Abschlussarbeiten

Auf dieser Seite finden Sie Informationen zu aktuell von uns angebotenen Themen für Abschlussarbeiten. Informationen zu bereits laufenden oder fertiggestellten Arbeiten finden sich auf einer Unterseite.

Für Informationen zum Ablauf einer Abschlussarbeit in unserem Institut beachten Sie bitte unsere Seite zu den Prüfungsmodalitäten.

Hinweis zur Sprache: Im Folgenden werden die verfügbaren Themen hauptsächlich auf Englisch aufgelistet. Bei der Bearbeitung eines Thema steht es Studierenden frei, sich entweder für Deutsch oder Englisch als Sprache für die Ausarbeitung zu entscheiden.

Bachelor-Arbeiten


20.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
Mai 2017
in Vorbereitung

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

19.
default
Kleber, Stephan und Kargl, Frank
Feature Extraction for Type-based Alignment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Feature extraction provides the necessary input values to identify types of network messages by clustering. The task of this thesis is to implement and evaluate alternative feature extraction methods for clustering according to a method called type-based alignment.Possible alternative feature extraction methods to be implemented are: Minimum entropy clustering, entropy-based metrics, variance-based metrics, or frequencies of substrings.

18.
default
Kleber, Stephan und Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

17.
default
Kleber, Stephan und Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

16.
default
Kleber, Stephan und Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

15.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

14.
default
Lukaseder, Thomas
Policy Checking of SDN-based Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Policy checker are programs that check the network topology whether there are policy violations such as loops r unreachable services. Controllers of software-defined networks sometimes include these policy checkers to ensure that policy violations do not go live in a network in the first place. However, placing these right next to the SDN controller can be problematic if the controller itself might be under attack or compromised. Therefore, we want to move the policy checker to an external middlebox directly comunicating with the switch infrastructure.

13.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

12.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

11.
default
Matousek, Matthias
Neural Network Prototyping
Bachelor Thesis, Project
Institute of Distributed Systems, Ulm University,
2017
in Vorbereitung

Schlüsselwörter: AA,

Marker: AA, BA, PROJEKT, MatthiasMatousek

Zusammenfassung: Machine learning with Neural Networks — especially Deep Learning — is currently booming. In order to test the potential of such algorithms for specific use cases, it is necessary to be able to quickly prototype and evaluate neural networks. In this thesis or project, the student shall compare different neural network frameworks, such as TensorFlow or Caffe, and implement an exemplary use case. Such a use case could be an anomaly detection mechanism for connected cars.

10.
default
David, Mödinger
Simulation of Statistical Spreading
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2017
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks, distributed, privacy, p2p

Zusammenfassung: With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.

9.
default
Erb, Benjamin
Evaluation of Key/Value Stores for Event Sourcing
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: Event sourcing is an alternative persistence approach that maintains a log of state-changing events instead of altering states directly. Event-sourced architectures require an event store for efficiently appending and retrieving log entries. In this project, an evaluation of different key/value stores and alternative (No)SQL stores is to be conducted in order to identify stores appropriate for event sourcing.

8.
default
Erb, Benjamin
Evaluation of Distributed Snapshotting Algorithms for Event-sourced Graphs
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, MA

7.
default
Erb, Benjamin
Design and Implementation of a REPL Interface for a Distributed Graph Processing Platform
Bachelor thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

6.
default
Erb, Benjamin
Secondary index structures on event-sourced graphs
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is the identification and evaluation of appropriate secondary index structures, in order to provide fast access onto specific notes of the graph topology. Also, a prototypical implementation is part of this work.

5.
default
Erb, Benjamin
Data mining on distributed, asynchronous graph platforms
Bachelor's thesis
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is to compile a survey of data mining mechanisms that can be executed on graphs. Specifically, asynchronicity has to be considered here. As a result, our current prototype should be evaluated on how it suits existing graph mining approaches.

4.
default
Mödinger, David
Evaluation of Cryptocurrency Simulators
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks

Zusammenfassung: Over the last few years, cryptocurrencies gained momentum. Cryptocurrencies are digital currencies on top of peer-to-peer networks. Many open questions about cryptocurrencies can be solved through experiments. For those experiments the network is simulated and the influence of certain parameters is observed. Currently there are few simulators for peer-to-peer based cryptocurrencies, e.g. Btcsim and Shadow. The goal of this thesis is a comparison of simulators for Bitcoin. The evaluation should especially examine the following features: Scalability of simulations, complexity of usage and complexity of adaption for different currencies.

