Research & Current Projects

The goal of DEMISEC is to develop techniques for automatic vetting of open source repositories, in particular for detecting implants of malicious code in source code. We will use a mix of static and dynamic techniques to achieve this goal: fuzzing or symbolic execution for differential testing of program versions, and modeling of implant code to detect dangerous patterns in code repositories using static analysis. more

The ForDaySec research network employs an interdisciplinary approach towards protecting everyday digitization. Our subproject aims to reliably close vulnerabilities in firmware even without manufacturer support. Based on published vulnerabilities in certain versions of open source packages, patterns are to be generated so that they can then be found directly in a firmware binary. A tailor-made patch should then be created for these vulnerabilities and applied directly to the binary file in a minimally invasive manner. more

This project focuses on defining new types of semantics for speculative execution and related micro-architectural features, built on insights from formal methods for concurrency and weak memory models. We develop a new framework based on bounded model checking to validate attacks and defenses with respect to speculative semantics. more

This project aims at gaining fundamental insights into representing high-level semantics of binary code in a way resembling human understanding of programs. Resulting models can be used to reconstruct source-level information in binaries and to find code that performs similar tasks on an abstract level. more