Jasper Stang

Chair of Software Engineering (Informatik II)
Department of Computer Science
University of Würzburg

Am Hubland, 97074 Würzburg

Informatikgebäude, 2.OG, Room B209

Tel: +49 931 31-83372

Occupation

Since June 2020: Student Research Assistant in the Secure Software Systems Group at the Chair of Computer Science II - Software-Engineering, University of Würzburg

Starting from November 2023 PhD student in the Secure Software Systems Group at the Chair of Computer Science II - Software-Engineering, University of Würzburg

Research interests

Mobile Security
Security in Machine Learning

Publications

2024[ to top ]

Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts. Sendner, Christoph; Petzi, Lukas; Stang, Jasper; Dmitrienko, Alexandra; in To appear in the IEEE Symposium on Security & Privacy (2024).
- [ BibTeX ]
- [ BibSonomy-Post ]
@article{sendner2024largescale, author = {Sendner, Christoph and Petzi, Lukas and Stang, Jasper and Dmitrienko, Alexandra}, journal = {To appear in the IEEE Symposium on Security & Privacy}, keywords = {lukaspetzi}, month = {05}, title = {Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts}, year = 2024 }
DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification. Stang, Jasper; Krauß, Torsten; Dmitrienko, Alexandra; in arXiv:2403.06581 (2024).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
The surge in popularity of machine learning (ML) has driven significant investments in training Deep Neural Networks (DNNs). However, these models that require resource-intensive training are vulnerable to theft and unauthorized use. This paper addresses this challenge by introducing DNNShield, a novel approach for DNN protection that integrates seamlessly before training. DNNShield embeds unique identifiers within the model architecture using specialized protection layers. These layers enable secure training and deployment while offering high resilience against various attacks, including fine-tuning, pruning, and adaptive adversarial attacks. Notably, our approach achieves this security with minimal performance and computational overhead (less than 5% runtime increase). We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures. This practical solution empowers developers to protect their DNNs and intellectual property rights.

@article{jasper2024dnnshield, abstract = {The surge in popularity of machine learning (ML) has driven significant investments in training Deep Neural Networks (DNNs). However, these models that require resource-intensive training are vulnerable to theft and unauthorized use. This paper addresses this challenge by introducing DNNShield, a novel approach for DNN protection that integrates seamlessly before training. DNNShield embeds unique identifiers within the model architecture using specialized protection layers. These layers enable secure training and deployment while offering high resilience against various attacks, including fine-tuning, pruning, and adaptive adversarial attacks. Notably, our approach achieves this security with minimal performance and computational overhead (less than 5% runtime increase). We validate the effectiveness and efficiency of DNNShield through extensive evaluations across three datasets and four model architectures. This practical solution empowers developers to protect their DNNs and intellectual property rights.}, author = {Stang, Jasper and Krauß, Torsten and Dmitrienko, Alexandra}, journal = {arXiv:2403.06581}, keywords = {sss-group}, month = {03}, title = {DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification}, year = 2024 }
MirageFlow: A New Bandwidth Inflation Attack on Tor. Sendner, Christoph; Stang, Jasper; Dmitrienko, Alexandra; Wijewickrama, Raveen; Jadliwala, Murtuza; in the Network and Distributed System Security Symposium (NDSS) (2024).
- [ BibTeX ]
- [ BibSonomy-Post ]
@article{sendner2024mirageflow, author = {Sendner, Christoph and Stang, Jasper and Dmitrienko, Alexandra and Wijewickrama, Raveen and Jadliwala, Murtuza}, journal = {the Network and Distributed System Security Symposium (NDSS)}, keywords = {sss-group}, title = {MirageFlow: A New Bandwidth Inflation Attack on Tor}, year = 2024 }
ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in To Appear in the 33rd USENIX Security Symposium (USENIX Security 2024) (2024).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearStamp, the first DNN watermarking method designed for intuitive human assessment. ClearStamp embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearStamp defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearStamp produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearStamp’s effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.

