Index
Marcel Busch
I am a PostDoc at Friedrich-Alexander-Universität Erlangen-Nürnberg working with the System Security and Software Protection research group. Currently, my research focuses on the security of mobile devices – especially trusted execution environments (TEEs) and their flaws. I am interested in binary analysis and automated vulnerability discovery.
Publications
- Marcel Busch, Florian Nicolai, Fabian Fleischer, Christsian Rückert, Christoph Safferling, and Felix Freiling. “Make Remote Forensic Investigations Forensic Again: Increasing the Evidential Value of Remote Forensic Investigations”. In: International Conference on Digital Forensics and Cyber Crime (ICDF2C 2020). 2020. Best Paper Award.
- Marcel Busch, Johannes Westphal, and Tilo Müller. “Unearthing the TrustedCore: A Critical Review on Huawei’s Trusted Execution Environment”. In: Proceedings of the 14th USENIX Workshop on Offensive Technologies (WOOT) co-located with the 29th USENIX Security Symposium (USENIX Security 2020). 2020. Best Student Paper Award.
- Fabian Fleischer, Marcel Busch, and Phillip Kuhrt. “Memory Corruption Attacks within Android TEEs: A Case Study Based on OP-TEE”. In: Proceedings of the International Workshop on Security of Mobile Applications (IWSMA) co-located with the 15th International Conference on Availability, Reliability and Security (ARES). 2020.
- Chad Spensky, Aravind Machiry, Marcel Busch, Kevin Leach, Rick Housley, Christopher Kruegel, and Giovanni Vigna. “TRUST. IO: Protecting Physical Interfaces on Cyber- physical Systems”. In: Proceedings of the 8th IEEE Conference on Communications and Network Security (IEEE CNS). 2020.
- Marcel Busch and Kalle Dirsch. “Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution”. In: Proceedings of the 3rd Workshop on Binary Analysis Research (BAR) co-located with the 27th Network and Distributed System Security Symposium (NDSS). 2020.
- Marcel Busch, Ralph Schlenk, and Hans Heckel. “TEEMo: Trusted Peripheral Monitoring for Optical Networks and Beyond”. In: Proceedings of the 4th Workshop on System Software for Trusted Execution (SysTEX) co-located with the 27th ACM Symposium on Operating Systems Principles (SOSP). 2019. Best Paper Award.
- Marcel Busch, Mykolai Protsenko, and Tilo Müller. “A Cloud-Based Compilation and Hardening Platform for Android Apps”. In: Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES). ACM, 2017.
- Markus Meyer, Helge Janicke, Peter Trapp, Christian Facchi, and Marcel Busch. “Performance Simulation of a System’s Parallelization”. In: Proceedings of the 6th International Conference on Software Engineering Advances (ICSEA). IARIA, 2011.
CTF
I regularly participate in capture-the-flag competitions with the FAU Security Team (FAUST) or Shellphish from UC Santa Barbara.
At our lab, I am the responsible for FAUST. If you are with FAU and interested in security, you should consider subscribing to our mailinglist. If you have other questions regarding the team, feel free to drop me an email.
PGP
| ID: | 804A129426B28454 |
| SHA1 Fingerprint: | CD35 4C70 B196 89FA 51F8 0617 804A 1294 26B2 8454 |
| Public Key: | ASCII-armored |
S/MIME
| Serial Number: | 7648765103955783 (0x1b2c82e6fddf47) |
| SHA1 Fingerprint: | A420 C861 100A 6F01 6650 120E 0429 1272 7BE0 2A5E |
| Issuer: | FAU-CA > DFN-Verein PCA Global – G01 > Deutsche Telekom Root CA 2 |
| Certificate: | PEM / DER / TXT |
You might also want to retrieve and verify this information directly from the DFN PKI.
Vincent Haupert
About
I am a computer security researcher in the field of mobile banking and FinTech security associated with the IT Security Infrastructures Lab. I work as a freelancer.
Prior, I was a research fellow and PhD candidate at Tilo’s System Security and Software Protection group here at the lab. My main interests are authentication, system security and software protection of mobile devices. Particularly the security of FinTechs and mobile banking is one of my major research subjects. You can find my CV here.
