• Date: Wednesday, 15.04.2026, 12:00-14:00
• Location: S04 T01 A02

The exercise is aimed in particular at students in their first semester or without previous knowledge of computer science. Central basics such as number systems (binary, decimal, hexadecimal) and modulo arithmetic will be covered, which will be highly relevant in the further course of the course.

A short confirmation of participation is required for planning purposes. This is done via the corresponding vote in the Moodle course: https://lehre.moodle.uni-due.de/course/view.php?id=12300 (password: moodle.CyberSec.26)

Our research on Brigade addresses one of the current major security issues in decentralized systems: the high complexity and vulnerability of cross-chain bridges and their protocols. In recent years, the cross-chain infrastructure has been responsible for a significant proportion of the largest security incidents, as attackers exploit complex interactions between multiple blockchains. Brigade tackles this challenge by continuously monitoring cross-chain transactions, correlating relevant on-chain and off-chain events, and automatically identifying malicious behavior. The system can be implemented without changes to existing protocols that are already in use.

In a comprehensive retrospective analysis of real cross-chain attacks, we demonstrated that Brigade successfully detects attacks with total damages of approximately $4 billion. These results underscore the potential of automated, holistic security monitoring for decentralized finance and cross-chain systems.

The design and evaluation of Brigade will be presented at the 24th International Conference on Applied Cryptography and Network Security (ACNS) 2026 in New York.

The original proposal for Brigade has been developed in the master thesis of Pascal Winkler, which received the Dies Academicus Prize.

To effectively address these challenges, CASA - Securing the Digital Society develops innovative security mechanisms that make digital systems more resilient. CASA takes a research approach that is unique in Europe: it combines cutting-edge technological innovation with insights into the social and human aspects of cybersecurity. This interdisciplinary perspective makes CASA a leading center for holistic cybersecurity research.

Prof. Dr. Lucas Davi, Director of paluno - The Ruhr Institute for Software Technology, contributes his expertise in system and software security. “At CASA we develop novel security solutions that remain effective under realistic attack scenarios – without slowing down system performance,” explains Davi. “We take a comprehensive view of IT security across all system layers: from hardware-level protections to identifying vulnerabilities in decentralized applications.”

CASA is based at the Horst Görtz Institute for IT Security at Ruhr University Bochum. Other participating institutions are the Max Planck Institute for Security and Privacy in Bochum, the Technical University of Berlin, the University of Bonn and the University of Duisburg-Essen. Funding from the German Research Foundation (DFG) began on January 1, 2019. After an initial term of seven years, the Cluster of Excellence has now been extended until December 31, 2032.

The aim of the Excellence Strategy is to strengthen Germany’s position as an outstanding research hub in the long term and further improve its international competitiveness. The Clusters of Excellence funding line is designed to support project-based funding in internationally competitive fields of research at universities or university consortia. The DFG is responsible for developing and implementing this funding line and for publishing calls for proposals every 7 years.

Further Information: https://www.dfg.de/en/research-funding/funding-initiative/excellence-strategy 

News from the Horst-Görtz-Instituts: https://hgi.rub.de/en/news/newsarchiv/hginews/excellence-strategy-casa-receives-funding-for-another-seven-years

In addition to HTML, CSS, and JavaScript, WebAssembly (Wasm) has now established itself as the "fourth language" of the web and is supported by all major browsers. The technology allows programs to be developed in languages such as C, C++, Go, or Rust and then run as WebAssembly modules in the browser with minimal performance loss. Many popular web apps, including twitch.tv, Google Earth, Adobe Photoshop, and Zoom, now take advantage of this benefit.

However, the technology also poses security risks, as shown by our joint study with the TU Braunschweig. We analyzed nearly 38,000 domains on the web and found that more than 77% of these domains transmit data to apps without adequately checking the sources.

We see this practice as a significant security risk. If a WebAssembly module contains errors, hackers can exploit these vulnerabilities and inject malicious code into users' browsers over the internet.

To reduce this risk, we developed the analysis tool Wemby. Wemby detects memory errors in WebAssembly modules within the browser. Compared to previous methods, the tool analyzes more code in significantly less time.

Using Wemby, we discovered, among other things, a security vulnerability in Zoom that could be exploited through manipulated video data. The affected providers have been informed so they can take appropriate protective measures.

In June 2025, the researchers will present the results of their work at the Software Engineering Conference ISSTA in Trondheim (Norway).

