Dorottya Futóné Papp

PhD student

dpapp (at) crysys.hu

web: www.crysys.hu/~dpapp/
office: I.E. 429
tel: +36 1 463 2063

Current courses | Student projects | Publications

Short Bio

Dorottya Futóné Papp was born in 1992 in Budapest. She received her BSc degree in Computer Science in 2014 and her MSc degree in Computer Science Engineering in 2016 from the Budapest University of Technology and Economics (BME). She started her PhD studies in September 2016. Sha has been involved with the Laboratory of Cryptography and System Security (CrySyS) since 2013 and with the Austrian Institute of Technology since 2015.

Current Courses

IT Security (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

IT Security (in English) (VIHIAC01)

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Coding and IT Security (VIHIBB01)

This BPorf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source coding and channel coding.

Computer Security (VIHIMA06)

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

IT Security Laboratory (VIHIMB01)

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Secure Software Development (VIHIAV33)

This course fills an important gap in the education of software engineers, - namely developing secure software applications. During this course, students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Student Project Proposals

IoT biztonság

A CrySyS Lab a vezetője a Nemzeti Kiválósági Programban támogatást nyert SETIT (Security Enhancing Techniques for the Internet of Things) projektnek, ami azt a célt tűzte maga elé, hogy drasztikusan csökkenti az IoT biztonsági kockázatait, és ezzel lehetővé teszi az IoT alkalmazások szélesebb körű elterjedését. A projekten belül, a labor az IoT alkalmazások futtatására szolgáló beágyazott számítási platform biztonságával foglalkozik.
A témakör iránt érdeklődő hallgatók a fenti projekt keretében az alábbi konkrét problémákon doglozhatnak, melyek részletesebb leírása a tanszéki portálon található: https://www.hit.bme.hu/edu/project:

Publications

2020

Clustering IoT Malware based on Binary Similarity

M. Bak, D. Papp, Cs. Tamás, L. Buttyán

IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), 2020.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Marton Bak, Dorottya Papp, Csongor Tamás, Levente Buttyán},
   title = {Clustering IoT Malware based on Binary Similarity},
   booktitle = {IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)},
   year = {2020}
}

Abstract

In this paper, we propose to cluster malware samples based on their TLSH similarity. We apply this approach to clustering IoT malware samples as IoT botnets built from malware infected IoT devices are becoming an important trend. We study the performance of two distance-based clustering algorithms, k-medoid and OPTICS, on a large corpus of IoT malware samples when they are used with the TLSH difference metric to measure distances between samples. Our results show that neither of the two algorithms have acceptable clustering performance. Hence, we propose a new clustering algorithm, which achieves a performance superior to both k-medoid and OPTICS.

Towards Secure Remote Firmware Update on Embedded IoT Devices

M. Juhász, D. Papp, L. Buttyán

Conference of PhD Students in Computer Science (CSCS), 2020.

Bibtex | Abstract | PDF

@conference {
   author = {Márton Juhász, Dorottya Papp, Levente Buttyán},
   title = {Towards Secure Remote Firmware Update on Embedded IoT Devices},
   booktitle = {Conference of PhD Students in Computer Science (CSCS)},
   year = {2020}
}

Abstract

An important security problem in IoT systems is the integrity protection of software, including the firmware and the operating system, running on embedded IoT devices. Digitally signed code and verified boot only partially solve this problem, because those mechanisms do not address the issue of run-time attacks that exploit software vulnerabilities. For this issue, the only known solution today is to fix the discovered vulnerabilities and update embedded devices with the fixed software. Such an update should be performed remotely in a secure and reliable way, as otherwise the update mechanism itself can be exploited to install compromised software on devices at large scale. In this work, we propose a system and related procedures for remotely updating the firmware and the operating system of embedded IoT devices securely and reliably.

2019

IoT Hacking - A Primer

D. Papp, K. Tamás, L. Buttyán

Infocommunications Journal, 2nd Issue, 2019.

Bibtex | Abstract | PDF

@article {
   author = {Dorottya Papp, Kristóf Tamás, Levente Buttyán},
   title = {IoT Hacking - A Primer},
   journal = {Infocommunications Journal, 2nd Issue},
   year = {2019}
}

Abstract

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

Towards Detecting Trigger-based Behavior In Binaries: Uncovering the Correct Environment

D. Papp, T. Tarrach, L. Buttyán

International Conference on Software Engineering and Formal Methods (SEFM), 2019.