@article{torsten2024clearstamp, abstract = {Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearStamp, the first DNN watermarking method designed for intuitive human assessment. ClearStamp embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearStamp defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearStamp produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearStamp’s effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.}, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {To Appear in the 33rd USENIX Security Symposium (USENIX Security 2024)}, keywords = {sssgroup}, title = {ClearStamp: A Human-Visible and Robust Model-Ownership Proof based on Transposed Model Training}, year = 2024 }
Cloud-Based Machine Learning Models as Covert Communication Channels. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in To appear in the 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024) (2024).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
@article{torsten2024cloudbased, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {To appear in the 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024)}, keywords = {sssgroup}, title = {Cloud-Based Machine Learning Models as Covert Communication Channels}, year = 2024 }

2023[ to top ]

Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study. Sendner, Christoph; Petzi, Lukas; Stang, Jasper; Dmitrienko, Alexandra; in arXiv:2312.16533 (2023).
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
@article{sendner2023vulnerability, author = {Sendner, Christoph and Petzi, Lukas and Stang, Jasper and Dmitrienko, Alexandra}, journal = {arXiv:2312.16533}, keywords = {lukaspetzi}, month = 12, title = {Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study}, year = 2023 }
ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training. Krauß, Torsten; Stang, Jasper; Dmitrienko, Alexandra; in ArXiv | arXiv:2310.16453v1 (2023).
- [ Abstract ]
- [ BibTeX ]
- [ URL ]
- [ Download ]
- [ BibSonomy-Post ]
Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearMark defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearMark produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearMark's effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.

@article{krauss2023clearmark, abstract = {Due to costly efforts during data acquisition and model training, Deep Neural Networks (DNNs) belong to the intellectual property of the model creator. Hence, unauthorized use, theft, or modification may lead to legal repercussions. Existing DNN watermarking methods for ownership proof are often non-intuitive, embed human-invisible marks, require trust in algorithmic assessment that lacks human-understandable attributes, and rely on rigid thresholds, making it susceptible to failure in cases of partial watermark erasure. This paper introduces ClearMark, the first DNN watermarking method designed for intuitive human assessment. ClearMark embeds visible watermarks, enabling human decision-making without rigid value thresholds while allowing technology-assisted evaluations. ClearMark defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters. Compared to existing watermarking methods, ClearMark produces visual watermarks that are easy for humans to understand without requiring complex verification algorithms or strict thresholds. The watermark is embedded within all model parameters and entangled with the main task, exhibiting superior robustness. It shows an 8,544-bit watermark capacity comparable to the strongest existing work. Crucially, ClearMark's effectiveness is model and dataset-agnostic, and resilient against adversarial model manipulations, as demonstrated in a comprehensive study performed with four datasets and seven architectures.}, author = {Krauß, Torsten and Stang, Jasper and Dmitrienko, Alexandra}, journal = {ArXiv | arXiv:2310.16453v1}, keywords = {sss-group}, month = 10, title = {ClearMark: Intuitive and Robust Model Watermarking via Transposed Model Training}, year = 2023 }
TorMult: Introducing a Novel Tor Bandwidth Inflation Attack. Sendner, Christoph; Stang, Jasper; Dmitrienko, Alexandra; Wijewickrama, Raveen; Jadliwala, Murtuza; in ArXiv | arXiv.2307.08550 (2023).
- [ BibTeX ]
- [ URL ]
- [ BibSonomy-Post ]
@article{sendner2023tormult, author = {Sendner, Christoph and Stang, Jasper and Dmitrienko, Alexandra and Wijewickrama, Raveen and Jadliwala, Murtuza}, journal = {ArXiv | arXiv.2307.08550}, keywords = {sss-group}, title = {TorMult: Introducing a Novel Tor Bandwidth Inflation Attack}, year = 2023 }
Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning. Sendner, Christoph; Chen, Huili; Fereidooni, Hossein; Petzi, Lukas; König, Jan; Stang, Jasper; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza; Koushanfar, Farinaz; in To appear at the Network and Distributed System Security Symposium (NDSS) (2023).
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
@article{sendner2023smarter, author = {Sendner, Christoph and Chen, Huili and Fereidooni, Hossein and Petzi, Lukas and König, Jan and Stang, Jasper and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Koushanfar, Farinaz}, journal = {To appear at the Network and Distributed System Security Symposium (NDSS)}, keywords = {lukaspetzi}, title = {Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning}, year = 2023 }

