Research

Working in computer security is working at the limits of computer science. Blackhats, unlike ordinary users, are constantly and actively seeking to undermine the assumptions that we make when we design or deploy systems, and are actively trying to provoke bugs. I am fascinated by the possibilities of experimental incident analysis, because it seems to be one way of analyzing and predicting the behaviour of complex systems of programs. I have recently also started to work on statistical software vulnerability analysis and prediction.

Experimental incident analysis is still a new field. The basic assumption is that software systems today are now so complex that their behaviour cannot be analyzed or predicted from first principles any more. Instead we use experimental techniques borrowed from the natural sciences in order to find out causes of break-ins. These experiments are not designed, carried out or evaluated manually (as would be common practice today), but rather automatically. The ongoing work on this topic is a project called Malfor.

Statistical software vulnerability analysis and prediction is the art of looking at version archives to analyze software for vulnerabilities and to predict which components are likely to have more (as yet undetected) vulnerabilities. The project name for this work is Vulture; it has resulted in one paper that was published at USENIX '09 and anoth paper that was presented at ACM CCS 2007. Vulture's main result is that it is possible to predict which source files will have unknown vulnerabilities. For Mozilla, we predicted in January 2007 that ten specific source files (out of 10,000) will have vulnerabilities. Out of these ten source files, five had to be fixed within the next six months due to security vulnerabilities.

Teaching

Saarbrücken

Summer 2007: I have given two C and C++ lectures in the Programming 2 course, which were very well received.
Winter 2006/2007: I have developed and given a Proseminar on “Seminal Papers in Practical Computer Security”. The evaluation was excellent. Our proseminars have as their main goal to teach students how to give compelling presentations. This is in contrast to ordinary proseminars where the objective is to acquaint students with important papers and where the student learns presentation skills by osmosis (if at all).
Winter 2006/2007: I'm helping with the Software Design Lab (with Christian Lindig and Valentin Dallmeier).
Winter 2005/2006: Proseminar on open source programming tools (with Andreas Zeller).
Winter 2005/2006: I'm helping with the Software Engineering Lecture (with Valentin Dallmeier and Andreas Zeller).
Summer 2005: Prof. Zeller is on sabbatical.
Winter 2004/2005: I helped organize the Software Design Lab (with Christian Lindig and Valentin Dallmeier).
Summer 2004: I designed and implemented a lecture on the Design of Secure Software Systems. This lecture was a mix of practical advice and theory. Students learned to see software systems through an attacker's eyes, and also learned how to design systems so that they have certain desirable security properties right form the start. The course was evaluated a huge success: there were forty students in the first lecture and 39 took the final exam. 76% of the students rated the course “1” on a scale of 1 (excellent) to 5 (bad). An additional 18% rated the course “2”. On the same scale, the organization of the lectures was rated 1.4 on the average, and the presentations were ranked 1.35. Student comments include “Was the best lecture I ever had. And the best lecturer I ever listened to.” and “Instructor is great, give many practically helpful and useful info. ...Very enthusiastic manner of giving the info. Lecturer has an aim to present material clear for everybody taking the course.”
Winter 2003/2004: I coordinated the Software Design Lab. (with Andreas Zeller)
Summer 2003: Course on C++ for those people needing an introduction to procedural programming as a prerequisite for the Software Design
Summer 2003: Some selected lectures from “Introduction to Software Engineering” concerning object-oriented programming.

International University in Bruchsal

IT102: Algorithms and Data Structures
IT257: Principles of Operating Systems
IT193: Software Engineering

Publications

Notice: Some of the links below might not work; I'm still uploading the relevant documents.

Predicting Vulnerable Software Components (PDF). Presented at ACM CCS 2007.
Isolating Cause-Effect Chains in Computer Systems (PDF). Presented at the Software Engineering Konferenz 2007 Hamburg.
Isolating Intrusions by Automatic Experiments (PDF, PS). Presented at the 13th Annual Network and Distributed System Security Symposium, 2006.
Wie man Einbrüche mit Experimenten analysiert (“How to Analyze Break-Ins with Experiments”, extended abstract, PDF). Presented at the SIDAR Graduierten-Workshop über Reaktive Sicherheit 2006. Available only in German.
Experimentelle Methoden zum Aufspüren von Einbrüchen (“Experimental Methods to Track Down Intrusions”, extended abstract, PDF). Presented at the 8th Workshop on Software Reengineering, 2006. Available only in German.
Buffer Overflows und Lösungen dazu (“Buffer overflows and solutions”, PDF, PS). A survey article written in 2003 about buffer overflows and the state of the art in combating them. Available only in German (sorry).
Statistical Properties of IDEA Session Keys in PGP (PS). This is a paper from 1993. There is also a long version of that paper here.

Presentations

Notice: Some of the links below might not work; I'm still uploading the relevant documents.

Predicting Vulnerable Software Components Presentation given at ACM CCS 2007.
Wie man Einbrüche mit Experimenten analysiert (“How to Analyze Break-Ins with Experiments”) Presented at the SIDAR Graduierten-Workshop über Reaktive Sicherheit 2006. The title is in German, but the presentation is in English. Also available as a Keynote Archive
Leibniz Must Die Rump session talk given at DIMVA 2006, in the Leibniz-Saal (sic!) of the Berlin-Brandenburgische Akademie der Wissenschaften. (Abstract available in PDF and Postscript; presentation available as a Keynote Archive)
Isolating Intrusions by Automatic Experiments. Presentation given at the 13th Annual Network and Distributed System Security Symposium.
Statistical Tests: Methods and Limitations. Presentation given at end of 2004 at an internal workshop within the chair.