Student Project and Thesis Topics (2019/2020)
Below is a collection of ideas for student projects. Some are half-backed, some are not even written down. If you are interested in systems-oriented computer science and computer security, talk to me in person. In general I expect that students have a solid understanding of operating systems and computer networks and that they are able to handle programming tasks well.
Trusted Execution Environments
Trusted Execution Environments (TEEs) such as ARM's Trustzone or Intel's Enclave are secure areas inside a main processor. The idea is that data and applications contained in TEEs is protected with respect to confidentiality and integrity. Systems execute a trusted operating system inside the TEE and they may load trusted applications into the TEE. The goal of this project is investigate the state of the art in TEEs and their open source software systems and to prototype novel trusted applications that may help to secure networked embedded devices.
This work requires strong interest in working with low-level C code in embedded systems. It also requires a certain portion of creativity and the willingness to work with fast developing new technology.
Remote Attestation
Remote attestation techniques are used to verify claims about the integrity and trustworthiness of computing systems. An attester usually running inside a TEE is collecting data about a system and formulating claims that are signed and send to a verifier. The verifier is then checking the claims against known good values in order to produce a signed attestation that can be given to other software modules that are interested in managing how much they trust the attested system. Work is underway to create standards for remote attestation and the goal is to prototype and experiment with the developing technology.
This work requires strong interest in working with technology that is in the process of being standardized. Good prototyping skills will be a benefit and the willingness to work with evolving technology specifications.
Graph Representation Learning and Clustering
Graph representation learning (network embedding) involves finding low-dimensional vector representations for the vertices of a graph, while preserving information about the graph structure, in order to facilitate network analysis. This has a variety of potential applications, including link prediction, community detection, etc. The aim of the project is to investigate the state of the art in graph representation learning and applying it to graph clustering.
The work requires prior exposure to machine learning (including neural networks) and Python. Previous knowledge of or willingness to learn a standard ML framework like PyTorch would be useful.
Service Dependency Discovery and Analysis
Today's online services often depend on many other services and the dependencies are often not well understood. For example, the attack on the DNS services provided by Dyn in October 2016 caused several big web sites (e.g., twitter, github, netflix, spotify) to become partially non-accessible. The goal of this project is to summarize the state of the art on automated service dependency discovery and analysis and to prototype tools for specific scenarios.
Integration of LMAPD and ORC
RFC 8193 and RFC 8194 define an information model and a data model for large-scale network measurement systems. An implementation of the data model (called lmapd) is available. RFC 8040 defines a protocol that can be used to manage the configuration of a remote system. An implementation of the protocol (called orc) is available as well. The goal of this project is to integrate lmapd with orc in order to obtain a solution that conforms to the RFCs and allows to run measurements from a standard OpenWrt system.
This project requires interest in programming in C on a resource constrained embedded Linux system.
DDoS Data Channel and ORC
The IETF has defined a data channel and a signaling protocol to mitigate DDoS attacks. The goal of this project is to implement the data channel protocol using the orc RESTCONF protocol implementation on OpenWrt systems.
This project requires interest in programming in C on a resource constrained embedded Linux system.
- DOTS doccuments (IETF)
- orc (GitHub)
Improved Luci Web Interface for LMAPD
RFC 8193 and RFC 8194 define an information model and a data model for large-scale network measurement systems. An implementation of the data model (called lmapd) is available and an initial version of a Luci web user interface has been prototyped. The goal of this project is to improve the user interface by providing additional functionality and improve usability.
This project requires interest in learning the Lua programming language and the Luci web user interface framework written in Lua. The main focus, however, is less on programming but on good user interface design.
- lmapd (GitHub)
Open Source CPU Designs
Open-source hardware designs are gaining traction. Paired with open source operating systems running on them, these designs provide companies full insights into all aspects of critical infrastructure components. Open-source hardware is sometimes seen as a critical incredient for digital sovereignty. Open-source hardware designs that goes beyond the design of PCBs (like Arduino) are for example the OpenRISC project, the design of a full CPU and related tool chains. The goal of this project is to investigate the state of the art with a specific focus on security features provided by open hardware CPU designs.
The project requires a strong interest in computer architecture.
- OpenRISC (Wikipedia)
Sonification of Status and Trust Information
This is a topic for someone interested in computer generated sounds or music. I am interested in algorithms that convert status or trust information obtained by monitoring systems (say a monitor of computer network or a cyber security analysis system) into audible sounds that (i) are not intrusive but (ii) can signal significant changes in the conditions. There is work in this space. Some people recently wrote special programming languages that allow to describe sound generations as programs.
This topic is somewhat experimental and producing a 'good' or even just a 'reasonable' solution will be difficult since most naive approaches tend to be annoying soon. This is a topic for students with a strong interested in music, sound generation, etc.
- The Sonification Handbook (online)