Feel free to follow me on Twitter: @veehaitch
Talks and Panels
- Fintech Security
(Speech / Talk)
11. October 2018, Event: Mastercard Advisory Board - Panel: Security
(Speech / Talk)
27. September 2018, Event: Banking Exchange - Panel: Zahlen Sie eigentlich schon mit Ihrem Smartphone?
(Speech / Talk)
25. September 2018, Event: Kartensicherheit 2018 - Sicherheitsanforderungen im Digital Banking
(Speech / Talk)
5. July 2018, Event: Bitkom Arbeitskreis "Sicherheit im Zahlungsverkehr" - Sicherheit beim Mobilebanking
(Speech / Talk)
12. April 2018, Event: Bankengespräch des LKA Baden-Württemberg - PSD2 Security
(Radio, Television or Podcast)
16. March 2018, In: "Payment & Banking FinTech Podcast", URL: https://paymentandbanking.com/fintech-podcast-146-psd2-security/ - Ask Me Anything
(Speech / Talk)
8. March 2018, Event: RatePAY - Panel: "Cybercrime"
(Speech / Talk)
26. January 2018, Event: Payment-Exchange 2018 - Grenzen und Perspektiven mobiler Smartphoneauthentifizierung am Beispiel digitaler Bankgeschäfte
(Speech / Talk)
22. January 2018, Event: Elster-Dialog - Die fabelhafte Welt des Mobilebankings
(Speech / Talk)
27. December 2017, Event: 34th Chaos Communication Congress (34c3): tuwat - Sicherer Zugriff auf das Bankkonto
(Speech / Talk)
6. November 2017, Event: DG Verlag Karten-Forum 2017 - Panel: Sicherheit im Zahlungsverkehr
(Speech / Talk)
14. September 2017, Event: American Express Insights Network - Auf Nummer sicher? Bezahlen und überweisen im Internet
(Radio, Television or Podcast)
13. July 2017, In: "Marktplatz", URL: https://www.deutschlandfunk.de/auf-nummer-sicher-bezahlen-und-ueberweisen-im-internet.772.de.html?dram:article_id=386203 - Sicherheit App-basierter TAN-Verfahren
(Speech / Talk)
9. March 2017, Event: Reiner SCT Bankentag - Sicherheit bei Fintechs
(Radio, Television or Podcast)
9. January 2017, In: "Payment & Banking FinTech Podcast", URL: https://paymentandbanking.com/fintech-podcast-083-sicherheit-bei-fintechs-fintechpaymentandbankingn26podcast/ - Shut Up and Take My Money! The Red Pill of N26 Security
(Speech / Talk)
27. December 2016, Event: 33rd Chaos Communication Congress (33c3): Works for me - (Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking
(Speech / Talk)
28. December 2015, Event: 32nd Chaos Communication Congress (32c3): Gated Communities
Publications
2024
- Hoffmann, J., & Haupert, V. (2024). Exklusivität der Apple Wallet: Missbrauch oder Sicherheitsgewinn? Recht der Zahlungsdienste, 1, 36-43.
URL: https://www.ruw.de/suche/rdz/Exklusivit-der-App-Wal-Missbra-ode-Sicherheitsgew-930b939342f4893c0d8cdc9ffdbe02e8
2020
- Maier, D., Erb, H., Mullan, P., & Haupert, V. (2020). Camera Fingerprinting Authentication Revisited. In International Symposium on Research in Attacks, Intrusions and Defenses. Donostia / San Sebastian, ES: Cham, Switzerland: Springer International Publishing.
2019
- Haupert, V. (2019). Sicherheit mobiler Bankgeschäfte zwischen Innovation und Regulierung (Dissertation).
URL: https://nbn-resolving.de/urn:nbn:de:bvb:29-opus4-113211 - Haupert, V., & Gabert, S. (2019). Short Paper: How to Attack PSD2 Internet Banking. In Ian Goldberg, Tyler Moore (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 234-242). St. Kitts, KN: Springer.
- Haupert, V., & Gabert, S. (2019). Where to Look for What You See Is What You Sign? User Confusion in Transaction Security. In Kazue Sako, Steve Schneider, Peter Ryan (Eds.), 24th European Symposium on Research in Computer Security. Luxemburg, LU: Cham, Switzerland: Springer International Publishing.
2018
- Haupert, V., Maier, D., Schneider, N., Kirsch, J., & Müller, T. (2018). Honey, I Shrunk Your App Security: The State of Android App Hardening. In Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 69-91). Paris, FR: Cham, Switzerland: Springer International Publishing.
URL: https://www.cs1.tf.fau.de/nomorp - Haupert, V., & Müller, T. (2018). On App-based Matrix Code Authentication in Online Banking. In Furnell Steven, Mori Paolo, Camp Olivier (Eds.), Proceedings of the 4th International Conference on Information Systems Security and Privacy (pp. 149-160). Funchal, Madeira, PT: Setúbal: SciTePress.
