DEMISEC Project Officially Started

1 September 2021

The project DEMISEC: Detection of Malicious Implants in Source Code has officially started. The project will investigate techniques for automatic vetting of open source repositories, in particular for detecting implants of malicious code in source code. We have two open positions related to the project, apply now!

Reuse of software components is a fundamental building block of software engineering. Today’s developers can quickly realize complex projects by wiring together components and libraries, choosing from a vast range of open source code. On the one hand, this eliminates repetition and therefore opportunities to accidentally introduce vulnerabilities, e.g., by relying verified and verifiable implementations of crypto libraries. On the other hand, it creates a potentially long software supply chain of transitive dependencies, where each element has to be trusted. Malicious code implanted at any point in the supply chain can propagate into critical systems. Already there have been several cases of open source developers having their credentials stolen to upload malicious code into popular libraries. With open source repositories effectively becoming critical infrastructure, we need reliable methods to verify and validate source code.

Aktuelles

Our Group is Moving to LMU Munich!

Beginning April 2023, our group moves to LMU Munich to form the Chair of Programming Languages and Artificial Intelligence.

Paper accepted at IEEE S&P 2023

Our paper "XFL: Naming Functions in Binaries with Extreme Multi-label Learning" will appear at IEEE S&P 2023 (Oakland) in San Francisco.

Welcome Sebastian!

Sebastian Jänich joined the lab as a new PhD student on the ForDaySec project. Sebastian will be developing methods for identifying and patching vulnerabilities in the firmware of devices in the Internet of Things. Welcome Sebastian!

ForDaySec Project Started

The ForDaySec research network on secure everyday digitization has officially launched. Apply now as a PhD student or Postdoc to contribute in the area of firmware analysis and patching.

Paper accepted at IEEE S&P 2022

Our paper "Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks" will appear at IEEE S&P 2022 in San Francisco.

Welcome Matías!

Matías Federico Gobbi has joined the PATCH lab as a new PhD student. Matías's work will focus on static analysis for detecting suspicious modifications of source code.