3.
default
Kleber, Stephan und Kargl, Frank
Evaluation and Enhancement of "ReFuzz"
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: A previous project developed the fuzzing framework "ReFuzz" for the analysis of unknown network protocols. An evaluation about the efficacy and efficiency of the framework's approach is to be conducted. For this a reasonable selection of suited protocol examples has to be found which allows to create metrics for the evaluation. Measurements are to be conducted to show the utility of ReFuzz in the use case of network protocol reverse engineering.

2.
default
Kleber, Stephan und Kargl, Frank
Evaluation of Algorithms for Static Network Protocol Analysis
Master's or Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2014
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Several Algorithms have been proposed for static network protocol analysis. It is difficult, however, to compare the actual algorithms for the differences in their specific implementation. By re-implementing those algorithms in a similar manner it is to become feasible to conduct comparable measurements: Thereby this thesis should test how successful protocol reverse engineering can be using the known approaches. The process of reverse engineering a protocol is to be explored and retraced based on the regarded approaches. Measurement results are to be analyzed and discussed. After an analysis of the re-implemented algorithms has been completed, it may be considered whether additional computing capacity can improve the results of a reasonable subset of implementations. Computing infrastructures like Amazon EC2 or similar can be made available for this purpose.

1.
default
Nikolov, Vladimir und Hauck, Franz J.
Implementierung eines Deferrable Servers auf der Basis von RTSJ - Processing Groups
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2012
in Vorbereitung

Marker: BA, AA, VladimirNikolov, FranzHauck

Zusammenfassung: Ein Gegenstand von RTSJ sind die sog. Processing Groups. Ähnlich wie bei den Standard Java ThreadGroups können hiermit mehrere Echtzeitaktivitätsträger logisch zusammengefasst werden. Bei ihrer Ausführung schöpfen diese dann Ressourcen aus einem gemeinsamen Pool aus. Sind die Ressourcen verbraucht, müssen die Aktivitätsträger unter Umständen warten, bis der Pool wieder aufgefüllt wird. Dieses Verhalten ähnelt stark den aus der Echtzeitliteratur bekannten Deferrable Servers. Letztere werden z.B. für die Behandlung und Isolation von aperiodischen Aktivitäten in Systemen mit periodischen Echtzeit-Tasks verwendet und weisen eine bessere Reaktionsfähigkeit gegenüber anderen Servermechanismen. Im Rahmen dieser Bachelorarbeit soll die Funktionalität der RTSJ Processing Groups erweitert und ein Deferrable Server implementiert werden. Hierbei soll eine Real-Time fähige Java Virtual Machine unter Linux eingesetzt werden. Kenntnisse in den Programmiersprachen C und C++, sowie der JNI-Programmierschnittstelle sind von Vorteil.

Master-Arbeiten


22.
default
Kleber, Stephan und Kargl, Frank
Feature Extraction for Type-based Alignment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Feature extraction provides the necessary input values to identify types of network messages by clustering. The task of this thesis is to implement and evaluate alternative feature extraction methods for clustering according to a method called type-based alignment.Possible alternative feature extraction methods to be implemented are: Minimum entropy clustering, entropy-based metrics, variance-based metrics, or frequencies of substrings.

21.
default
Kleber, Stephan und Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

20.
default
Kleber, Stephan und Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

19.
default
Kleber, Stephan und Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

18.
default
Matousek, Matthias und Lang, Dominik
OBD Data-Logger for Driving Behaviour Analysis
Project
Institute of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: MatthiasMatousek, DominikLang, PROJEKT, AA

Zusammenfassung: Analysis of driving behaviour presents opportunities for security, but comes with implications for privacy. In order to conduct research in this field, driving data is required. The goal of this project is to implement tools that log driving data from a vehicle's OBD port. Further, a framework for data analysis — e.g. via machine learning mechanisms — should be provided.

