Student Thesis Topics (2026)

Heap allocators in many unikernels lack strong defenses, allowing attackers to corrupt allocator metadata and gain control of the system. This project will analyze heap allocator vulnerabilities in Unikraft and OSv, implement and evaluate heap hardening strategies (metadata isolation, safe bins), and measure performance/security trade-offs.

References:

• Yun, Insu, et al. "HardsHeap: a universal and extensible framework for evaluating secure allocators." Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021.
• Du, Suiyuan, Zhaojie Li, and Jin Li. "Heap Vulnerability Exploitation Techniques on the Linux Platform: An Overview." 2024 9th International Conference on Signal and Image Processing (ICSIP). IEEE, 2024.
• Kuenzer, Simon, et al. "Unikraft: fast, specialized unikernels the easy way." Proceedings of the Sixteenth European Conference on Computer Systems. 2021.
• Kivity, Avi, et al. "OSv - Optimizing the Operating System for Virtual Machines." 2014 Usenix Annual Technical Conference (Usenix ATC 14). 2014.

RustyHermit aims to combine Rust's memory safety with unikernel efficiency, yet it may still contain exploitable bugs. This project will analyze the security posture of RustyHermit by auditing core subsystems (network driver, scheduler), attempting common exploit classes (buffer overflows, use-after-free, logic flaws), and proposing fixes or defenses.

References:

• Lankes, Stefan, et al. "RustyHermit: a scalable, rust-based virtual execution environment." International Conference on High Performance Computing. Cham: Springer International Publishing, 2020.
• Rapp, Leonard, et al. Analysis of unikernel security with a focus on RustyHermit. Master Thesis, Universitätsbibliothek der RWTH Aachen, 2024.

Conduct a comprehensive security benchmark comparing RustyHermit, Unikraft, OSv, and nanos under identical workloads. Define metrics (attack surface, vulnerability count, exploit difficulty) using tools like static analysis, fuzzing, and runtime probing.

References:

• Wollman, Alex, and John Hastings. "A survey of unikernel security: Insights and trends from a quantitative analysis." 2024 Cyber Awareness and Research Symposium (CARS). IEEE, 2024.
• Lankes, Stefan, et al. "RustyHermit: a scalable, rust-based virtual execution environment." International Conference on High Performance Computing. Cham: Springer International Publishing, 2020.
• Kuenzer, Simon, et al. "Unikraft: fast, specialized unikernels the easy way." Proceedings of the Sixteenth European Conference on Computer Systems. 2021.
• Kivity, Avi, et al. "OSv - Optimizing the Operating System for Virtual Machines." 2014 Usenix Annual Technical Conference (Usenix ATC 14). 2014.
• Nanos, Available at: https://nanos.org

Unikernel Linux (UKL) integrates unikernel optimizations into the Linux kernel while maintaining general-purpose capabilities. This project will analyze UKL???s attack surface compared to normal Linux and specialized unikernels, focusing on syscall reductions, privilege separation, and isolation.

References:

• Raza, Ali, et al. "Unikernel linux (ukl)." Proceedings of the Eighteenth European Conference on Computer Systems. 2023.
• Waldo Verstraete. How secure is a Linux unikernel really?, Available at: https://libstore.ugent.be/fulltxt/RUG01/003/015/188/RUG01-003015188_2021_0001_AC.pdf

Develop an automated detection and mitigation system for DKIM length tag vulnerabilities in email authentication. The project will implement a multi-stage email security framework that identifies DKIM signatures using partial body hashing, validates email integrity through complete body verification, and detects potential email spoofing attempts that bypass partial hash coverage. The system will integrate with existing email gateways using SMTP protocol analysis and provide real-time alerts for suspicious patterns.

References:

• Decoding I-Tag DKIM Vulnerability and Its Impact on Email Deliverability and Security, Available at: https://dmarcreport.com/blog/decoding-i-tag-dkim-vulnerability-and-its-impact-on-email-security/
• Crocker, Dave, Tony Hansen, and Murray Kucherawy, eds. "RFC 6376: Domainkeys identified mail (DKIM) signatures." (2011).
• Vitale, Marco. Enhancing Email Forensics: A DKIM archiving and re-verification tool for long-term Signature validation. Diss. Politecnico di Torino, 2024.

This project conducts a systematic analysis of real-world DKIM and DMARC configurations across multiple domains, identifying deployment weaknesses such as selector collisions, key reuse, alignment failures, and inadequate reporting policies that enable email spoofing and phishing bypasses. Using public DNS datasets and SMTP header corpora, the project will quantifies common misconfigurations and develops automated validation tooling with best-practice hardening recommendations including strong RSA keys, unique selectors per service, strict alignment, and quarantine/reject policies.

References:

• Hureau, Olivier, et al. "Spoofed Emails: An Analysis of the Issues Hindering a Larger Deployment of DMARC." International Conference on Passive and Active Network Measurement. Cham: Springer Nature Switzerland, 2024.
• Wang, Chuhan, et al. "A large-scale and longitudinal measurement study of DKIM deployment." 31st USENIX Security Symposium (USENIX Security 22). 2022.
• Shen, Kaiwen, et al. "Weak links in authentication chains: A large-scale analysis of email sender spoofing attacks." 30th USENIX Security Symposium (USENIX Security 21). 2021.