URL: https://www1.cs.fau.de/appAuth - Haupert, V., & Pugliese, G. (2018). Ich sehe was, das du nicht siehst: Die Realität von Mobilebanking zwischen allgemeinen und rechtlichen Anforderungen. In Langweg, Hanno ; Meier, Michael ; Witt, Bernhard C. ; Reinhardt, Delphine (Hrg.), Konferenzband der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) (S. 157-168). Konstanz, DE: Bonn: Köllen Druck+Verlag GmbH.
- Kraus, M., & Haupert, V. (2018). The Swift Language from a Reverse Engineering Perspective. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium. Vienna, AT: New York, NY, USA: ACM International Conference Proceedings Series (ICPS).
URL: https://github.com/maltek/swift-frida
2017
- Haupert, V., Maier, D., & Müller, T. (2017). Paying the Price for Disruption: How a FinTech Allowed Account Takeover. In Reversing and Offensive-oriented Trends Symposium (pp. 7:1-7:10). Vienna, Austria: New York, NY, USA: ACM.
URL: https://www1.cs.fau.de/n26 - Haupert, V., & Müller, T. (2017). Rest In Protection: A Kernel-Level Approach to Mitigate RIP Tampering. In Mori, Paolo ; Furnell, Steven ; Camp, Olivier (Eds.), Proceedings of the 3rd International Conference on Information Systems Security and Privacy (pp. 25-37). Porto, PT: Setúbal: SciTePress.
- Hoffmann, J., Haupert, V., & Freiling, F. (2017). Anscheinsbeweis und Kundenhaftung beim Online-Banking. Zeitschrift für das gesamte Handelsrecht und Wirtschaftsrecht, 181(5), 780-816.
2016
- Haupert, V., & Müller, T. (2016). Auf dem Weg verTAN: Über die Sicherheit App-basierter TAN-Verfahren. In Meier Michael, Reinhardt Delphine, Wendzel Steffen (Hrg.), Konferenzband der 8. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) (S. 101-112). Bonn, DE: Bonn: Köllen Druck+Verlag GmbH.
URL: https://www1.cs.fau.de/appTAN
Davide Bove
I am an IT security researcher in the field of Mobile Security and Systems Security associated with the IT Security Infrastructures Lab. I also give talks about and teach about security topics. You can read more about me here.
My dissertation on the security of mobile devices can be found here: https://doi.org/10.25593/open-fau-510
Supervised Theses
- Trusted User Inputs
- Runtime Attestation for Enclave Applications on RISC-V
- MBedT: Towards a TEE framework for embedded RISC-V devices
- Designing Secure Enclaves on RISC-V
- Aufbereitung und Analyse von Honeypot-Daten
- Machine Learning based analysis of honeynet logs
- Creating an Online Training Platform for Penetration Testing
- On the Security and Privacy Implications of NFC-based Transactions
- Runtime Monitoring from RISC-V Enclaves
- Preinstalled malware breaking trusted execution environments
- Trusted User Inputs – Getting input from a user without letting the OS know about it
Professional Activities
- Lange Nacht der Wissenschaften 2023, Live Hacking Demonstration, Speaker alongside Immanuel Lautner, Lydia Weinberger, and Gaston Pugliese.
- ARES 2022: International Conference on Availability, Reliability and Security, Vienna, Austria, Speaker
- Tag der Informatiklehrerinnen und -lehrer 2022, Ludwig-Maximilians-Universität München, Live Hacking: Von der Forschung zur Lehre.
- ASIA CCS ’22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, Speaker.
- Lange Nacht der Wissenschaften 2022, Live Hacking Demonstration, Speaker alongside Jonas Röckl and Joschua Schilling.
- Lange Nacht der Wissenschaften 2019, Live Hacking Demonstration, Speaker alongside Dr.-Ing. Tilo Müller, Marcel Busch, Anatoli Kalysch and Tobias Groß.
- The 6th IEEE International Conference on Cyber Security and Cloud Computing (IEEE CSCloud 2019), Paris, France, Speaker.
Publications
2024
- Bove, D. (2024). A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android. In Proceedings of the 19th International Conference on Availability, Reliability and Security (pp. 1-11). Vienna, AT: New York: Association for Computing Machinery.
- Bove, D. (2024). Trust In Your Pockets: On the Security of Mobile Devices through Trusted Computing (Dissertation).
2023
- Bove, D., & Funk, J. (2023). Basic Secure Services for Standard RISC-V Architectures. Computers & Security, 133. https://doi.org/10.1016/j.cose.2023.103415
URL: https://authors.elsevier.com/a/1hZ8Rc43v0a1t
2022
- Bove, D. (2022). Secure Services for Standard RISC-V Architectures. In Association for Computing Machinery (Eds.), Proceedings of the 17th International Conference on Availability, Reliability and Security. Vienna, Austria, AT.
