Student Thesis Topics (2021/2022)

ORC (OpenWrt RestConf) is an open source implementation of the RESTCONF protocol (RFC 8040) for OpenWrt, an embedded Linux system. It was originally written by Malte Granderath in 2020 as part of his BSc thesis.

A number of improvements can be made to the ORC:

• ORC support for the Network Management Datastore Architecture (RFC 8342, RFC 8527)
• ORC support for the Network Configuration Access Control Model (RFC 8341)
• ORC support for basic standard data models
• ORC support for Linux container
• ORC client tools (rust?)

Reading:

• A Resource Efficient Implementation of the RESTCONF Protocol for OpenWrt Systems
• RESTCONF Protocol (RFC 8040)
• Network Management Datastore Architecture (NMDA) (RFC 8342)
• RESTCONF Extensions to Support the Network Management Datastore Architecture (RFC 8527)
• Network Configuration Access Control Model (RFC 8341)

Requirements:

• Excellent C programming skills
• Interest to write code for embedded devices with limited resources
• Interest to develop, test, and evaluate standards-compliant code
• Familiarity with system-level programming and development techniques

Expectations:

• State of the art analysis of existing related work
• Design and implementation of proposed extensions
• Proper documentation and automated testing
• Evaluation in terms of completeness, robustness, resource usage

Security attacks often try to change the control flow of applications. A common problems are overwrites of function return addresses. Several techniques have been proposed to enforce control flow integrity. The goal of this work is to evaluate hardware-based approaches with a specific focus on solutions applicable to the RISC-V processors.

• What are existing solutions adopted by CPU manufacturers to make control flow attacks more difficult or impossible?
• What can be learned from existing approaches and what should the RISC-V community adopt?
• Is it possible to prototype solutions?

Reading:

• A survey of Hardware-based Control Flow Integrity (CFI)
• Control-Flow Integrity: Precision, Security, and Performance
• Control-flow Integrity Principles, Implementations, and Applications

Requirements:

• Understanding of program execution at the instruction set level
• Interest to learn about RISC-V CPUs
• Interest to learn about security work related to RISC-V

Expectations:

• State of the art analysis of existing related work
• Evaluation of existing state of the art solutions
• Development and prototyping of ideas that go beyond the state of the art
• Proper documentation

Security attacks often try to change the control flow of applications. A common problems are overwrites of function return addresses. Several techniques have been proposed to enforce control flow integrity. The goal of this work is to evaluating software-based approaches.

• What are existing solutions that can be implemented by compilers without specific support by the hardware?
• To which degree to these techniques impact performance?

Reading:

• Control-Flow Integrity: Precision, Security, and Performance
• Control-flow Integrity Principles, Implementations, and Applications

Requirements:

• Understanding of program execution at the instruction set level
• Understanding of program transformations at the compiler level

Expectations:

• State of the art analysis of existing related work
• Evaluation of existing state of the art solutions
• Development and prototyping of ideas that go beyond the state of the art
• Proper documentation

Active malware analysis is executing programs in emulated environments and the challenge is to learn user inputs that quickly discover significant portions of the control flow graph of the program under test. This is mainly done for Android applications. Questions related to this work are:

• Can some of the techniques be applied to other pieces of software? How specific are things to the Android environment? What about Linux or containerized applications?
• What is the testing/fuzzying community doing to generate inputs for fuzzying purposes? What can be learned from them and be applied to control flow graph discovery?

Reading:

• SECUR-AMA: Active Malware Analysis Based on Monte Carlo Tree Search for Android Systems
• Practical dynamic reconstruction of control flow graphs

Requirements:

• Understanding of program execution at the system call or C library level
• Interest to learn about reinforcement learning techniques

Expectations:

• State of the art analysis of existing related work
• Evaluation of existing state of the art solutions
• Development and prototyping of ideas that go beyond the state of the art
• Proper documentation

A fingerprint matching algorithm has been designed and implemented such that it can execute in the security world of a Cortex-M processor in 2021. The idea is to build on this work and to extend it in several directions:

• Implementation of the missing feature extraction stages to realize a complete prototype
• Improvements of the matching algorithm, both in terms of the accuracy but also its resource usage
• Investigating of other processors that provide a similar separation of a trusted secure world from an untrusted world

Reading:

• Last year's BSc thesis (contact me)

Requirements:

• Software development skills for embedded systems
• Competence to work close to the hardware level
• Interest to learn about the specifics of Cortex-M processors
• Algorithmic competence and interest to make code efficient

Expectations:

• Improvements of the existing algorithm
• Design of a complete prototype (not just the matching functionality)
• Evaluation against other state of the art solutions
• Proper documentation

Linux is a great open source operating system to work with. However, it has become way too complex to use it effectively for teaching fundamental operating system concepts. Furthermore, there is a push towards using Rust instead of C to write more robust operating system kernels. The goal of this project is to investigate recent educational operating systems, with a specific focus on Rust. The work can evolved into different directions, such as developing improvements for open source educational operating systems or rewriting educational operating systems (or components thereof) in Rust.

