploiting a vulnerable program to extract a secret flag.

 

  • Strict no cheating policy
    You may discuss the assignments with other students, but you are not allowed to collaborate with others on the solution. Your solution should be original and not an existing solution (e.g., from someone else or from the internet). All submissions will be automatically checked for plagiarism, as we have a strict no-cheating policy. If we find a case of plagiarism, we will assign zero points. If you ever get stuck, you can ask questions in the forum or participate in the exercise lessons. We invite you to help fellow students who have asked questions but avoid giving away the solution. Nobody likes spoilers :)

 

 

Oral Exam

At the end of the semester, there will be an oral exam for a duration of 30 minutes. All questions of the exam are in English.

Registration

Register for the course here in the CISPA CMS pending prior communication.

Summer 2022/23

Hardware Security

Secure software needs a reliable and truthworthy hardware. As a result, a secure hardware is crucial to build secure system.
This seminar covers research papers addressing various topics in hardware security. This includes topics such as hardware trojans, hardware side-channel, security hardware extensions, external memory security, security of hardware-based secure envlaves, hardware testing and hardware watermarking and counterfeit detection.

 

Organisation

The seminar is structured into three parts:

  • You will write a short survey paper on the main topic of your assigned papers category.
  • You present a paper or group of papers of a specific topic on hardware security individually. Others will prepare questions about the topic.
  • You review two survey paper of others and raise questions about them.
  • You improve your original survey results based on the feedback from the reviewers.

 

Survey

You will be assigned a topic (related to your assigned paper) for which you will read and summarize the current research in a survey paper. (6 pages).  The resulting survey papers will undergo a peer review process similar to academic conferences.

 

Presentation

Each participant will read up a paper and give an overview presentation about it. Other individuals should also read the paper and prepare research questions about the paper and a one page description of the paper. Students then will discuss limitations and open issues given the previously conducted work.

 

 

Review

Each participant will read two survey paper and write a review about it. The reviewer then decides if the paper should get accepted or rejected.

 

Important Dates

  • Kick off meeting and paper assignments: TBA
  • Submission of survey paper: TBA
  • Submission of reviews: TBA
  • PC Meeting: TBA
  • Final Submission (in case your survey paper get a shepherd)

 

 

Deliverables

  • Final survey paper (40 % of your final grade)
  • Reviews (20 % of your final grade)
  • Presentation (40 % of your final grade)