Pascal wrote his master’s thesis in our department under the supervision of Jens-Rene Giesen. The title of his thesis is Mitigating Cross-Chain Bridge Attacks in DeFi Applications. His thesis contributes to strengthening the security infrastructure of decentralized finance (DeFi). By developing advanced strategies to combat attacks on cross-chain bridges, his work significantly enhances the integrity and stability of DeFi ecosystems. In particular, the thesis introduces an innovative development framework for securing cross-chain bridges, which developers can easily adopt. This approach not only boosts investor confidence but also increases the resilience of the entire decentralized financial landscape—an area of growing importance for the financial industry.

Pascal will now explore this topic further in his doctoral studies. We wish him great success in his research journey through the world of smart contracts and blockchain.

More information about Pascal’s research can be found on our website [here].

It is highly recommended that you familiarize yourself with the format of the seminar and the Bachelor's project in advance. This information can be found on our teaching website for both formats: https://syssec.informatik.uni-due.de/studium-lehre/wintersemester-24-25/ 

The introductory sessions will take place at the following times:

• Seminar: October 7 at 10:00 a.m. in S-GW 009
• Bachelor's project: October 10 at 10:00 a.m. in S-GW 009

Michael conducted research in the areas of smart contract security and trusted execution environments. The title of his dissertation is Software (In)Security of Smart Contracts and Trusted Enclaves, which he defended on June 27, 2023. Today, Michael works for Amazon Web Services (AWS).

Sebastian, on the other hand, focused on the security of embedded systems and remote attestation. The title of his dissertation is Securing Embedded Devices with Remote Attestation, which he defended on March 14, 2024. Today, Sebastian works at genua GmbH.

The department wishes both continued success in their professional careers!

More information about Michael’s research can be found on our page [here].
More information about Sebastian’s research can be found on our page [here].

These decisions were made during a two-day board retreat. The entire board thanks Professor Pohl for his longstanding commitment and leadership at paluno. At the same time, the new directorate is wished much success  for the continued success of the institute.

paluno - the Ruhr Institute for Software Technology is one of the largest research institutes for software engineering in Germany. With 12 professors and over 100 researchers, paluno conducts excellent applied and fundamental research. paluno investigates and tests principles, methods, and tools for the development of software-based technologies. As significant drivers of digitalization, these technologies are changing our world - the way we work, learn, conduct business, produce, communicate, and travel. The researchers at paluno are committed to ensuring that digitalization succeeds with software-based systems and that the new technologies serve people, are user-friendly, and secure..

Im Bachelor bieten wir die neue Vorlesung, Application Management an. Diese Vorlesung wird die Sicherheitskonzepte von Kryptowährungen und Blockchain Technologien mit Schwerpunkt Smart Contract Security behandeln. Die Vorlesung Application Management vermittelt ein umfassendes Verständnis für die effiziente und sichere Verwaltung von Anwendungen über ihren gesamten Lebenszyklus hinweg, mit einem Schwerpunkt auf Sicherheit und bewährten Praktiken. Es werden technische und Managementaspekte behandelt, um Anwendungen funktionsfähig und sicher zu halten.

Im Master bieten wir die Vorlesung Secure Software Systems an. In dieser Vorlesung werden Studierende über aktuelle Forschung, Angriffstechniken und Abwehrmethoden im Bereich der Software- und Systemsicherheit informiert, mit einem Schwerpunkt auf der Analyse von Sicherheitsproblemen und Schutztechnologien für verschiedene Rechnerarchitekturen sowie der Verwundbarkeit von Softwaresystemen gegenüber Laufzeitangriffen (Exploits).

Zudem bieten wir jedes Semester eine begrenzte Anzahl an Seminararbeiten und Bachelorprojektarbeiten an. Eine Übersicht über die angebotenen Veranstaltungen findet sich auf unserer Lehre Seite für das Wintersemester 2023/2024 .

Beachte: Denken Sie bitte an die Anmeldungen in den entsprechenden Moodle Kursen für die oben genannten Vorlesungen. Die Zugangsschlüssel zur Einschreibung in die Moodle-Kurse erhalten Sie jeweils während der ersten Vorlesung.

RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64
Tobias Cloosters, David Paaßen, Jianqiang Wang, Oussama Draissi, Patrick Jauernig, Emmanuel Stapf, Lucas Davi, Ahmad-Reza Sadeghi

ClepsydraCache – Preventing Cache Attacks with Time-Based Evictions
Jan Philipp Thoma, Christian Niesler, Dominic Funke, Gregor Leander, Pierre Mayr, Nils Pohl, Lucas Davi, Tim Güneysu