17.
default
Matousek, Matthias
Comparison of Homomorphic Encryption Scheme Implementations
Master Thesis, Project
Institute of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, MA, PROJEKT, MatthiasMatousek

Zusammenfassung: Homomorphic Encryption (HE) -- the "holy grail" of cryptography -- allows computation on encrypted data without knowledge of the encryption keys. While it has been shown that both partially (only limited operations) as well as fully homomorphic crypto-systems (unlimited, arbitrary operations) are possible, they still come with substantial computation complexity and storage requirements. Goal of this work is to survey and compare HE scheme implementations. Properties of interest are their capabilities (partially vs. fully homomorphic), performance (speed and storage), as well as their favourable applications. The applicant should be familiar with IT security concepts (lecture "Security of IT-Systems") and cryptography (lecture "Kryptologie - Methoden und Algorithmen" and optimally "Privacy Engineering and Privacy Enhancing Technologies - PET"). They should further be interested in the application of different programming languages (such as C++, Python, Haskell, Java, and others). While no expert knowledge of programming languages is required, HE schemes are implemented in different languages, and thus, the willingness to explore these should be present. This topic is suitable for a Master thesis, or as a Master project.

16.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

15.
default
Lukaseder, Thomas
Policy Checking of SDN-based Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Policy checker are programs that check the network topology whether there are policy violations such as loops r unreachable services. Controllers of software-defined networks sometimes include these policy checkers to ensure that policy violations do not go live in a network in the first place. However, placing these right next to the SDN controller can be problematic if the controller itself might be under attack or compromised. Therefore, we want to move the policy checker to an external middlebox directly comunicating with the switch infrastructure.

14.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

13.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

12.
default
Matousek, Matthias
Neural Network Prototyping
Bachelor Thesis, Project
Institute of Distributed Systems, Ulm University,
2017
in Vorbereitung

Schlüsselwörter: AA,

Marker: AA, BA, PROJEKT, MatthiasMatousek

Zusammenfassung: Machine learning with Neural Networks — especially Deep Learning — is currently booming. In order to test the potential of such algorithms for specific use cases, it is necessary to be able to quickly prototype and evaluate neural networks. In this thesis or project, the student shall compare different neural network frameworks, such as TensorFlow or Caffe, and implement an exemplary use case. Such a use case could be an anomaly detection mechanism for connected cars.

11.
default
David, Mödinger
Simulation of Statistical Spreading
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2017
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks, distributed, privacy, p2p

Zusammenfassung: With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.

10.
default
Kopp, Henning
Hashing into elliptic curves
Institut für Verteilte Systeme, Universität Ulm,
2016
in Vorbereitung

Marker: AA, MA, HenningKopp, FrankKargl, itsec

Zusammenfassung: Cryptographical hash functions are functions which compress an arbitrarily large (finite) input into a fixed finite set. They can serve as fingerprint of a file, since it is computationally difficult to find two inputs which yield the same hash value. Recently there appeared numerous cryptographic constructions which require a hash function which maps into an elliptic curve. This is a pretty recent development and has not yet been thoroughly researched. There are some candidate constructions but without performance measurements. The goal of the thesis is to compare the security properties of the schemes, as well as measuring their performance. Maybe you can even come up with your own own scheme for hashing into elliptic curves which you will get time to investigate.

9.
default
Kleber, Stephan
Proof-of-Concept for a Distance Bounding Protocol enhanced by a Physically Unclonable Function implemented on an FPGA
Master's or Bachelor's thesis, Project
Institute of Distributed Systems, Ulm University,
2016
in Vorbereitung

Marker: MA, PROJEKT, StephanKleber

Zusammenfassung: Distance Bounding Protokolle (DBPs) dienen dem Nachweis eines physischen Abstands zwischen zwei drahtlos kommunizierenden Geräten. Es gibt einen neuartigen Ansatz bestehende Sicherheitsprobleme dieser Protokolle zu lösen. Dieser bedient sich sogenannter Physical Unclonable Functions (PUFs), die ein Gerät eindeutig identifiziern können. Im Rahmen dieses Projektes soll zu diesem Konzept eines PUF-erweiterten DBPs eine Proof-of-Concept Implementierung auf einem FPGA realisiert werden. Diese Implementierung soll im Folgenden praktisch mit Messungen der Laufzeiteigenschaften evaluiert werden.

8.
default
Erb, Benjamin
Evaluation of Distributed Snapshotting Algorithms for Event-sourced Graphs
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, MA

7.
default
Erb, Benjamin
Interactive exploration of event-sourced graphs
Master's thesis, Diploma thesis, or Project (8 or 16 ECTS)
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: AA, MA, DA, PROJEKT, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: The chronograph platform is a system for computing on evolving graphs. One module of the platform should provide an interactive user interface for exploring the history, evolution, and topology of the graph. The goal of this project is the design and implementation of a scalable, web-based user interface for the exploration of chronograph data.

