Titel: Ausgewählte Themen in Verteilten Systemen
Englischer Titel: Selected Topics in Distributed Systems
Typ: Seminar, Modul
Kürzel / Nr. / Modulnr.: ATVS / CS5900.113 / 72041
SWS / LP: 2S / 4LP
Dozent: Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck
Betreuer: Ala'a Al-Momani, Leonard Bradatsch, Eugen Frasch, Alexander Heß, Dominik Mauksch, Dominik Meißner, Michael Wolf, Migena Ymeraj, Externe
Termine: Einführungsveranstaltung
Wissenschaftliches Arbeiten
Vortragsblocktermin (ganztägig)
Räume und Daten siehe Moodlekurs.
Lernplattform: Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.
Themenvergabe: Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle ("Anmeldung zur Verteilung der Seminare im kommenden Sommer-/ Wintersemester").
Sprache: Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.


free (20)           assigned

Your own topic – English only

You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.

Differential privacy – English only

Statistics about user data are used heavily for improving services, performing marketing studies, and many other purposes. The acquisition and processing of potentially sensitive information poses serious privacy threats to individuals participating in, e.g., surveys. Such information might include birthdate, gender, religion, and nationality, from which identifying an individual becomes a trivial task. Moreover, inferring more sensitive information about a specific individual becomes also possible. To solve issue, many service providers, e.g., Apple and Google, started using the so-called “Differential Privacy” to preserve their users’ privacy.
In this seminar, you will investigate differential privacy with respect to both theoretical and practical aspects. In addition to addressing the privacy guarantees of differential privacy, your task will then be addressing how major tech companies are implementing differential privacy nowadays.

Ala'a Al-Momani

Location privacy – English only

Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy.
In this seminar, you will investigate and discuss the existing LPPMs as well as the privacy metrics that reflect how much privacy a user gains when applying a protection mechanism.

Ala'a Al-Momani

Network Security Breaches – English only

The goal of this seminar is the outlining of popular network security breaches (2-3 examples).  Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.

Leonard Bradatsch

First Packet Authentication – English only

All three of the above stated techniques describe an authentication process that starts with the very first packet a client sends to an network entry node when entering a network or accesing a service. This kind of authentication can be performed without having the communication parties any messages exchanged before the authentication happened.
The seminar paper should describe these techqniues and should outline the different existing approaches to perform such a first packet authentication.

Leonard Bradatsch

Accelerating Techniques for 3D Ray Tracing – English only

Although 3D ray tracing was already used in the 70s to render simple animations, it got popular due to the gaming industry the past 10 years.
One of the reasons for its slow development as rendering technique is that ray tracing needs much more computational power than other rendering techniques to provide results in real-time.
The goal of this seminar is to look on the multiple algorithms, techniques and strategies that have been developed in the past to accelerate ray tracing.

Eugen Frasch

The Elixir Programming Language – English only

Elixir is a functional and concurrent programming languague for developing highly scalable and reliable applications.
The goal of this seminar is to provide an introduction to Elixir, describe its main features and provide an example to demonstrate its fault tolerant characteristics.

Eugen Frasch

State Machine Replication in the Libra Blockchain – English only

In 2021, Facebook wants to start a cryptocurrency called Diem, former Libra. This topic is supposed to summarise the underlying blockchain operations and present details in the seminar report and presentation. Starting from a given article the student should investigate how the blockchain works. As it has a closed group of participants, a technique called state-machine replication is used. Here all participants have to agree how to build the next block of the blockchain. The agreement protocol will be one aspect of this topic.
Beside technical aspects, which clearly have the main focus, the student may also want to deal with social and economic aspects of the new currency.

Franz J. Hauck

Evolution of the Paxos Algorithm – English only

The Paxos algorithm enables a group of nodes to agree on a single value, even if the network communication or individual nodes temporarily drop out. While the original algorithm was layed out multiple decades ago, several modified and extended versions have been proposed over the years.
The goal of this seminar is to outline the core aspects of the Paxos algorithm, and discuss the modifications of a few of the more recent versions.

Alexander Heß

The Hyperledger Project – English only

Hyperledger is an open-source project that comprises a set of tools and frameworks for building open-source blockchains.
The goal of this seminar is to provide an overview of the project's scope, capabilities, and discuss it's relevance for real-world applications.

Alexander Heß

Secure over-the-air updates for vehicles – English only

Modern vehicles have become complex software products that need to be maintained for several decades in order to ensure their safe operation on the road. Typically, software is updated much more frequently than a car is taken to the shop for maintainance and therefore other ways to deploy software updates need to be considered. Over-the-air updates allow quick and cheap deployment of new or updated software to a large vehicle fleet, but security aspects need to be considered very carefully for obvious reasons.
In this seminar, you will identify and compare different proposals for implementing over-the-air updates for vehicles from a security perspective.