TBD

Develop an intelligent seccomp (secure computing) profile generator that automatically creates minimal-privilege seccomp policies for containerized applications. The system will instrument containers to identify necessary system calls, generate restrictive seccomp profiles allowing only essential syscalls, and validate that applications function correctly with minimal permissions. The project includes policy analysis, enforcement verification, and integration with Kubernetes and Docker runtimes.

References:

• Molleti, Ramasankar. "Container runtime security detection and prevention techniques." World J. Adv. Res. Reviews 24 (2024): 2626-2639.
• Lopes, Nuno, et al. "Container hardening through automated seccomp profiling." Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds. 2020.

Build a deep learning system for detecting DNS tunneling attacks that exfiltrate data or establish covert command-and-control channels through DNS protocol manipulation. The project will implement feature extraction from DNS query patterns, train CNN and LSTM neural networks to identify anomalous DNS behavior, and deploy a real-time detection system integrating with network monitoring infrastructure. The system will distinguish between benign DNS queries and tunneling attacks using statistical analysis of domain names, query frequencies, and response patterns.

References:

• Kenji, Henry. "Detecting DNS Tunneling Attacks Using Deep Learning-based Intrusion Detection Systems." Available at SSRN 5231254 (2025).
• Amirov, Novruz, et al. "DNS Tunneling: Threat Landscape and Improved Detection Solutions." arXiv preprint arXiv:2507.10267 (2025).
• The CTU-13 Dataset. A Labeled Dataset with Botnet, Normal and Background traffic. Available at: https://www.stratosphereips.org/datasets-ctu13
• Intrusion detection evaluation dataset (CIC-IDS2017), Available at: https://www.unb.ca/cic/datasets/ids-2017.html
• Ghosh, Tirthankar, Eman El-Sheikh, and Wasseem Jammal. "A Multi-Stage Detection Technique for DNS-Tunneled Botnets." CATA. 2019.

Create a machine learning model for early-stage detection of IoT botnet propagation before attacks are launched. The project will analyze network traffic patterns from IoT devices during the scanning and infection phases of botnet formation, distinguishing between benign IoT communication and malicious C2 (Command & Control) traffic. The system will employ supervised learning for initial traffic classification and ACF (AutoCorrelation Function) analysis for temporal anomaly detection, enabling detection of individual infected devices within larger botnets.

References:

• Pokhrel, Satish, Robert Abbas, and Bhulok Aryal. "IoT security: botnet detection in IoT using machine learning." arXiv preprint arXiv:2104.02231 (2021).
• Kumar, Ayush, et al. "Machine learning-based early detection of IoT botnets using network-edge traffic." Computers and Security 117 (2022): 102693.
• Rasool, Ariwan, Nader Sohrabi Safa, and Consolee Mbarushimana. "Exploring Machine Learning Approaches for Botnet Detection in IoT Networks: A Review." International Conference on Global Security, Safety, and Sustainability. Cham:Springer Nature Switzerland, 2023.
• A labeled dataset with malicious and benign IoT network traffic, Available at: https://www.stratosphereips.org/datasets-iot23
• CIC IoT dataset 2023, Available at: https://www.unb.ca/cic/datasets/iotdataset-2023.html
• The TON_IoT Datasets, Available at: https://research.unsw.edu.au/projects/toniot-datasets
• IoT network intrusion dataset, Available at: https://ieee-dataport.org/open-access/iot-network-intrusion-dataset

Develop a machine learning-based vulnerability forecasting system that predicts the volume and characteristics of Common Vulnerabilities and Exposures (CVEs) that will be disclosed in future months. The system will implement multiple time-series models (ARIMA, Prophet, XGBoost, LSTM), analyze historical CVE data since 1999, and provide predictive insights enabling proactive vulnerability management and resource planning. The framework will forecast both total CVE volume and severity-based breakdowns, enabling organizations to anticipate patch management demands.

References:

• Aghaei, Ehsan, et al. "Automated cve analysis for threat prioritization and impact prediction." arXiv preprint arXiv:2309.03040 (2023).
• CVE Forecast, Available at: https://github.com/rogolabs/cveforecast
• NIST NVD Data Feeds, Available at: https://nvd.nist.gov/vuln/data-feeds
• CVE List V5 Repository, Available at: https://github.com/CVEProject/cvelistV5
• CVE & CWE Dataset (1999 - 2025), Available at: https://www.kaggle.com/datasets/stanislavvinokur/cve-and-cwe-dataset-1999-2025

The Lean programming language and theorem prover provide a high-level programming environment for formalizing mathematics and verifying formalized proofs. Lean4 belongs to the class of functional programming languages, while the theorem prover is based on dependent type theory.

Usually first-year students are required to learn programming and how to write formal proofs. However, programming education is largely focused on imperative languages, while mathematics education often relies on handwritten proofs checked by humans.

To address this, we need to develop modular learning tutorials that supports students in learning the basics of functional programming and formal proof writing in Lean. Each module could focus on key topics such as recursion, higher-order functions, immutability, and proof by induction. Features should be implemented to detect common errors students make in Lean proofs and programming exercises, then provide real-time feedback and hints. The work may involve conducting assessment of learning materials using some first-year students (if possible) to evaluate their effectiveness.

Reading:

• Lean
• Jeremy Avigad, Leonardo de Moura, Soonho Kong and Sebastian Ullrich. "Theorem Proving in Lean 4"
• David Thrane Christiansen. "Functional Programming in Lean"
• Lean Game Server