6.
default
Mödinger, David
Evaluation of Cryptocurrency Simulators
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks

Zusammenfassung: Over the last few years, cryptocurrencies gained momentum. Cryptocurrencies are digital currencies on top of peer-to-peer networks. Many open questions about cryptocurrencies can be solved through experiments. For those experiments the network is simulated and the influence of certain parameters is observed. Currently there are few simulators for peer-to-peer based cryptocurrencies, e.g. Btcsim and Shadow. The goal of this thesis is a comparison of simulators for Bitcoin. The evaluation should especially examine the following features: Scalability of simulations, complexity of usage and complexity of adaption for different currencies.

5.
default
Kleber, Stephan und Kargl, Frank
Evaluation of Algorithms for Static Network Protocol Analysis
Master's or Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2014
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Several Algorithms have been proposed for static network protocol analysis. It is difficult, however, to compare the actual algorithms for the differences in their specific implementation. By re-implementing those algorithms in a similar manner it is to become feasible to conduct comparable measurements: Thereby this thesis should test how successful protocol reverse engineering can be using the known approaches. The process of reverse engineering a protocol is to be explored and retraced based on the regarded approaches. Measurement results are to be analyzed and discussed. After an analysis of the re-implemented algorithms has been completed, it may be considered whether additional computing capacity can improve the results of a reasonable subset of implementations. Computing infrastructures like Amazon EC2 or similar can be made available for this purpose.

4.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in Vorbereitung

Marker: MA, DA, AA, FrankKargl, privacy, mobile

Zusammenfassung: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

3.
default
Spann, Christian und Hauck, Franz J.
Design einer generischen API für Gruppenkommunikationsprotokolle
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: MA, DA, AA, ChristianSpann, FranzHauck, ft

Zusammenfassung: Die Implementierung von Einigungsalgorithmen wie zum Beispiel Paxos oder dessen Erweiterung Vertical Paxos stellen den Programmierer wiederholt vor ähnliche Designentscheidungen. Eine generische API könnte eine Basis für die Wiederverwendung vieler Teilkomponenten schaffen und so den Aufwand für die Implementierung neuer Algorithmen reduzieren. Ziel der Arbeit ist der Entwurf einer solchen API.

2.
default
Schober, Sven und Hauck, Franz J.
Alias-Auflösung bei der Topologieerkennung
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Wissen über die Netzwerktopologie kann Helfen die Dienstgüte verteilter Multimedia-Anwendungen zu verbessern. Ein bekanntes Werkzeug zur Topologieerfassung ist traceroute, welches die einzelnen Hops einer Internet-Route von Quell- zu Zielhost sichtbar machen kann. Um ein umfassendes Bild der Topologie zwischen mehreren Teilnehmern zu erhalten müssen jedoch einige Herausforderungen angegangen werden: Zum einen existiert mit Load-Balancern eine starke Quelle von Ungenauigkeiten (Es können z.B. Links erkannt werden, welche nicht existieren.) zum anderen sind die Routen der Hin- und Rückrichtung im Allgemeinen nicht identisch und selbst wenn, ist dies nicht immer ohne Weiteres erkennbar: Router werden doppelt erkannt, weil deren ein- und ausgehendes Netzwerk-Inteface nicht zuordenbar sind. Man nennt dies Aliasing. In diesem Thema soll zunächst der Stand der Technik bei der Alias-Auflösung aufgearbeitet werden und dann aufbauend auf existierenden Vorarbeiten eine Implementierung angefertigt, sowie u.U. bestehende Heuristiken in ihrer Effizienz verbessert werden.

1.
default
Schober, Sven und Hauck, Franz J.
Verteile, aktuelle Bandbreitenvorhersage mit DAE
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Verteilte Anwendungen können von Wissen über die vrfügbare Bandbreite eines Netzwerkpfades profitieren. Ein breites Forschungsfeld damit befasst, wie möglichst akkurate Vorhersagen bei geringem Messaufwand möglich sind. Am Lehrstuhl für Verteilte System ist der "Direction-aware embedding" (DAE)-Algorithmuys entwickelt worden, welcher asymmetrische Bandbreitenverhältnisse genauer vorhersagen kann als bisherige Ansätze. Dabei werden Knoten auf einem Baum platziert, dessen Kanten mit Gewichten versehen und anhand dessen Vorhersagen getroffen. Ein Problem dieses Ansatzes ist das altern der Messinformation und damit eine über die Zeit immer schlechter werdende Vorhersageleistung. Eine weitere Herausforderung stellt die Baumdatenstruktur an sich dar: wird sie zentral gespeichert skaliert dies schlecht in der Knotenzahl, wird sie verteilt gespeichert hat man ein Synchronisierungsproblem. Ziel dieser Masterarbeit ist es, die genannten Herausforderungen zu untersuchen, einen Lösungsvorschlag zu erarbeiten, zu implementieren und zu evaluieren.

