Projekte, Bakkalaureatsarbeiten, Diplomarbeiten, Dissertationen

Wenn Sie Interesse haben bei uns ein Projekt (PR), eine Bakkalaureats- (BA), Diplomarbeit (DA) oder Dissertation zu schreiben, kontaktieren Sie uns bitte per e-mail mit Angabe Ihres präferierten Themenwunsches oder Ihrer präferierten Themenwünsche.

Wir bieten zur Zeit die auf dieser Website publizierten Themen an. Weitere Themen, auch eigene, sind, sofern sie zu unseren Forschungsbereichen passen, ebenfalls - abhängig vom konkreten Fall - möglich. Die Themen können in persönlicher Absprache mit Ihnen unter Rücksichtnahme auf Ihre spezifischen Interessen in der Regel auch noch angepasst werden.

Einigen Themen kann ein rotes Rufzeichen vorangestellt sein. Das bedeutet, dass das Thema vor kurzem neu hinzugefügt wurde oder gerade aus anderen Gründen besondere Aktualität hat.

Derzeit haben wir keine konkreten Themen für Dissertationen veröffentlicht. Wenn Sie eine Dissertation bei uns schreiben möchten, schreiben Sie uns bitte ein e-mail zur Abstimmung möglicher Themen.

Die Sprache Ihrer Ausabeitung kann unabhängig von der Formulierung auf dieser Seite sowohl Deutsch als auch Englisch sein.

Anmerkung: Wir betrachten qualitative Betreuung, wissenschaftliche Anleitung, und One-on-One Mentoring als wichtigen Teil eines erfolgreichen Studiums. Unser Selbstverständnis ist, dass wir eine aktive Forschungsgruppe sind, bei der sich auch Studierende in die Sicherheitsforschung einbringen können und sogar sollen. Dazu bieten wir neben der Lehre unterschiedliche Möglichkeiten zur aktiven Teilnahme an, z.B. die intrinsisch motivierte Partizipation oder Mitorganisation von CTF-Contests im Rahmen unseres CTF-Teams defragmented.brains. In informellen Rahmen kann man dabei Wissen austauschen und weitergeben, gemeinsam an interessanten Challenges arbeiten, interessante Forschungsfragen diskutieren, die eigene Motivation in Resonanz bringen mit Gleichgesinnten, und schlussendlich nicht nur sich, sondern auch andere StudentInnen weiterbringen.

Dies alles setzt jedoch auch entsprechende Ressourcen in der Betreuung voraus. Es kann daher in speziellen Situationen vorkommen, dass ein konkretes auf dieser Seite ausgeschriebenes Thema im Einzelfall nicht sofort bearbeitet werden kann. Dies hängt von unterschiedlichen Faktoren ab, z.B. Vorwissen in bestimmten Themengebieten oder der eigenen Motivation sich engagiert in neue Themen einzuarbeiten.

Wenn wir Sie und Ihre Security-relevanten Fähigkeiten noch nicht gut kennen (z.B. weil Sie noch keine Projekte mit uns bearbeitet haben, weil wir Sie im Rahmen unserer Lehrveranstaltungen noch nicht gut genug kennenlernen konnten, und Sie auch als aktive/aktiven defragmented.brains SpielerIn, nicht erlebt haben), werden wir daher in einem gemeinsamen Kennenlern-Gespräch Ihre Kenntnisse und Erwartungen mit den einzelnen Themen und Anforderungen daran abgleichen mit der Zielsetzung die besten Voraussetzungen für alle Interessierten zu schaffen.

Bei ausgewählten Themen erachten wir aus unserer Erfahrung heraus eine aktive Mitwirkung bei CTF-Contests im Rahmen unseres CTF-Teams defragmented.brains als besonders sinnvoll. Diese sind mit einem vorangestellten ausgezeichnet.

Grundsätzlich freuen wir uns über alle Studierende, die aus eigenem Antrieb und mit einem Bestreben nach guten Ergebnissen interessante Security-Themen mit uns bearbeiten.

Einige der nachfolgend gelisteten Arbeiten können in Form von Kooperationen mit externen PartnerInnen durchgeführt werden. Es besteht in diesen Fällen auch immer wieder die Möglichkeit von weitergehender, eventuell bezahlter Mitarbeit in den Projekten. Gute ESSE-ForscherInnen haben oft schon aus der Projektarbeit einen direkten Weg ins Berufsleben gefunden.

