Fabian Franzen’s research while affiliated with Technical University of Munich and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (8)


RandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its Analysis
  • Conference Paper

December 2023

·

10 Reads

Fabian Franzen

·

Andreas Chris Wilhelmer

·





Mehr schlecht als Recht: Grauzone Sicherheitsforschung: Reverse Engineering vor Gericht
  • Article
  • Publisher preview available

August 2020

·

202 Reads

·

1 Citation

Datenschutz und Datensicherheit - DuD

Zusammenfassung Eine etablierte Methode der Sicherheitsforschung zur Feststellung von Schwachstellen in Software ist Reverse Engineering. Verstößt eine solche Analyse von Programmen gegen das Urheberrecht? Mehrere deutsche Forscherteams erhielten nach der Veröffentlichung von gefundenen Schwachstellen Unterlassungserklärungen sowie Anträge auf einstweilige Verfügung von einem Anbieter von Sicherheitssoftware.

View access options


Kernel-Assisted Debugging of Linux Applications

November 2018

·

182 Reads

·

5 Citations

On Linux, most---if not all---debuggers use ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a strict one-to-many relation meaning that while each tracer can trace many tracees, each tracee can only be controlled by at most one tracer. Simultaneously, the complex API and signal-based communications provide opportunities for erroneous usage. Previous works have identified the newer uprobes tracing API as a candidate for building a replacement for ptrace, but ultimately rejected it due to lack of practical use and documentation. Building upon uprobes, we introduce plutonium-dbg, a Linux kernel module providing debugging facilities independent of the limitations of ptrace alongside a GDB-compatible interface. Our approach aims to mitigate some of the design flaws of ptrace that make it both hard to use and easy to detect by malicious software. We show how plutonium-dbg's design and implementation remove many of the most frequently named issues with ptrace, and that our method improves on traditional ptrace-based debuggers (GDB and LLDB) when evaluated on software samples that attempt to detect the presence of a debugger.


Hardware-accelerated data acquisition and authentication for high-speed video streams on future heterogeneous automotive processing platforms

November 2018

·

69 Reads

·

2 Citations

With the increasing use of Ethernet-based communication backbones in safety-critical real-time domains, both efficient and predictable interfacing and cryptographically secure authentication of high-speed data streams are becoming very important. Although the increasing data rates of in-vehicle networks allow the integration of more demanding (e.g., camera-based) applications, processing speeds and, in particular, memory bandwidths are no longer scaling accordingly. The need for authentication, on the other hand, stems from the ongoing convergence of traditionally separated functional domains and the extended connectivity both in- (e.g., smart-phones) and outside (e.g., telemetry, cloud-based services and vehicle-to-X technologies) current vehicles. The inclusion of cryptographic measures thus requires careful interface design to meet throughput, latency, safety, security and power constraints given by the particular application domain. Over the last decades, this has forced system designers to not only optimize their software stacks accordingly, but also incrementally move interface functionalities from software to hardware. This paper discusses existing and emerging methods for dealing with high-speed data streams ranging from software-only via mixed-hardware/software approaches to fully hardware-based solutions. In particular, we introduce two approaches to acquire and authenticate GigE Vision Video Streams at full line rate of Gigabit Ethernet on Programmable SoCs suitable for future heterogeneous automotive processing platforms.

Citations (6)


... На практике возможности этого подхода продемонстрированы только для небольшого количества параметров. Подход Katana [14] предлагает использовать для определения нужных для интроспекции смещений taint анализ. Прежде всего, на основе исходного кода ОС Linux строится база данных с информацией о функциях, выполняющих к полям операции доступа. ...

Reference:

Declarative Approach to Virtual Machine Introspection
Katana: Robust, Automated, Binary-Only Forensic Analysis of Linux Memory Snapshots
  • Citing Conference Paper
  • October 2022

... Among the disadvantages of these solutions, one can single out the need to purchase certain solutions, or the need to adapt the 1C:ERP UP 2 server to the requirements of 1C:Link, 1C-Connect. An alternative approach to implementing remote access without purchasing additional licences is the process of connecting to a remote server via an IPv4/IPv6 address, or using Remote Desktop Protocol (RDP) in remote application mode [4][5]. As can see from Fig. 1, the process of connecting to the 1C server via the RDP App works through the application layer (7) of the TCP/IP protocol using a self-signed server certificate. ...

Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet
  • Citing Conference Paper
  • June 2022

... Being a vital short-range wireless communication technology, Bluetooth has been used by numerous devices for various applications (e.g., earbuds, wearables, and sensors) [12]. Unfortunately, the past several years have also witnessed numerous security flaws, from implementation (e.g., leaking UUIDs [61], or misconfigurations [54]) to specification (e.g., BAIS attacks [5] and Method confusion attacks [53]) that have rendered billions of Bluetooth devices vulnerable to intruders [51]. While luckily these flaws have been discovered, most of them were identified with manual efforts. ...

Method Confusion Attack on Bluetooth Pairing
  • Citing Conference Paper
  • May 2021

... At the kernel space level, the cryptographic file system can be implemented as a middleware layer to encrypt individual files or directories using file system filter driver technology in the Windows kernel [1,4,6,7] and Unix-like stackable file system [8,9]. Furthermore, a cryptographic file system can be implemented as a low-level file system layer, operating under the real file system, either as a block device layer attached to the storage disk itself [10] or a virtual disk driver [11] providing encryption for all single-or multiple-disk partitions. ...

FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption
  • Citing Conference Paper
  • March 2020

... This means that the tracer can inspect and control the execution and memory of the tracee. While this method is typically used by debuggers [51], it is also rarely used to implement deception strategies [8], although, this then needs to be coded at the machine code level, since that is the interface provided by ptrace. ...

Kernel-Assisted Debugging of Linux Applications
  • Citing Conference Paper
  • November 2018

... There is now a rapid growth in the number of applications that involve some image or video processing within a control loop [24]. In other words, one or more sensors in such applications are video cameras or radar sensors, and they are referred to as visual servoing systems [25]. ...

Hardware-accelerated data acquisition and authentication for high-speed video streams on future heterogeneous automotive processing platforms
  • Citing Conference Paper
  • November 2018