Bibtex | Abstract | PDF

@inproceedings {
   author = {Dorottya Papp, Thorsten Tarrach, Levente Buttyán},
   title = {Towards Detecting Trigger-based Behavior In Binaries: Uncovering the Correct Environment},
   booktitle = {International Conference on Software Engineering and Formal Methods (SEFM)},
   year = {2019}
}

Keywords

Directed symbolic execution, Trigger-based behavior, Software verification

Abstract

In this paper, we present our first results towards detecting trigger-based behavior in binary programs. A program exhibits trigger-based behavior if it contains undocumented, often malicious functionality that is executed only under specific circumstances. In order to determine the inputs and environment required to trigger such behavior, we use directed symbolic execution and present techniques to overcome some of its practical limitations. Specifically, we propose techniques to overcome the environment problem and the path selection problem. We implemented our techniques and evaluated their performance on a real malware sample that launches denial-of-service attacks upon receiving specific remote commands. Thanks to our techniques, our implementation was able to determine those specific commands and all other requirements needed to trigger the malicious behavior in reasonable time.

2017

Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance

D. Papp, L. Buttyán, Z. Ma

Workshop on Software Assurance at ARES 2017, 2017.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp, Levente Buttyán, Zhendong Ma},
   title = {Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance},
   booktitle = {Workshop on Software Assurance at ARES 2017},
   year = {2017}
}

Abstract

A program exhibits trigger-based behavior if it performs undocumented, often malicious, functions when the environmental conditions and/or specific input values match some pre-specified criteria. Checking whether such hidden functions exist in the program is important for increasing trustworthiness of software. In this paper, we propose a framework to effectively detect trigger-based behavior at the source code level. Our approach is semi-automated: We use automated source code instrumentation and mixed concrete and symbolic execution to generate potentially suspicious test cases that may trigger hidden, potentially malicious functions. The test cases must be investigated by a human analyst manually to decide which of them are real triggers. While our approach is not fully automated, it greatly reduces manual work by allowing analysts to focus on a few test cases found by our automated tools.

2016

RoViM: Rotating Virtual Machines for Security and Fault-Tolerance

D. Papp, Z. Ma, L. Buttyán

EMC2 Summit at CPS Week 2016, 2016.

Bibtex | Abstract | PDF

@conference {
   author = {Dorottya Papp, Zhendong Ma, Levente Buttyán},
   title = {RoViM: Rotating Virtual Machines for Security and Fault-Tolerance},
   booktitle = {EMC2 Summit at CPS Week 2016},
   year = {2016}
}

Abstract

Nowadays, the field of embedded system experiences a number of changes. On one hand, recent cyber attacks against safety-critical systems demonstrate that malware can force safety-critical systems to endanger human lives and harm the environment. Therefore, a new requirement of security have arisen for safety-critical and embedded systems. However, security should be designed hand in hand with safety to resolve conflicts between the two fields. On the other hand, the emerging trend of virtualization has significant impact on the embedded market. The isolation and protection mechanisms of virtualization contributes to both safety and security via redundancy and the prevention of one virtual machine affecting another. In this paper we present RoViM, a system of rotating virtual machines providing proactive security for embedded devices. RoViM uses multiple virtual machines in the system which increases redundancy as a safety measure. Our design satisfies reachability, liveness and safety requirements and we present a proof-of-concept implementation with use case of an Internet Protocol Security (IPsec) gateway. We evaluate our design with formal verification and show that rotating virtual machines cause no significant change in the performance of the IPsec gateway.

2015

Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy

D. Papp, Z. Ma, L. Buttyán

IEEE International Confenrence on Privacy, Security, and Trust, 2015.

Bibtex | Abstract

@conference {
   author = {Dorottya Papp, Zhendong Ma, Levente Buttyán},
   title = {Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy},
   booktitle = {IEEE International Confenrence on Privacy, Security, and Trust},
   year = {2015}
}

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and ``invisible' way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.

ROSCO: Repository of signed code

B. Bencsáth, L. Buttyán, T. Holczer, B. Kócsó, D. Papp

Virus Bulletin, 2015.

Bibtex | PDF

@conference {
   author = {Boldizsár Bencsáth, Levente Buttyán, Tamas Holczer, Balázs Kócsó, Dorottya Papp},
   title = {ROSCO: Repository of signed code},
   booktitle = {Virus Bulletin},
   year = {2015}
}

Abstract