Exploitation and Exploit Mitigation

• Kernel Exploit Evaluation (BA/PR/DA): Protection mechanisms are developed continuously to mitigate existing and prevent future kernel exploits. Compatibility of a specific exploit in general depends on the configuration of the kernel and the respective protections. Reproduce a selected set of known kernel exploits and evaluate their impact considering the available protection features of the Linux kernel.
• Heap Exploitation (PR/BA/DA): Many different heap allocator exist. Attacks on traditional memory allocators such as dlmalloc, jemalloc, etc are intricate but well-studied. Recently, some heap allocators emerged that are optimized for different performance scenarios with limited security countermeasures, such as the HOARD memory allocator, while others are optimized for security, such as DieHard, or Cling. Explore exploitation techniques for different heap allocators, what are their respective strengths and limits in real world scenarios. What is the best trade-off between heap protection and performance?
• Surveying and Improving Tooling for Pentesting (PR): At present, there is a lot of tooling available for penetration testing. Many of the tools have not been updated recently, are not sufficiently documented, contain unfixed bugs, or sometimes do not properly fit the job. Contribute to open source by surveying and improving current tooling to make them better useable.
• Generate Documentation/Tutorials to Support our Courses (PR): The software world keeps evolving fast. Improved mitigations and increasingly sophisticated exploitation techniques are stuck in an arms race. Generate documentation for security topics and explain how exploitation techniques and mitigations interact on modern systems. Examples include AArch64 exploitation, heap overflows, web security attacks.
• Exploit Weaponization vs IDS (BA/PR/DA): There is a huge gap from a PoC exploit to an exploit that can be used in practice, for example, in the presence of Intrusion Detetion Systems (IDS). Explore and analyse the necessary steps to develop a given PoC exploit into a weaponized attack tool that is able to evade detection under real-world conditions.

Applied Cryptography

• Backdoors in Cryptographic Algorithms and Implementations (BA/DA): Many different vectors exists for backdooring cryptgraphic mechanisms. State actors have already shown that it is even possible to introduce backdoors silently into cryptographic standards. ESSE Researchers have identified a range of vulnerabilities that can be leveraged as secret backdoors in many different highly critical infrastructures. Contribute with your thesis to exploring this extremely important and dicey topic together with us.
• Secure Group Communication (DA): In this thesis, you will design with us a secure group communication approach that allows censorship-free access to Internet resources and protects not only communication content but relevant metadata from surveillance efforts from powerful state actors. You will start by designing a comprehensive threat model and exploring whether a practical solution is possible that is both useable and secure combining state-of-the-art research results and modern tools.
• Cryptographic Attack Toolkit (BA/PR/DA): The Cryptographic Attack Toolkit (CAT) is a nascent open source research toolkit started by ESSE researchers and students, with the aims of consolidating cryptographic attacks in one framework and providing a useful basis for evaluating the practicability of cryptographic attacks, many of which are only insufficiently described in the literature, and not yet comprehensively testable against real applications or protocol implementations without much effort. In this thesis or course project, you will extend CAT and contribute to the project by improving the understanding of cryptographic weaknesses by making attacks more amenable, both in practice and theory, to the security practicioner and systems researcher.
• Post-Quantum Cryptography (BA): Various problems on integer lattices, such as the shortest vector problem (SVP), seem to provide an interesting ground on which cryptographic protocols can be supposedly constructed that may be secure in the the post-quantum age (where powerful adversaries will use quantum computers to break Factoring and DLog-based cryptography such as ECC). In this thesis, you will explain, analyze, and juxtapose different supposedly hard problems on lattices and compare them with regard to their respective complexity.
• Errors in Cryptographic Proofs (BA/PR/DA): Cryptographic proofs give confidence about the security of cryptographic schemes. However, cryptographic proofs are usually intricate and error-prone. The published literature is replete with security proofs that turned out later to be erroneous. In this thesis, you are going to focus on a specific family of cryptographic schemes, such as encryption schemes, authenticated key exchange, anonymous ecash, or different secure mulitparty computation protocols. You will compare security models and definitions, learn to understand their respective strengths and limitations for the selected family, and examine correct and erroneous security proofs. You will extract and expound on the high-level proof structures, identify the different proof techniques employed, and fill in technical details omitted by the scientific publications. You will analyze and categorise errors in the proofs, and will explore the practical significance and the potential real-world vulnerabilities that result from the weaknesses of the incorrectly proven schemes.
• Advancing the Security of Password Authentication (PR/BA/DA): Although secure protocols for password authentication such as SRP or J-PAKE exist, they are rarely used in practice. This situation is suboptimal. Work on improving this situation. Survey and compare all important methods suggested by the literature. Provide implementations of secure mechanisms for suitable open source products. Analyze the security and shortcomings of existing implementations. Contribute to the the design of new internet standards, respective the extension and update of existing standards, such as EAP (RFC 3748) and IKEv2 (RFC 7296).
• Cache Side-Channel Attacks on Password Hashing Schemes (DA): At least since the Spectre and Meltdown reveleations, cache side-channel attacks are a widely known security problem for many computer architectures. Long before the Spectre and Meltdown bugs have been discovered, cache side-channel vulnerabilities have been shown to enable attacks on cryptographic algorithms. Some modern password hashing schemes that do not have password-independent memory-access patterns, such as Argon2i, are known to be vulnerable. Consider cache side-channel attacks on passward hashing schemes within the wider context of cache side-channel attacks in general, and provide a practical implementation and analysis of cache side-channel attacks on a vulnerable password hashing scheme.
• Anonymity and Censorship-Resistance (BA/DA): Blockchain and zero-knowledge proof systems allow for creating various anonymous, as well as censorship-resistant, systems. One example is a secure voting system. Various topics concerning the design of such systems are available for being explored in your thesis.

