Three HGI/CASA Teams Among the Finalists of the 9th German IT Security Award

On November 10, the three best concepts will be awarded at the Ruhr-Universität Bochum.

Logo IT-Sicherheitspreis 2022

Copyright: HGI

Three teams with HGI/CASA scientists made it to the ten finalists in the selection process for the 9th German IT Security Award:
David Knichel, Amir Moradi, Nicolai Müller and Pascal Sasdrich submitted their concept "Simply secure: A toolbox for automated creation of protected hardware". Thorsten Holz (together with Sergej Schumilo and Cornelius Aschermann) convinced the jury with his "Nyx: High Performance Fuzz Testing for Complex Systems, from Browsers to Hypervisors" and the project "CoCoS: Secure Development of Smart Contracts" by HGI/CASA scientists Michael Rodler, Ghassan Karame and Lucas Davi (together with Jens-Rene Giesen and Sebastien Andreina) also made it into the top ten projects.

Award ceremony at the Ruhr University Bochum on November 10
On November 10, the three winning teams will receive their prizes at an awards ceremony at the Ruhr-Universität Event Center. The 1st prize is endowed with 100,000 euros, the 2nd prize with 40,000 euros and the 3rd prize with 20,000 euros. Patron of the event is the Federal Minister of the Interior and for Home Affairs, Nancy Faeser.

It is still possible to register for the award ceremony until the beginning of November. In conjunction with the award, Bitkom, Fraunhofer SIT, ATHENE, Horst Görtz Institute, Cube 5 and the ATHENE Digital Hub Cybersecurity are organizing the 2nd Cybersecurity Innovation Conference, which will take place digitally. Here, distinguished speakers will talk about topics such as hardware and software security or artificial intelligence. In the afternoon, the award ceremony will take place in the event center in Bochum and online. This is where the ten finalists will present their projects in a poster exhibition before the award ceremony.

You can find the registration and the detailed program here.

A total of 54 projects submitted
The Horst Görtz Foundation awards the German IT Security Prize every two years since 2006. By awarding the prize, the foundation aims to help strengthen and enhance the position of IT security in Germany - and in this way contribute to boosting the innovative potential of the German economy.

This year, scientists and IT security experts from all over Germany submitted a total of 54 projects for the multi-stage process. In the final round, the independent jury of experts has now selected ten concepts and solutions for IT security from which three winners will emerge.

The jury
Under the chairmanship of Prof. Dr. Michael Waidner (National Research Center for Applied Cyber Security Athene), the jury consists of experts from the fields of IT security, cryptography, system and network security, and defense against cyber attacks. Waidner is joined this year by: Julia Hermann (Giesecke+Devrient Munich), Prof. Dr. Konrad Rieck (TU Braunschweig), Dr. Rainer Baumgart (former Secunet Security Networks AG), Prof. Dr. Angela Sasse (Ruhr-Universität Bochum), Susanne Dehmel (Bitkom e. V.), Dr. Thomas Wollinger (Etas GmbH), Thomas Caspers (Federal Office for Information Security), Dr. Daniela Gerd tom Markotten (Deutsche Bahn AG) and Beate Hofer (Volkswagen AG).

Award designed by artist
The Horst Görtz Foundation was able to attract Cologne-based artist Reinhard Doubrawa to design the winning award. Doubrawa, who exhibits in renowned galleries and museums in Europe, has developed an aesthetic form for the award that reflects his associations with the idea of IT security. Made of stainless steel, his plate shows a homogeneous, freely designed pattern of strokes and arcs that offer viewers plenty of room for their own associations.

In the following, we briefly present the projects of all finalists.

"Jazzer: fully automated fuzz tests for memory-safe programming languages".
Matthew Smith, Khaled Yakdan, Sergej Dechand, Norbert Schneider and Fabian Meumertzheim

Abstract: Fuzzing is a powerful testing method that has been used to find tens of thousands of bugs in memory-unsafe languages such as C/C++. With Jazzer, Code Intelligence has developed a fully automated fuzzer for memory-safe languages. Google has now integrated Jazzer into its OSS Fuzz Platform, where it has been a major contributor to the open source community since 2021 as the only Java fuzzer.