Netzwerke


14.
default
Kleber, Stephan und Kargl, Frank
Feature Extraction for Type-based Alignment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Feature extraction provides the necessary input values to identify types of network messages by clustering. The task of this thesis is to implement and evaluate alternative feature extraction methods for clustering according to a method called type-based alignment.Possible alternative feature extraction methods to be implemented are: Minimum entropy clustering, entropy-based metrics, variance-based metrics, or frequencies of substrings.

13.
default
Kleber, Stephan und Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

12.
default
Kleber, Stephan und Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

11.
default
Kleber, Stephan und Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

10.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

9.
default
Lukaseder, Thomas
Policy Checking of SDN-based Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Policy checker are programs that check the network topology whether there are policy violations such as loops r unreachable services. Controllers of software-defined networks sometimes include these policy checkers to ensure that policy violations do not go live in a network in the first place. However, placing these right next to the SDN controller can be problematic if the controller itself might be under attack or compromised. Therefore, we want to move the policy checker to an external middlebox directly comunicating with the switch infrastructure.

8.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

7.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

6.
default
David, Mödinger
Simulation of Statistical Spreading
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2017
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks, distributed, privacy, p2p

Zusammenfassung: With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.

5.
default
Mödinger, David
Evaluation of Cryptocurrency Simulators
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks

Zusammenfassung: Over the last few years, cryptocurrencies gained momentum. Cryptocurrencies are digital currencies on top of peer-to-peer networks. Many open questions about cryptocurrencies can be solved through experiments. For those experiments the network is simulated and the influence of certain parameters is observed. Currently there are few simulators for peer-to-peer based cryptocurrencies, e.g. Btcsim and Shadow. The goal of this thesis is a comparison of simulators for Bitcoin. The evaluation should especially examine the following features: Scalability of simulations, complexity of usage and complexity of adaption for different currencies.

4.
default
Kleber, Stephan und Kargl, Frank
Evaluation and Enhancement of "ReFuzz"
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: A previous project developed the fuzzing framework "ReFuzz" for the analysis of unknown network protocols. An evaluation about the efficacy and efficiency of the framework's approach is to be conducted. For this a reasonable selection of suited protocol examples has to be found which allows to create metrics for the evaluation. Measurements are to be conducted to show the utility of ReFuzz in the use case of network protocol reverse engineering.

3.
default
Kleber, Stephan und Kargl, Frank
Evaluation of Algorithms for Static Network Protocol Analysis
Master's or Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2014
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Several Algorithms have been proposed for static network protocol analysis. It is difficult, however, to compare the actual algorithms for the differences in their specific implementation. By re-implementing those algorithms in a similar manner it is to become feasible to conduct comparable measurements: Thereby this thesis should test how successful protocol reverse engineering can be using the known approaches. The process of reverse engineering a protocol is to be explored and retraced based on the regarded approaches. Measurement results are to be analyzed and discussed. After an analysis of the re-implemented algorithms has been completed, it may be considered whether additional computing capacity can improve the results of a reasonable subset of implementations. Computing infrastructures like Amazon EC2 or similar can be made available for this purpose.

2.
default
Schober, Sven und Hauck, Franz J.
Alias-Auflösung bei der Topologieerkennung
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Wissen über die Netzwerktopologie kann Helfen die Dienstgüte verteilter Multimedia-Anwendungen zu verbessern. Ein bekanntes Werkzeug zur Topologieerfassung ist traceroute, welches die einzelnen Hops einer Internet-Route von Quell- zu Zielhost sichtbar machen kann. Um ein umfassendes Bild der Topologie zwischen mehreren Teilnehmern zu erhalten müssen jedoch einige Herausforderungen angegangen werden: Zum einen existiert mit Load-Balancern eine starke Quelle von Ungenauigkeiten (Es können z.B. Links erkannt werden, welche nicht existieren.) zum anderen sind die Routen der Hin- und Rückrichtung im Allgemeinen nicht identisch und selbst wenn, ist dies nicht immer ohne Weiteres erkennbar: Router werden doppelt erkannt, weil deren ein- und ausgehendes Netzwerk-Inteface nicht zuordenbar sind. Man nennt dies Aliasing. In diesem Thema soll zunächst der Stand der Technik bei der Alias-Auflösung aufgearbeitet werden und dann aufbauend auf existierenden Vorarbeiten eine Implementierung angefertigt, sowie u.U. bestehende Heuristiken in ihrer Effizienz verbessert werden.