Rootkits

• Survey of Current Rootkit Technology (PR/BA/DA): Analyze, compare, and survey state-of-the-art rootkit technology and employed mechanisms from available software artifacts. Which methods are discovered by rootkit detection tools? How easy is it to circumvent existing detection methods? Enhance existing and devise novel rootkit mechanisms, and describe how to mitigate against them.
• Proof-of-Concept Rootkit (PR/BA/DA): Implement selected rootkit components for a proof-of-concept rootkit using novel approaches and promising mechanisms and/or design and implement effective mitigation mechanisms against selected rootkit techniques.
• State-of-the-Art Rootkit using ARM Trustzone (PR/BA/DA): Many modern smartphones come equipped with a hardware based security extension (ARM Trustzone) capable of running a separate, secure OS. A functional Arm TrustZone rootkit was already developed. The rootkit analyses the memory of the Linux kernel to provide rootkit functionalities such as the escalation of privileges, or subversion of Android IPC communication. Various further subprojects can be defined for your thesis or project work, such as extending the existing rootkit to include the UEFI image in the analysis to improve stability and add more rootkit features.

Connected Cars

Derzeit keine offenen Themen vorhanden.

Sicherheitstests

•  Weitere Sicherheitstests-Themen nach Absprache (PR/BA/DA): Weitere Sicherheitstests-Themen, z.B. zu Testlabs/Testumgebungen, sind gegebenenfalls nach Abstimmung gerne möglich. Bitte schreiben Sie uns ein e-mail.

Mobile Security

• Code obfuscation using the Arm TrustZone (PR,DA): Reverse engineering tools such as Frida and Ghidra rely on being able to observe the executed code and full state of an application at runtime. The Arm TrustZone represents a protected area on the device, which can not be observed by those tools. Explore the possibilities to make use of the Arm TrustZone for obfuscation of mobile applications. Design and implement a secure cryptographic system for code encryption.
• Arm TrustZone Root Detection (PR/DA): Conventional rooting checks commonly rely on the inspection of the file system to determine whether the device is rooted. A root cloaker is able to use its elevated privileges to manipulate the subjective view on the system used for detection. Make use of the Arm TrustZone to get an objective outside view on the running system and implement a secure world root detection mechanism.
• Survey of Current Anti-Reverse Engineering Technologies (BA/DA/PR): A variety of tools that aim to prevent the reverse engineering of applications exist. Such tools are commonly used in mobile applications as they are a popular target for attackers. They employ code obfuscation, code encryption, and many more mechanisms to aggravate attacks. Analyse, survey, and compare current anti-reversing tools.
• Circumventing Anti-Reverse Engineering Tools (BA/DA/PR): Over the years, anti-reversing tools for mobile application have been leveraging more and more sophisticated mechanisms. First-generation approaches use simple heuristics to detect root access and very basic obfuscation methods to protect the source code of an application. Nowadays, techniques such as hook detection, code encryption, and white-box cryptography are commonly used in many products. Put yourself in the role of an attacker and research methods to bypass state-of-the-art anti-reverse engineering tools.
•  Improving Anti-Reverse Engineering Mechanisms (BA/DA/PR): The development of advanced reverse engineering tools and anti-reverse engineering techniques is a steady back and forth. The improvement on one side triggers an improvement on the other side. In the last few years the side of reverse engineering got a boost with the release of tools such as Ghidra and Frida. Research state-of-the-art tools used to reverse engineer applications. Analyse how these tools help in the process of reverse engineering. Implement and test measures to obstruct the reverse engineering process.
• Fuzzing of Baseband-Firmware (PR/DA): Modern smartphones contain at least two CPUs: Besides the application processor, which runs the smartphone OS (Android, iOS, etc), a second processors runs the the baseband firmware and the 3GPP/GSM/3g/4g/5g stacks. For this thesis, you will work on setting up an GSM/LTE base station and configure and run automated security tests, such as fuzzing, to identity vulnerabilities in commonly used baseband implementations.
• IMSI Catcher (PR/BA): Explore and evalaute different IMSI catcher-catcher heurisitics and apps. Define a setup for checking what surveillance efforts are being conducted in the real world, for example, during demonstrations and protests.