"Carbyne Stack - An Open Source Secure Multiparty Computation Cloud Platform."
Sven Trieflinger, Sebastian Becker, Vadim Raskin, Volker Suschke, Vincent Rieder, Jared Weinfurtner and Hanna Modica.

Abstract: Carbyne Stack is an open source platform built on cloud-native technologies for storing and processing encrypted data via Secure Multiparty Computation. As a generic, scalable, resilient, and designed using modern software engineering methods, Carbyne Stack opens up Secure Mutiparty Computation for enterprise use.

"SChaSA: Secure Charging Station Adapter."
Maria Zhdanova and Daniel Zelle

Abstract: Charging solutions for electric vehicles rarely have smart metering systems, which are obligatory in Germany. To provide translation between charging stations, meters and smart meter gateways, we have developed SchaSA. SchaSA uses EAL4+ certified hardware to ensure integrity and enables customers to securely use charging stations, which are not purpose-built for the German market.

"Simply Secure: A Toolkit for Automated Creation of Protected Hardware"
David Knichel, Amir Moradi, Nicolai Müller and Pascal Sasdrich

Abstract: Our tools support developers in designing secure hardware circuits and allow both to protect insecure circuits against side-channel attacks in a fully automated way and to efficiently check the side-channel resistance of any circuit. Thus, critical circuits can be reliably protected against side-channel attacks even by inexperienced developers.

"SIMON – Security Monitor for Connected Vehicles (SIcherheitsMONitor für vernetzte Fahrzeuge)"

Roland Rieke and Florian Fenzl

Abstract: The new binding regulations of the United Nations show how important cybersecurity is for an increasingly connected, automated mobility. We develop hybrid, lightweight anomaly detection systems whose results are verifiable enough to initiate reliable mitigation measures, which is often missing in standard machine learning methods.

"CodeShield - Cloud-Native Application Security."
Andreas Dann, Manuel Benz, Joahnnes Späth and Eric Bodden.

Abstract: Secure configuration of largescale cloud applications is almost impossible. However, the risk of a vulnerability depends to a large extent on this configuration, as it determines what privileges an attacker can acquire and what data he can access. CodeShield enables organizations to efficiently increase cloud security by identifying attack paths to and from a vulnerability using a novel, graph-based cloud data flow analysis.

"Nyx: High Performance Fuzz Testing for Complex Systems, from Browsers to Hypervisors"
Sergej Schumilo, Cornelius Aschermann and Thorsten Holz.

Abstract: Nyx is a modern, efficient and open source fuzzing framework. Unlike other fuzzers, Nyx checks the entire software stack from the web server to the hypervisor for critical security vulnerabilities. Nyx techniques have been published in eight world-renowned conferences and are used on internal teams at Intel, Mozilla, and AWS due to their pioneering potential.

"CoCoS: Secure Development of Smart Contracts."
Jens-Rene Giesen, Sebastien Andreina, Michael Rodler, Ghassan Karame and Lucas Davi.

Abstract: Security vulnerabilities in smart contracts led to massive losses. CoCoS (Contracts Compiled Securely) is the first method that automatically protects smart contracts against different classes of attacks. CoCoS supports many smart contract platforms and programming languages to enable secure execution of contracts in different blockchain technologies.

"Smart eMail Link domain Extractor to support Visual Impaired People SMILE-4-VIP."
Melanie Volkamer and Thorsten Schwarz

Abstract: Successful digitization requires protective measures that are not only effective, but also barrier-free. SMILE-4-VIP is a security solution that helps people with high visual impairment and blindness to detect phishing emails. SMILE-4-VIP applies phishing research to the processes of visually impaired people when dealing with email.

"Morphing Attack Detection (MAD)."
Christoph Busch, Christian Rathgeb, Ulrich Scherhag, Daniel Fischer, Siri Lorenz and Juan Tapia.

Abstract: Morphing attacks threaten the function of passports as identity control documents. The authors have thus developed a detection method for such attacks. Since a relevant number of morphing passports are already in circulation, the use of Morphing Attack Detection (MAD) software at the borders becomes urgent. MAD is implemented by combining features from textures, noise patterns or geometries in a light image.

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.