Reading:

• Unix version 6 in ANSI C for RISC-V (MIT; educational; C)
• rCore (THU; educational; Rust)
• BLOG OS in Rust (Philipp Oppermann; Rust)

Requirements:

• Excellent system-level programming skills
• Time and motivation to learn Rust
• Interest in educational aspects

Expectations:

• Analysis of existing embedded operating systems written in Rust
• Evaluation of both technical aspects as well as usability aspects
• Proper documentation and automated testing of code components

Tock is a well documented open source operating system written in Rust. It was originally developed by researchers working a Stanford, the University of California at Berkely, and the University of Virginia. The goal of this project is to investigate and evaluate the usability of the current version Tock 2.0 and to develop and prototype extensions and new features.

Reading:

• Multiprogramming a 64kB Computer Safely and Efficiently
• Tock (Stanford, Berkeley, …; Rust)

Requirements:

• Excellent system-level programming skills
• Time and motivation to learn Rust
• Ability to resolve issues where stackexchange does not have the answer

Expectations:

• Analysis of existing embedded operating systems written in Rust
• Evaluation of both technical aspects as well as usability aspects
• Proper documentation and automated testing of code components

RISC-V processors are getting traction on embedded systems due to the fact that RISC-V technology is royality free. The goal of this effort is to survey how the available RISC-V hardware is evolving and to develop demonstration prototypes, such as implementations of fully distributed firefly synchronization.

Reading:

• RISC-V International
• Firefly-inspired sensor network synchronicity with realistic radio effects

Requirements:

• Excellent system-level programming skills
• Interest to learn about RISC-V details
• Ability to resolve issues where stackexchange does not have the answer

Expectations:

• Building of concrete prototypes using RISC-V hardware (e.g., ESP32-C3)
• Evaluation of both technical aspects as well as usability aspects
• Proper documentation and automated testing of code components

There are several open source and commercial projects implementing embedded operating systems written entirely in Rust. The Rust Embedded community is developing documentation and code components to simplify the develop of embedded systems in Rust. The goal of this work is to investigate the state of the art and to contribute to the development of an infrastructure that makes embedded systems in Rust easier to build.

Reading:

• Rust Embedded
• The Embedded Rust Book

Requirements:

• Excellent system-level programming skills
• Time and motivation to learn Rust
• Ability to resolve issues where stackexchange does not have the answer

Expectations:

• Analysis of existing embedded operating systems written in Rust
• Evaluation of both technical aspects as well as usability aspects
• Proper documentation and automated testing of code components

Academic conferences and technical events such as standardization meetings are expensive in terms of their CO2 footprint. Several years ago, the ACM SIGPLAN created a conference CO2 calculator, which seems to not have been updated for a while. The goal of this project is to investigate relevant CO2 calculation models and to prototype an implementation that can be used to calculate past and future CO2 footprints of academic events or technical events (such as standardization meetings).

Reading:

• ACM CO2 footprint calculator
• CO2eq: Estimating Meetings’ Air Flight CO2 Equivalent Emissions
• An Automated Personal Carbon Footprint Calculator for Estimating Carbon Emissions from Transportation Use

Requirements:

• Interest to research different CO2 models and their pros and cons
• Good software development skills in a robust language
• Design skills for good command line APIs as well as Web APIs

Expectations:

• Deep analysis of the state of the art of relevant CO2 models
• Comparison of the differences produced by different CO2 models
• Development of practically useful tools that can be easily integrated
• Proper documentation and automated testing of code components

The Internet consumes a significant amount of energy and hence it has a CO footprint that we as users often do not realize. There have been efforts to provide CO2 calculators for Internet services. The goal of this project is to investigate which tools exist, what the underlying models are, which data is used to calculate CO2 footprints etc. There is room to investigate and develop novel approaches to estimate CO2 footprints from network data traces, for example collected at a router or network switch or to investigate which tools exist to estimate the CO2 footprint caused by a single device (e.g., a notebook, a tablet or a smartphone). There is also room to investigate how CO2 footprints can be reported, e.g., similar to screen time reports that some of the operating systems generate today. [Note that this topic can be potentially split into a data gathering and collection part and a data analysis and reporting part.]

Reading:

• ACM TechBrief: Computing and Climate Change
• The real climate and transformative impact of ICT: A critique of estimates, trends, and regulations
• Website Carbon Calculator
• Exploring Internet CO2 Emissions as an Auditory Display

Requirements:

• Interest to research different CO2 models and their pros and cons
• Good software development skills in a robust language
• Good understanding of Internet protocols

Expectations:

• Deep analysis of the state of the art of relevant CO2 models
• Comparison of the differences produced by different CO2 models
• Development of practically useful tools that can be easily integrated
• Proper documentation and automated testing of code components