2021[ to top ]

RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android. Stang, Jasper; Dmitrienko, Alexandra; Roth, Sascha; in 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2021).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
StrandHogg vulnerabilities affect Android’s multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are limited to the detection of certain attack versions. In this work, we aim to develop a generic, efficient, and usability-friendly attack detection method, which does not require OS modifications and can be employed by apps installed on any vulnerable Android platform. To achieve our goal, we analyze StrandHogg attack techniques and develop two countermeasures, one using Machine Learning and the other one using ActivityCounter – a reliable attack indicator, which we could synthetically engineer. Our first approach achieves an average F1 score of 92% across all attack variations, while ActivityCounter shows superior performance and efficiently detects all attack versions without false positives. ActivityCounter is the first solution without practical limitations, which can be easily deployed in practice and protect millions of affected users.

@inproceedings{stang2021strandhogg, abstract = {StrandHogg vulnerabilities affect Android’s multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are limited to the detection of certain attack versions. In this work, we aim to develop a generic, efficient, and usability-friendly attack detection method, which does not require OS modifications and can be employed by apps installed on any vulnerable Android platform. To achieve our goal, we analyze StrandHogg attack techniques and develop two countermeasures, one using Machine Learning and the other one using ActivityCounter – a reliable attack indicator, which we could synthetically engineer. Our first approach achieves an average F1 score of 92% across all attack variations, while ActivityCounter shows superior performance and efficiently detects all attack versions without false positives. ActivityCounter is the first solution without practical limitations, which can be easily deployed in practice and protect millions of affected users.}, author = {Stang, Jasper and Dmitrienko, Alexandra and Roth, Sascha}, booktitle = {14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)}, keywords = {Android}, title = {RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android}, year = 2021 }

2020[ to top ]

Understanding UI attacks on Android. Jasper, Stang; Thesis; University of Würzburg. (2020, December).
- [ Abstract ]
- [ BibTeX ]
- [ Download ]
- [ BibSonomy-Post ]
In this thesis, we closely examine an important type of attack against Android smart- phones that exploit weaknesses in the user interface. In particular, we study, analyze and implement the “Keystroke Inference #3” attack from the “Cloak and Dagger” paper by Fratantonio et al. [1, 2], which enables an attacker to steal sensitive input such as pass- words. The attack takes advantage of a vulnerability that was subsequently patched on all newer Android versions. Yet, it still affects a significant user base that utilizes older devices. In this paper, we present the end-to-end attack implementation of the “Keystroke Inference #3” concept and elaborate on in-depth details. In order to make the attack fea- sible certain technical challenges needed to be solved, therefore our developed approaches are presented as well. After the evaluation of the results, we show that the implementa- tion is applicable to a wide range of Android versions. We then present our novel defense technique OverlayShifter, which fully prevents the attack while being independent of operating system modifications. Moreover, characteristics that facilitate the detection of the attack are discussed.

@mastersthesis{jasper2020understanding, abstract = {In this thesis, we closely examine an important type of attack against Android smart- phones that exploit weaknesses in the user interface. In particular, we study, analyze and implement the “Keystroke Inference #3” attack from the “Cloak and Dagger” paper by Fratantonio et al. [1, 2], which enables an attacker to steal sensitive input such as pass- words. The attack takes advantage of a vulnerability that was subsequently patched on all newer Android versions. Yet, it still affects a significant user base that utilizes older devices. In this paper, we present the end-to-end attack implementation of the “Keystroke Inference #3” concept and elaborate on in-depth details. In order to make the attack fea- sible certain technical challenges needed to be solved, therefore our developed approaches are presented as well. After the evaluation of the results, we show that the implementa- tion is applicable to a wide range of Android versions. We then present our novel defense technique OverlayShifter, which fully prevents the attack while being independent of operating system modifications. Moreover, characteristics that facilitate the detection of the attack are discussed.}, author = {Jasper, Stang}, keywords = {sssgroup}, month = 12, school = {University of Würzburg}, title = {Understanding UI attacks on Android}, type = {Bachelor Thesis}, year = 2020 }

Jasper Stang

Occupation

Research interests

Publications

Data privacy protection

Data privacy protection

Picture credits