1.
default
Schober, Sven und Hauck, Franz J.
Verteile, aktuelle Bandbreitenvorhersage mit DAE
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Verteilte Anwendungen können von Wissen über die vrfügbare Bandbreite eines Netzwerkpfades profitieren. Ein breites Forschungsfeld damit befasst, wie möglichst akkurate Vorhersagen bei geringem Messaufwand möglich sind. Am Lehrstuhl für Verteilte System ist der "Direction-aware embedding" (DAE)-Algorithmuys entwickelt worden, welcher asymmetrische Bandbreitenverhältnisse genauer vorhersagen kann als bisherige Ansätze. Dabei werden Knoten auf einem Baum platziert, dessen Kanten mit Gewichten versehen und anhand dessen Vorhersagen getroffen. Ein Problem dieses Ansatzes ist das altern der Messinformation und damit eine über die Zeit immer schlechter werdende Vorhersageleistung. Eine weitere Herausforderung stellt die Baumdatenstruktur an sich dar: wird sie zentral gespeichert skaliert dies schlecht in der Knotenzahl, wird sie verteilt gespeichert hat man ein Synchronisierungsproblem. Ziel dieser Masterarbeit ist es, die genannten Herausforderungen zu untersuchen, einen Lösungsvorschlag zu erarbeiten, zu implementieren und zu evaluieren.

Mobile Systeme


1.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in Vorbereitung

Marker: MA, DA, AA, FrankKargl, privacy, mobile

Zusammenfassung: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

Distributed Computing


9.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
Mai 2017
in Vorbereitung

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

8.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

7.
default
David, Mödinger
Simulation of Statistical Spreading
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2017
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks, distributed, privacy, p2p

Zusammenfassung: With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.

6.
default
Erb, Benjamin
Evaluation of Key/Value Stores for Event Sourcing
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: Event sourcing is an alternative persistence approach that maintains a log of state-changing events instead of altering states directly. Event-sourced architectures require an event store for efficiently appending and retrieving log entries. In this project, an evaluation of different key/value stores and alternative (No)SQL stores is to be conducted in order to identify stores appropriate for event sourcing.

5.
default
Erb, Benjamin
Evaluation of Distributed Snapshotting Algorithms for Event-sourced Graphs
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, MA

4.
default
Erb, Benjamin
Design and Implementation of a REPL Interface for a Distributed Graph Processing Platform
Bachelor thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

3.
default
Erb, Benjamin
Secondary index structures on event-sourced graphs
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is the identification and evaluation of appropriate secondary index structures, in order to provide fast access onto specific notes of the graph topology. Also, a prototypical implementation is part of this work.

2.
default
Erb, Benjamin
Interactive exploration of event-sourced graphs
Master's thesis, Diploma thesis, or Project (8 or 16 ECTS)
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: AA, MA, DA, PROJEKT, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: The chronograph platform is a system for computing on evolving graphs. One module of the platform should provide an interactive user interface for exploring the history, evolution, and topology of the graph. The goal of this project is the design and implementation of a scalable, web-based user interface for the exploration of chronograph data.

1.
default
Erb, Benjamin
Data mining on distributed, asynchronous graph platforms
Bachelor's thesis
Institute of Distributed Systems,
2016
in Vorbereitung

Marker: AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Zusammenfassung: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is to compile a survey of data mining mechanisms that can be executed on graphs. Specifically, asynchronicity has to be considered here. As a result, our current prototype should be evaluated on how it suits existing graph mining approaches.

Privacy


3.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
Mai 2017
in Vorbereitung

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

2.
default
David, Mödinger
Simulation of Statistical Spreading
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
2017
in Vorbereitung

Marker: AA, BA, DavidMoedinger, networks, distributed, privacy, p2p

Zusammenfassung: With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.

