October 5, 2017

10:00-11:00: CISPA – One of Europe’s leading research sites of IT security Dr. Sandra Strohbach, Head of Project Office at CISPA

Abstract: The public presentation offers an overview of the Center for IT security, Privacy, and Accountability - CISPA located on the Saarland Informatics Campus in Saarbrücken, Germany. Founded in 2011, CISPA has become an important address of IT security and privacy. You can learn more about the different research areas, excellent education programmes, and career opportunities. The examples of current research projects provide an insight into our daily work.

11.30-12.30: Automated Vulnerability Analysis for Modern Application Software Giancarlo Pellegrino, Ph.D., Research Group Leader at CISPA

Abstract: The complexity and pervasiveness of application software are growing rapidly. Nowadays, application software encompasses multiple devices, e.g., mobile and IoT, and web services to perform operations ranging from online shopping and managing household appliances to controlling manufacturing processes. Like any other programs, application software has vulnerabilities that, when exploited, can be used for financial fraud, stealing confidential data, and industrial espionage. Unfortunately, existing automated vulnerability analysis techniques are inadequate to tackle the complexity reached by these programs, thus leaving them exposed to attackers. My main research topic intends to stop this emerging trend and lay the foundation for the next-generation automated vulnerability analysis techniques. This talk focuses on the detection power and attack surface coverage challenges and presents two recent advances in the field. The first part of the talk presents Deemon, a tool that combines dynamic analysis and property graphs to mine Cross-Site Request Forgery, a long-neglected severe vulnerability. The second part of the talk presents jAEk, a new generation web application crawler that uses JavaScript dynamic analysis to increase the covered attack surface of web applications by 80%.

Biografie

Giancarlo Pellegrino, Ph.D., Research Group Leader at CISPA Giancarlo Pellegrino is currently a research group leader at CISPA. His main research interests include all aspects of application security especially web security and automated vulnerability analysis. He has been selected for the CISPA-Stanford Center for Cybersecurity, and he will be soon appointed to a visiting assistant professor at Stanford University. Prior to that, Giancarlo was a postdoctoral researcher at CISPA and TU Darmstadt, Germany. During his doctoral studies, Giancarlo was a member of the S3 group at EURECOM, in France, under the supervision of Prof. Davide Balzarotti. Until August 2013, he was a researcher associate in the “Security and Trust” research group at SAP SE. Contact: [email protected]

Dr. Sandra Strohbach, Head of Project Office at CISPA After her studies in translation science, Sandra Strohbach did her PhD in applied linguistics at Saarland University. At the same time, she worked as research assistant and lecturer in the department of Romanic languages. Since 2010, Sandra Strohbach has worked in the field of science management. She is an expert in the field of funding programmes and international cooperation as well as strategic development. She joined CISPA in 2017 and coordinates national and international projects, among them the CISPA-Stanford Center for Cybersecurity. Contact: [email protected]