These decisions were made during a two-day board retreat. The entire board thanks Professor Pohl for his longstanding commitment and leadership at paluno. At the same time, the new directorate is wished much success  for the continued success of the institute.

About paluno

paluno - the Ruhr Institute for Software Technology is one of the largest research institutes for software engineering in Germany. With 12 professors and over 100 researchers, paluno conducts excellent applied and fundamental research. paluno investigates and tests principles, methods, and tools for the development of software-based technologies. As significant drivers of digitalization, these technologies are changing our world - the way we work, learn, conduct business, produce, communicate, and travel. The researchers at paluno are committed to ensuring that digitalization succeeds with software-based systems and that the new technologies serve people, are user-friendly, and secure..

RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
Tobias Cloosters, David Paaßen, Jianqiang Wang, Oussama Draissi, Patrick Jauernig, Emmanuel Stapf, Lucas Davi, Ahmad-Reza Sadeghi

ClepsydraCache – Preventing Cache Attacks with Time-Based Evictions
Jan Philipp Thoma, Christian Niesler, Dominic Funke, Gregor Leander, Pierre Mayr, Nils Pohl, Lucas Davi, Tim Güneysu

This research was conducted together with the Paluno Software Systems Engineering group, led by Prof. Klaus Pohl and Prof. Ghassan Karame, at the Chair for Information Security at Ruhr-University Bochum.

Jens-Rene Giesen presented this work at the ACM CCS conference in November 2023.

One technique to determine the integrity of another device is "remote attestation". Remote attestation techniques allow one device to verify the state of another device. The Working Group for Systems Security at the University of Duisburg-Essen, together with researchers at the Technical University of Darmstadt, within the DFG Collaborative Research Center CROSSING developed a method for users to attest smart speakers called "SCAtt-man". Using their smartphones, users determine if the software of smart speakers is unchanged or if viruses or other malware have been installed. In a user study, the prototype was found to have high usability. In addition, the users indicated that this process increases their confidence in smart speakers and that they would use it if this process were integrated into their smart speakers.

This project will be presented at the ACM Conference on Data and Application Security and Privacy (CODASPY) in Charlotte, NC in the United States in April.

Tobias Cloosters presented RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64. This work analyzes the constraint gadget space for return-oriented programming on RISC-V and ARM64 and presents a tool to generate ROP chains from the limited and complex gadget space.

However, smart contracts became an appealing attack target. The programs are permanently online. As soon as a vulnerability is discovered somewhere in the code, it can easily be exploited. In recent times, there have been several thefts of cryptocurrency, because smart contracts had security vulnerabilities that were not closed quickly enough. 

With the funds from the ERC Grant, we plan to develop the first solution for the protection of smart contracts that covers all development and deployment phases of a blockchain. A key element will be the first compiler for smart contracts that detects and automatically fixes programming errors already in the development phase. Attacks on ongoing transactions will be detected by means of a new monitoring tool and averted before they cause major damage. In addition, to assess the security of existing contracts and better understand the reasons for cyberattacks, we will develop novel forensic analysis techniques. 

ERC Starting Grants are funding instruments of the European Research Council (ERC), which are intended to support young scientists in making the career leap to independent top researchers. At the time of application, a maximum of seven years may have elapsed since the award of the doctoral degree. The sole evaluation criterion is the scientific excellence of the researcher and the proposed project. Further information: https://erc.europa.eu/funding/starting-grants

However, it is quite common that enclave software suffers from vulnerabilities. Already in 2020, our team discovered and published several vulnerabilities of SGX enclaves (Article: Danger to sensitive Data). Now, together with partners form the Cluster of Excellence CASA, we achieved another breakthrough in the analysis technique: our latest development enables fuzz testing of enclaves, which is much more effective than the previously used symbolic execution technique. The idea behind fuzz testing is to feed a large number of inputs into a program in order to gain insights into the structure of the code. “As enclaves are meant to be non-introspectable, fuzzing cannot easily be applied to them,” as Tobias Clooster (research assistant and PhD student in our group) explains the challenge. “Moreover, fuzzing requires nested data structures, which we dynamically reconstruct from the enclave code.” His research partner Johannes Willbold from the research college SecHuman from the Ruhr-Universität Bochum adds: “This way, the shielded regions can be analyzed without accessing the source code.”

Thanks to modern fuzzing technology, we were able to detect many previously unknown security problems. All tested fingerprint drivers as well as wallets for storing cryptocurrency were affected. Hackers could exploit these vulnerabilities to read biometric data or steal the entire balance of the stored cryptocurrency. All companies were informed; the SKALE Network even showed its appreciation with a “bug bounty” of their cryptocurrency. Three vulnerabilities have been added to the publicly available CVE directory**.

Weitere Infos

CVE stands for Common Vulnerabilities and Exposures and lists major, publicly known vulnerabilities. The vulnerabilities referenced have the CVE entriesCVE-2021-3675 (Synaptics Fingerprint Driver), CVE-2021-36218 (SKALE sgxwallet ) and CVE-2021-36219 (SKALE sgxwallet)

Publication: Cloosters, Tobias; Willbold, Johannes; Holz, Thorsten; Davi, Lucas Vincenzo: SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing. In: Proc. of 31st USENIX Security Symposium. 2022. Pre-Print: SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing

TEE project webpage: Analysis of TEE Software 

DFG Cluster of Excellence CASA: CASA Homepage

CROSSING is interdisciplinary in nature: More than 65 researchers from the fields of cryptography, system security, quantum physics, information theory, number theory, high-performance computing, and software engineering work together. In CROSSING, TU Darmstadt cooperates with Universität Duisburg-Essen, Universität Paderborn, Universität Regensburg, and the Fraunhofer-Institut for Secure Information Technology (SIT) in Darmstadt.

More on CROSSING can be found here: Research of the CRC CROSSING