Embedded Security

• Investigate / Implement the Networking Capabilities of the Arm TrustZone (PR,DA): The normal world invokes the Arm TrustZone via Secure Monitor Calls (SMCs). However, GlobalPlatform also specified an API for Trusted Applications (TAs) that lets them act as network clients. Explore the possibilities to use TAs as network servers and as part of TrustZone-based peer-to-peer-networks.
• TrustZone Interaction with Wireless Hardware (PR, DA): A powerful capability of the Arm TrustZone is the direct access to the physical memory. Investigate how this ability can be used for interaction with wireless networking hardware (e.g., Wifi, Bluetooth). Explore also the opposite direction: Can wireless firmware interact with the TrustZone?
• Arm TrustZone Virtual Machine Obfuscation (PR, DA): Code obfuscation based on a Virtual Machine (VM) is a modern approach to increase the effort of reverse engineering. Randomized VMs choose different code paths across multiple executions. To protect the code path randomization from manipulation, develop a VM-based obfuscation system using the Arm TrustZone.

Software Security

•   Advanced Applications of Mixed Boolean Arithmetic (BA/DA/PR): Current simplifying engines such as provided by Mathematica, Sympy, and Z3 have difficulties processing expressions that mix arithmetic (+, -, * ) with bitwise (AND, OR, XOR, NOT) operations. The framework of Mixed Boolean Arithmetics (MBA) allows for the rewriting of simple mathematical expressions in terms of a large set of profoundly complicated and hard-to-simplify terms, hiding the purpose of the original expression. Due to this property, they have been used in code obfuscation and software protection, for example, to hide keys, generate opaque predicates, and increase code complexity. Most works concerned with the generation or breaking of MBAs have focused on linear MBAs, which only make up a small subset of all MBAs. Study more complicated MBAs, as well as explore advanced applications of them in code obfuscation.

• Improving Security of Critical Components (BA/PR): In the last few years, there have been multiple memory-related vulnerabilities found in various applications. For example, recently a vulnerability was found in the sudo application, granting root privileges by abusing a heap-based buffer overflow. The Rust programming language aims to address such problems, while performing almost as good as C/C++. Research the feasibility of (re-)writing critical components in the Rust programming language. Analyse questions, such as how Rust impacts the further predisposition for memory-related vulnerabilities.

Network Security

Derzeit keine offenen Themen vorhanden.

Teaching IT Security

Derzeit keine offenen Themen vorhanden.

Privacy

Derzeit keine offenen Themen vorhanden.

Digital Forensics

• Memory Forensics on Mobile Devices (BA/DA/PR): Mobile devices contain a multitude of applications that may handle sensitive data, such as banking details, login data for accounts, and medical data. All this information may at one point be stored in the memory of a device that is attacked. Bad handling of data may lead to sensitive data, e.g., being stored longer than needed and made accessible to unintended third-parties. Improve on memory dumping techniques for mobile devices as well as analyses techniques for extracting sensitive data from memory dumps.

(updated: 30.01.2024 16:29:28 +0000) Back to Top