Dipl.-Inform. Raphael Ernst

Researcher at Fraunhofer FKIE

Contact
Phone: +49 228 50212-562
Fax: +49 228 73-4571
Email: ernst@REMOVETHISPART.informatik.uni-bonn.de
Public key: 0x6C2DF2C5
   
Address
  Institute of Computer Science 4
Friedrich-Ebert-Allee 144
53113 Bonn
Germany
Room: Zanderstr. 5, 2.25
 

Publications

Publication overview

 


Open Topics for Seminars, Labs, Bachelor Project Groups

-- Extending the Malware Analysis and Storage System (MASS) (BaPG, Lab) --

The Malware Analysis and Storage System provides a distributed and scalable architecture to analyze malware samples. The MASS server contains a database of all submitted malware samples and all the gathered analysis data. Analysis systems are connected to the MASS server and automatically receive new samples in order to execute an analysis. Researchers can obtain the analysis results via the MASS web interface or the REST API.

The project goal is to create a flexible and reusable platform for malware analysis which empowers collaboration between malware researchers. MASS is free and open source software licensed under the terms of the MIT license.

Open topics are listed on the MASS homepage. Feel free to suggest your own ideas.

Open for

Bachelor Project Groups and Master Labs

-- Firmware Crawler (BaPG) --

Does your webcam have the newest firmware? Should you update your router? Android, Windows, and most Linux distributions come with automatic updates and/or centralized management tools for the installed software. Some IoT devices bring auto update features or can notify the users about updates. Most don't.

This project should evaluate and implement a tool to crawler a vendor page and list all available firmware version with version number, release date, and supported devices.

Open for

Bachelor Project Groups

-- Data Analysis on Public Forums (BaPG) --

Recent and past data leaks have been released on public channels like 4chan and pastebin. Projects in this area should evaluate ways to analyze the published data, develop tools making these forums easily accessible (e.g., develop a library to access forum contents like postings and profile with Java/C/C++/Python/...), or add new functions to the existing code base.

Open Project: Extend the existing code base such that leaks (e.g., mail addresses with passwords, database dumps) is highlighted.

Open for

Bachelor Project Grous

-- Analyzing a House Alarm System (BaPG) --

Would you run a cloud-based alarm system? This project will analyze a commercial cloud-based alarm system.

Try to answer the following questions:

  • Become a burglar! How can you disable the alarm system?
  • How does the alarm system communicate with its sensors? Is it WLAN based? Which protocols are used? Can you simulate a sensor? Implement it! Can you interpret the sensor messages? Implement a status program (e.g., show the sensor status in a web app)
  • Analyze the communication of the alarm system with your smartphone. Does your system talk directly to your smartphone or is it "cloud based"? Who is operating the servers?
  • Is the communication encrypted (e.g., with SSL)? Can you Man-in-the-Middle? Can you break the encryption?
  • What is running on the alarm system core component? Can you hack it?

Open for

Bachelor Project Grous

-- Malware Metastudy (Seminar) --

Mathematics have a long science tradition with high standards when research is reviewed. These review standards guarantee a high confidence in published results and allow other research „to stand on the shoulders of giants“. Although, computer science started as a close relative to mathematics with its high standards and common tools, it deviated, expanded, and changed a lot. Therefore, the computer science's community follow own rules and habits. Especially practial fields like „Network Research“ and „Malware Analysis“ have a strong engineering influence and follow less formal approaches. Kurkowski et al. published a paper discussing the credibility of recent MANET simulation studies [1]. They found common flaws in most papers rendering the results doubtful as they are not reproducible. Rossow et al. [2] showed a similar problem for malware experiments. Assuming that mathematicians allow their fellow researchers „to stand on the shoulders of giants“. What do computer scientists do? Do we stay on feets of clay?

The malware analysis community publishes on serveral conference. These conference are the
exchange places and must guarantee the quality of published work such that fellow researchers can
trust their results.

  • Analyze which conferences are important in the field of malware research. How do they guarantee the published paper quality? Which are top conferences? How are they ranked?
  • Discuss in your report general requirements for scientific work and dicuss how these requirements should be applied to malware research. Pick some papers from conferences and check the soundness of the results. Do you observe shortcomings in recent malware research papers?

The seminar must focus on the paper quality of malware research publications and criteria to assess the quality. Conference rankings should not become the most important part. The seminar topic is widespread and allows you to work in groups or alone.

References

  • [1] S. Kurkowski, T. Camp, M. Colagrosso: ''MANET simulation studies: the incredibles'', ACM SIGMOBILE Mobile Computing and Communications Review, Volume 9 Issue 4, October 2005
  • [2] C. Rossow et al.: ''Prudent Practices for Designing Malware Experiments: Status Quo and Outlook'', Proc. of IEEE Symposium on Security and Privacy (SP), 2012

Open for

Seminars