Proseminar: Software Vulnerabilities and their Detection

This proseminar will be given in German.

Software vulnerabilities have an increasingly high impact impact on various areas of our every-day life. Prominent examples like Heartbleed, Log4Shell or the latest vulnerabilities in OpenSSL 3.0 highlight how large parts of our online infrastructure can be impaired, sometimes over long periods of time. Such problems not only arise because of software bugs, but also as a result of intentional manipulation of code (e.g. Dependency Activism) or malicious attacks on software supply chains.

Researchers worldwide are continuously developing new ways to analyze, detect and patch such vulnerabilities and exploits. This is often done using methods related to static program analysis, as well as formal verification. Furthermore, empirical studies of the impact of past vulnerabilities are also conducted in order to derive mitigations for future incidents.

Throughout the course of this seminar, we will first investigate different categories of vulnerabilities and learn about their potential impact. We do so using the latest scientific literature, as well as blog posts and reports on the topic. Afterwards, we move on to discuss formal techniques for detecting and patching vulnerabilities in software, where we compare advantages and disadvantages based on the literature available.

The proseminar will be held in the form of a "discussion seminar". All seminar participants meet every two weeks for a session in which, after a short introduction, a specific topic is freely discussed. For each session, corresponding papers have to be worked through, which are announced in advance. For each paper, a seminar participant prepares a short presentation (~10 min), which is presented to the seminar at the beginning of the corresponding session. The final grade for the proseminar evaluates the quality of the discussion contributions, the short presentation as well as a short written paper, which has to be prepared at the end of the seminar.