URL: https://dl.acm.org/doi/10.1145/3538969.3538998 - Bove, D. (2022). SoK: The Evolution of Trusted UI on Mobile. In Association for Computing Machinery (Eds.), ASIA CCS '22: Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (pp. 616 - 629). Nagasaki, Japan.
URL: https://dl.acm.org/doi/10.1145/3488932.3517417
2019
- Bove, D., & Kalysch, A. (2019). In pursuit of a secure UI: The cycle of breaking and fixing Android’s UI. it - Information Technology, Methods and Applications of Informatics and Information Technology. https://doi.org/10.1515/itit-2018-0023
- Bove, D., & Müller, T. (2019). Investigating Characteristics of Attacks on Public Cloud Systems. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 89-94). Paris, FR.
URL: https://ieeexplore.ieee.org/document/8854036
2018
- Kalysch, A., Bove, D., & Müller, T. (2018). How Android’s UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 2:1--2:10). Vienna, AT: New York, NY, USA: ACM International Conference Proceedings Series (ICPS).
URL: https://dl.acm.org/citation.cfm?id=3289597
- Bove, D. (2018). Using Honeypots to Detect and Analyze Attack Patterns on Cloud Infrastructures. Unpublished master’s thesis. Friedrich-Alexander University, Erlangen, Germany.
URL: https://davidebove.com/files/thesis-bove-public.pdf
PGP
| Public Key: | 0xF31EF62704D92A18 |
| SHA1 Fingerprint: | 3459 838D 148B 6998 759F 8335 F31E F627 04D9 2A18 |
Janine Schneider
Publications:
2024
- Eichhorn, M., Schneider, J., & Pugliese, G. (2024). Well Played, Suspect! – Forensic Examination of the Handheld Gaming Console “Steam Deck”. Forensic Science International: Digital Investigation, 48, 1-10. https://doi.org/10.1016/j.fsidi.2023.301688
URL: https://www.sciencedirect.com/science/article/pii/S266628172300207X - Nicolai, F., Maras, M.-H., Trautmann, J., & Schneider, J. (2024). When objects betray you: the Internet of Things and the privilege against self-incrimination. Information and Communications Technology Law. https://doi.org/10.1080/13600834.2024.2352691
- Schneider, J., Eichhorn, M., Dreier, L.M., & Hargreaves, C.J. (2024). Applying digital stratigraphy to the problem of recycled storage media. In Elsevier (Eds.), Forensic Science International: Digital Investigation. Baton Rouge, US: Elsevier.
URL: https://www.sciencedirect.com/science/article/pii/S2666281724000805
2023
- Schneider, J. (2023). On the Trustworthiness of Digital Evidence and How It Can Be Established (Dissertation).
2022
- Schneider, J., Düsel, L., Lorch, B., Drafz, J., & Freiling, F. (2022). Prudent design principles for digital tampering experiments. In Elsevier (Eds.), Forensic Science International: Digital Investigation. Oxford, GB.
URL: https://www.sciencedirect.com/science/article/pii/S2666281722000038 - Schneider, J., Eichhorn, M., & Freiling, F. (2022). Ambiguous File System Partitions. In Elsevier (Eds.), Forensic Science International: Digital Investigation. On the Internet, US.
URL: https://www.sciencedirect.com/science/article/pii/S2666281722000804
2021
- Ottmann, J., Pollach, J., Scheler, N., Schneider, J., Rückert, C., & Freiling, F. (2021). Zur Blackbox-Problematik im Bereich Mobilfunkforensik. Datenschutz und Datensicherheit, 45, 546-552. https://doi.org/10.1007/s11623-021-1487-1
- Schneider, J., Lautner, I., Moussa, D., Wolf, J., Scheler, N., Freiling, F.,... Westman, M. (2021). In Search of Lost Data: A Study of Flash Sanitization Practices. In Proceedings of the Digital Forensics Research Conference Europe (DFRWS EU) 2021. Cyberspace.
URL: https://dfrws.org/presentation/in-search-of-lost-data-a-study-of-flash-sanitization-practices/
2020
- Schneider, J., Milius, S., Deifel, H.-P., & Freiling, F. (2020). Unifying Metadata-Based Storage Reconstruction and Carving with LAYR. In Elsevier (Eds.), Forensic Science International: Digital Investigation. Virtual, US.
URL: https://www.sciencedirect.com/science/article/pii/S2666281720302559 - Schneider, J., Wolf, J., & Freiling, F. (2020). Tampering with digital evidence is hard: The case of main memory images. In Elsevier (Eds.), Forensic Science International: Digital Investigation. Virtual, GB: Elsevier.
URL: https://www.sciencedirect.com/science/article/pii/S2666281720300196