1.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in Vorbereitung

Marker: MA, DA, AA, FrankKargl, privacy, mobile

Zusammenfassung: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

IT-Sicherheit


12.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
Mai 2017
in Vorbereitung

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

11.
default
Kleber, Stephan und Kargl, Frank
Feature Extraction for Type-based Alignment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Feature extraction provides the necessary input values to identify types of network messages by clustering. The task of this thesis is to implement and evaluate alternative feature extraction methods for clustering according to a method called type-based alignment.Possible alternative feature extraction methods to be implemented are: Minimum entropy clustering, entropy-based metrics, variance-based metrics, or frequencies of substrings.

10.
default
Kleber, Stephan und Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

9.
default
Kleber, Stephan und Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

8.
default
Kleber, Stephan und Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

7.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

6.
default
Lukaseder, Thomas
Policy Checking of SDN-based Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Policy checker are programs that check the network topology whether there are policy violations such as loops r unreachable services. Controllers of software-defined networks sometimes include these policy checkers to ensure that policy violations do not go live in a network in the first place. However, placing these right next to the SDN controller can be problematic if the controller itself might be under attack or compromised. Therefore, we want to move the policy checker to an external middlebox directly comunicating with the switch infrastructure.

5.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

4.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in Vorbereitung

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

3.
default
Kopp, Henning
Hashing into elliptic curves
Institut für Verteilte Systeme, Universität Ulm,
2016
in Vorbereitung

Marker: AA, MA, HenningKopp, FrankKargl, itsec

Zusammenfassung: Cryptographical hash functions are functions which compress an arbitrarily large (finite) input into a fixed finite set. They can serve as fingerprint of a file, since it is computationally difficult to find two inputs which yield the same hash value. Recently there appeared numerous cryptographic constructions which require a hash function which maps into an elliptic curve. This is a pretty recent development and has not yet been thoroughly researched. There are some candidate constructions but without performance measurements. The goal of the thesis is to compare the security properties of the schemes, as well as measuring their performance. Maybe you can even come up with your own own scheme for hashing into elliptic curves which you will get time to investigate.

2.
default
Kleber, Stephan und Kargl, Frank
Evaluation and Enhancement of "ReFuzz"
Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2015
in Vorbereitung

Marker: AA, BA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: A previous project developed the fuzzing framework "ReFuzz" for the analysis of unknown network protocols. An evaluation about the efficacy and efficiency of the framework's approach is to be conducted. For this a reasonable selection of suited protocol examples has to be found which allows to create metrics for the evaluation. Measurements are to be conducted to show the utility of ReFuzz in the use case of network protocol reverse engineering.

1.
default
Kleber, Stephan und Kargl, Frank
Evaluation of Algorithms for Static Network Protocol Analysis
Master's or Bachelor's thesis
Institut für Verteilte Systeme, Universität Ulm,
2014
in Vorbereitung

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Several Algorithms have been proposed for static network protocol analysis. It is difficult, however, to compare the actual algorithms for the differences in their specific implementation. By re-implementing those algorithms in a similar manner it is to become feasible to conduct comparable measurements: Thereby this thesis should test how successful protocol reverse engineering can be using the known approaches. The process of reverse engineering a protocol is to be explored and retraced based on the regarded approaches. Measurement results are to be analyzed and discussed. After an analysis of the re-implemented algorithms has been completed, it may be considered whether additional computing capacity can improve the results of a reasonable subset of implementations. Computing infrastructures like Amazon EC2 or similar can be made available for this purpose.

Fehlertoleranz


1.
default
Spann, Christian und Hauck, Franz J.
Design einer generischen API für Gruppenkommunikationsprotokolle
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
2013
in Vorbereitung

Marker: MA, DA, AA, ChristianSpann, FranzHauck, ft

Zusammenfassung: Die Implementierung von Einigungsalgorithmen wie zum Beispiel Paxos oder dessen Erweiterung Vertical Paxos stellen den Programmierer wiederholt vor ähnliche Designentscheidungen. Eine generische API könnte eine Basis für die Wiederverwendung vieler Teilkomponenten schaffen und so den Aufwand für die Implementierung neuer Algorithmen reduzieren. Ziel der Arbeit ist der Entwurf einer solchen API.

Cloud Computing


Es wurden keine Referenzen gefunden.

Multimediakommunikation


Es wurden keine Referenzen gefunden.

Weitere Themen


Es wurden keine Referenzen gefunden.