Dominik Mauksch

Securing CAN bus – English only

Controller Area Network (CAN) – despite its age and bandwith limitations – is still a widely used bus standard to distribute safety-critical signals in modern vehicles. Research has shown that CAN does not have sufficient security measures to ensure basic security goals and therefore can be used by attackers to compromise the safety of a car and its passengers.
In this seminar, you should have a look into different approaches that make CAN more secure and compare them regarding e.g. their effectiveness, efficiency and real-time capability.

Dominik Mauksch

State of the Art of Web Application Security – English only

The field of web applications is constantly and rapidly evolving, but so are attacks targeting them. For this reason the World Wide Web Consortium (W3C) assembled a working group to develop technical and policy mechanisms to improve the security for applications on the Web. In recent years, this Web Application Security Group proposed various drafts for mechanisms of which some have been refined into W3C recommendations and are now implemented in all major browsers (such as CSP and SRI). The establishment of Let's Encrypt laid the ground stone of a widespread adoption of TLS, which was further refined in TLS 1.3 and supplemented by new technologies, such as certificate transparency (CT).
This seminar should give an overview of current web application security techniques, discuss W3C recommendations and other developments in the area of web application security, and practical implications for current web applications.

Dominik Meißner

DevOps Monitoring using Grafana and Prometheus – English only

An important aspect of modern continuous delivery lifecycles is the constant monitoring of deployed applications.
This is not only used to assess the health of applications, but can also provide an overview of user activity and reveal performance issues in a production environment.
Nowadays, developers can rely on established and ready-to-use solutions instead of developing their own monitoring software.
This seminar should introduce the aspects of modern DevOps monitoring and give an overview of a typical monitoring stack (e.g., the open source software Prometheus and Grafana).
This overview should highlight the challenges that arise when monitoring different layers of an application deployment (such as hardware, network, database, and application metrics).

Dominik Meißner

Password Managers – English only

In the current time, users have multiple accounts on different platforms. To abide security guidelines, they should have a different password for each account resulting in a many passwords to remember. Password managers help with this task by storing this sensitive information in an encrypted database, protected by a master password. However, once in a while security issues about password managers make the news.
In this seminar, password managers (also theoretical ones) should be compared to each other by the security they provide and if security breaches have been reported. Based on this, the advantages of password managers need to be evaluated to the disadvantages they have.

Michael Wolf

Secure Multi-Party Computation – English only

The goal of Secure Multi-Party Computation (MPC) is to enable parties to work together without ever knowing one another's confidential information. It plays an important role in solving security and privacy issues and there are many examples of where it can be helpful.
The aim of this seminar is to investigate MPC with respect to both theoretical and practical aspects and look at uses in real world applications.

Migena Ymeraj

Distributed Machine Learning – English only

Due to the poor scalability and efficiency of learning algorithms, Machine Learning cannot handle large-scale data. This issue gave rise to Distributed Machine Learning. Even though it is a promising line of research, it still faces a lot of challenges.
The goal of this seminar is to discover the importance of Distributed Machine Learning, while comparing it with traditional Machine Learning environments and investigating its challenges.

Migena Ymeraj


Containerization Technologies – English only

Kubernetes, Docker Swarm, Openshift, Portainer, Apache Mesos and others are in everyones mind. They've been made to revolutionize how to separate several applications and software stacks from each other. But did you ever had a look at the underlying technologies?
In this survey the student is asked to examine, compare and summarize the main differences between many (at least five) different OS-level virtualization technologies currently existing in modern desktop and server environments. As a first task, the student needs to introduce the main ideas behind the concepts of such user space instances and its differences to other approaches like hardware-based virtualization. Maybe, also an historical overview can be given as a guide for the reader. In a second step the student has to examine the differences of the proposed technologies and summarize them according to their dis-/advantages. Finally, the student has to conclude which technology might be the best for which use cases, e.g. working in privacy-aware, secure or speed-optimized environments.

Thomas Bläsing

State of the Art in Attacking Hash Functions – English only

Hash functions such as MD5 or SHA1/2/3 are usually employed to ensure the integrity of a file by computing a fingerprint of the data. Common applications include  white/blacklists, signatures, as well as data bases for forensic analysis.
One major requirement of a secure hash function is that it should be hard to compute collisions, i.e., to find two files with the same hash value. The notion of hardness can be further formalized, but intuitively means that there should not be an algorithm which computes collisions faster than brute-force.
For some hash functions, such as SHA1 or MD5, computing collisions can be done faster than brute-force. These hash functions are considered insecure, but are still in use. As an example, SHA1 is used in git. Still, exploitation of hash collisions is only rarely seen in the wild. One reason is that the output of fast algorithms for finding collisions are usually bytes of high entropy and do not conform to valid file formats.
The goal of this seminar is to give an overview of the current attacks against hash functions (fastcoll, unicoll, hashclash, ...) as well as their constraints (e.g., identical/chosen prefix collision). Depending on the personal interest and previous knowledge of the participant, these attacks can be explored in more depth, or alternatively the exploitation of hash collisions can be described.

