Student Thesis Topics (2024)
I will supervise BSc thesis projects in Spring 2024. Since I have limited supervision capacity, I typically take the first N students following more or less a first-come, first-served strategy. I like to form clusters of students working on related topics, and I organize weekly (online) meetings with these clusters. We use a collaborative note taking tool to track progress. The work itself is taking place in two phases. In the first phase, students will dive into the state of the art of their topic, resulting in a state of the art report. I will review these reports and provide feedback. In the second phase, students focus on their own contribution, and they will finally write their thesis. The thesis naturally builds on the state of the art report and extends it with the work describing the contribution. Before submitting the thesis, students have to present and defend their work in the BSc thesis seminar. The seminar grade is given for the presentation. The thesis grade is given for the thesis report, the technical accomplishments, including the work organization (regular participation in weekly meetings and steady progress).
If you are interested in systems-oriented computer science and computer security, either talk to me in person or schedule an online meeting. I expect that students have a solid understanding of operating systems and computer networks or computer security. I also expect that students are capable to handle programming tasks well and that they can work independently.
Hypervisors and Unikernels
Hypervisors for Embedded Systems (in Rust)
Virtual machines enabled server consolidation, which allowed companies to make more efficient use of hardware resources and they have enabled the modern cloud computing world. Hypervisors are now on their way to bring consolidation to embedded computing systems. However, this often requires to provide more guarantees and the hypervisors themselves must be hardened and in some cases satisfy requirements of safety critical software. As a consequence, a hypervisor for embedded systems may look very different from a hypervisor for cloud computing infrastructures.
The goal of research in this space is to investigate projects providing hypervisors targeting embedded systems. It is also relevant to consider to what extend newer safe system programming languages like Rust lead to good implementations.
Reading:
Unikernels
The idea of unikernels is to bundle operating system functionality with application code and to execute the resulting program directly under the control of a hypervisor.
Reading:
Tussle between Isolation and Performance
Isolation refers to the ability to keep multiple instances of software separated so that each instance only sees and can affect itself. A good example are operating systems that isolate running processes from each other. Other examples are hypervisors isolating virtual machines from each other or sandboxing mechanisms in applications. Isolation is essential for maintaining integrity and for implementing authorization policies. Unfortunately, isolation usually comes with some performance overhead and hence there is a tussle between isolation and performance.
The goal of research projects in this space is to investigate this tussle using example technologies and to provide a qualitative and quantitative evaluation.
Linux io_uring
The Linux io_uring system call enables applications to push sequences of IO operations into the kernel that are executed by the kernel asynchronously. While io_uring can provide significant performance benefits, it is also know for exposing a significant attack surface.
Reading:
Privilege separation for TLS implementations
TLS libraries are the swiss army knife for network security today. The operation of TLS can be roughly split into parts, one that is concerned with applying and verifying encryption of transmitted and received data, and one that is concerned with establishing, verifying and managing keys. Modern implementations often outsource the first part into the kernel or even the hardware in order to obtain best performance results while the second part remains implemented in user-space. The security of this part, however, may be further improved by implementing privilege separation.
The goal is to investigate the state of the art of TLS privilege separation implementations, to evaluate them or to improve them, or to investigate why the idea has not got sufficient traction for real-world deployment.
Reading:
Privilege separation libraries and frameworks
Privilege separation distributes work among several processes executing at different privilege levels. This requires to establish a communication channel between the processes in order to coordinate the work of the processes involved. Inventing a privilege several solutions from scratch is quite some work. The goal is to investigate which generic privilege separation libraries or frameworks exist, how they can be evaluated, and to conduct suitable experiments to investigate their performance and usability.
Reading:
RISC-V Hardware Security Mechanisms
RISC-V is an open and modular instruction set architecture, enjoying some uptake in the embedded systems world. While are some extensions of the RISC-V core specifications to provide hardware protection mechanisms, there is ongoing work on mechanisms for things like control flow protection or isolation mechanisms for low-complexity embedded devices.
The goal of research projects in this space is to investigate the current state of the art on RISC-V security mechanisms by conducting experiments where possible to verify results reported in the literature. This work requires a strong interest in computer architecture.
Reading:
Declarative System and Network Configuration
Declarative system and network configurations have for a long time been considered to be the holy grail to improve the robustness of the operation of complex IT systems by simplifying configuration management. Declarative configurations make it easier to reason over configurations, which is almost impossible with system configurations that are essentially sequences of instructions (sometimes even expressed in a Turing complete languages). Another concern is the ability to reproduce configurations, something of significant importance in large scale deployments where system replacements are regular activities or configuration changes are frequent and failure analysis requires to correctly recreate specific scenarios.
Recently, the nix package manager and the nix-os built on top of it has made some impact in terms of real-world deployments, instead of many academic prototypes before. The goal of this work is to compare the nix approach against other existing approaches and to investigate why the nix approach has gained quite some popularity in a short period of time.
Reading:
Network Security
Network security is a big area of research. Attacks are diverse, ranging from attacks on the network infrastructure (which is highly distributed and largely located in uncontrolled areas), attacks via the network on remote IT infrastructures, attacks on systems providing services over the network, to attacks where the main goal is to record communicated data and to break or prevent confidential communication.
Covert Channel Detection
Covert channels transfer information in such a way that the communication remains invisible to uninformed observers. Covert channels can be used to circumvent network security policies.
Reading:
Smuggling Attacks
Some communication protocols have multiple mechanisms to mark the end of message. Smuggling attacks try to exploit this by generating messages using multiple mechanism to mark the end of a message. By providing inconsistent length values, some implementations may consider a given block of data one big message while other implementations may consider the same block of data multiple smaller messages. This can then be exploited to circumvent security checks, by smuggling a message through a larger message. HTTP request smuggling attacks were described in 2005, SMTP smuggling attacks were presented in 2023.
Reading: