|
Einrichtungen >> Technische Fakultät (TF) >> Department Informatik (INF) >> Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) >>
|
Finding Vulnerabilities Using Binary-Diffing
- Art der Arbeit:
- Studien-/Bachelor-/Diplom-/Masterarbeit
- Betreuer:
- Busch, Marcel
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) E-Mail: marcel.busch@fau.de
- Beschreibung der Arbeit:
- In this thesis we would like to build tools to find real-world vulnerabilities by using binary-diffing [1]. As on Windows, where a 'Patch Tuesday' is often followed by an 'Exploit Wednesday', vendors of the software stack present in trusted execution environments, which is widely used in mobile devices, lag behind with their distribution of updates.
First, we would like to detect patches of vulnerabilities in succeeding versions of binaries and, second, we would like to detect vulnerabilities within prior versions based on observed patches in current binaries in this thesis‘ context.
We will focus on 'trustlets' or 'trusted applications' running in so called 'trusted execution environments'. Trustlets are basically userland applications running on a special operating system that offers security-critical services to the rest of the platform. Since the most interesting trustlets today run on mobile devices [2], the target architecture for the binaries in our scope is ARM (AArch32 and/or AArch64).
1
2
- Vorausgesetzte Vorlesungen bzw. Kenntnisse:
- Some exposure to assembly would be beneficial.
- Schlagwörter:
- Reverse Engineering
- Bearbeitungszustand:
Die Arbeit ist bereits vergeben. |
|
|
|
|
UnivIS ist ein Produkt der Config eG, Buckenhof |
|
|