A5042334814- Advanced Malware Detection Techniques
- Security and Verification in Computing
- Physical Unclonable Functions (PUFs) and Hardware Security
- Digital and Cyber Forensics
- Software Testing and Debugging Techniques
- Organ Transplantation Techniques and Outcomes
- Radiation Effects in Electronics
- Distributed systems and fault tolerance
- Cloud Data Security Solutions
- Cryptographic Implementations and Security
- Chaos-based Image/Signal Encryption
- Distributed and Parallel Computing Systems
- User Authentication and Security Systems
- Tissue Engineering and Regenerative Medicine
- Diamond and Carbon-based Materials Research
- Organ Donation and Transplantation
- Parallel Computing and Optimization Techniques
Friedrich-Alexander-Universität Erlangen-Nürnberg
2017-2021
Security and privacy-sensitive smartphone applications use trusted execution environments (TEEs) to protect sensitive operations from malicious code. By design, TEEs have privileged access the entire system but expose little no insight into their inner workings. Moreover, real-world enforce strict format protocol interactions when communicating with (TAs), which prohibits effective automated testing.TEEzz is first TEE-aware fuzzing framework capable of effectively TAs in situ on production...
As known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to powered-on device, including Android smartphones. Raw memory images be obtained by resetting device and rebooting it with malicious loader, or—on systems where this is not possible due secure or restrictive BIOS settings—by transplantation of RAM modules into system under the control attacker. Based on different key recovery algorithms have been proposed in past Full Disk...
Many security-critical services on mobile devices rely Trusted Execution Environments (TEEs). However, due to the proprietary and locked-down nature of TEEs, available information about these systems is scarce. In recent years, we have witnessed several exploits targeting all major commercially used which raises questions capabilities TEEs provide expected integrity confidentiality guarantees. this paper, evaluate exploitability by analyzing common flaws from perspective an adversary. We...
Trusted Execution Environments (TEEs) constitute a major building block for modern mobile devices' security architectures.Yet, the analysis tools available to researchers seeking examine these critical components are rudimentary compared vast range of sophisticated other execution contexts (i.e., Linux or Windows userland).We see primary reason lack is originating from closed-source nature TEEs.Specifically, Applications userland applications executed in TEE) vital importance, since they...
Software piracy in general and repackaged apps with attached malware particular pose serious threats for the Android ecosystem. In this paper, we present a cloud-compilation approach enabling sophisticated hardening of non-rooted stock Android. Our design is based on off-device ahead-of-time compilation made possible by Runtime (ART). Due to an installer-stub-based second-stage delivery, stay compatible established app store distribution processes. We argue significant gain security our...
Recent trends like edge computing move metro and core network elements from access restricted back offices to data centers where their attack surface is exposed a larger audience. These increase the need for means of monitoring these elements' peripherals in secure untampered way.
Cyber-physical systems (CPSes) have been replacing their mechanical counterparts in many safety and securitycritical applications (e.g., door locks, automobiles, critical infrastructure). However, this paradigm shift has introduced a new software-based attack vector into these historically isolated systems. Since of devices are networked, physical interfaces vulnerable to both remote local attackers. In work, we present TRUST. IO, framework that automatically, transparently, hardens against...
Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating vast space available peripherals, low availability open-source firmware. Consequently, efficient security testing MCU has proved be a resource- engineering-heavy endeavor. EmbedFuzz introduces an end-to-end framework Our novel transplantation technique converts binary...