Henning Kopp (Schutzwerk GmbH)

Padding Oracles – English only

Block ciphers only work on inputs that are a multiple of the cipher’s block length in commonly used modes such as CBC. As data usually comes in arbitrary lengths, inputs to these algorithms need to be extended (padded) to a multiple of the block length. This seemingly simple problem lead to quite huge cryptographic problems. Depending on the scenario, it is even possible that an attacker is able to completely decrypt the ciphertext or encrypt data of their choosing.
Your paper and presentation should explain the details of how a padding oracle works and how it can be used for decryption and ciphertext forgery. Moreover, you should give an overview of the problems this attack scenario caused as well as how the security community tries to avoid it nowadays.

Martin Lang (BMW Car IT)

Secure In-Car Communication – English only

Modern cars contain an abundance of different ECUs controlling different aspects of the car's functionality. Along with an ever rising number of sensors and actuators, more and more control of the car is handed over to digital equipment. The rising complexity of these systems also leads to an increasingly large attack surface. Assuring the integrity and authenticity of in-car communication is therefore critical for the safety of driver, passengers, and other road users.
The target of this seminar is to analyse the current state of ECU communication security of different in-car protocols and bus systems and collecting and documenting potential challenges for the design of a secure ECU platform.

Thomas Lukaseder (Escrypt)


Sorted by Topics

- State Machine Replication in the Libra Blockchain (Franz J. Hauck)
- Evolution of the Paxos Algorithm (Alexander Heß)
- The Hyperledger Project (Alexander Heß)

- Secure over-the-air updates for vehicles (Dominik Mauksch)
- Securing CAN bus (Dominik Mauksch)
- Secure In-Car Communication (Thomas Lukaseder)

- Differential privacy (Ala'a Al-Momani)
- Location privacy (Ala'a Al-Momani)
- Password Managers (Michael Wolf)
- Distributed Machine Learning (Migena Ymeraj)

- Secure Multi-Party Computation (Migena Ymeraj)
- Padding Oracles (Martin Lang BMW)
- State of the Art in Attacking Hash Functions (Henning Kopp Schutzwerk)

Software Engineering
- State of the Art of Web Application Security (Dominik Meißner)
- DevOps Monitoring using Grafana and Prometheus (Dominik Meißner)
- Containerization Technologies (Thomas Bläsing)
- The Elixir Programming Language  (Eugen Frasch)
- Accelerating Techniques for 3D Ray Tracing (Eugen Frasch)

Network Security
- Network Security Breaches (Leonard Bradatsch)
- First Packet Authentication (Leonard Bradatsch)

Beschreibung und allgemeine Angaben, Modulbeschreibung

Einordnung in die Studiengänge:
Informatik, B.Sc.: Seminar
Medieninformatik, B.Sc.: Seminar
Software-Engineering, B.Sc.: Seminar
(siehe auch unsere Hinweise zu Seminaren)
Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP
Modulkoordinator: Prof. Dr. Frank Kargl
Unterrichtssprache: Deutsch
Turnus / Dauer: jedes Semester / ein volles Semester
Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar
Voraussetzungen (formal): -
Grundlage für (inhaltlich): -


Studierende vertiefen exemplarisch an einem Teilgebiet der Informatik ihre Kenntnisse im selbstständigen Arbeiten mit wissenschaftlicher Literatur sowie im mündlichen und schriftlichen Präsentieren von fachwissenschaftlichen Inhalten. In Diskussionen wird die Fähigkeit zur kritischen Reflektion geübt. Im fachlichen Teil des Seminars stehen aktuelle Themen der Verteilten Systeme im Fokus. Abhängig vom Thema lernen Studierende ein konkretes System oder ein Konzept Verteilter Systeme kennen. Sie können diese Systeme in einen größeren Kontext einordnen und deren Vor- und Nachteile selbständig ableiten.


Zu Beginn des Seminars werden Themen des wissenschaftlichen Arbeitens (z.B. Literaturrecherche, Schreiben einer Publikation, Präsentationstechniken) eingeführt, um den Studenten eine methodische Hilfestellung zu geben. Die Erstellung der eigentlichen Ausarbeitung und Präsentation erfolgt in individueller Betreuung. Die Ergebnisse werden in einer Abschlusspräsentation vorgestellt.


Wird je nach Thema zu Beginn der Veranstaltung bekannt gegeben


FSPO < 2017: Leistungsnachweis über erfolgreiche Teilnahme. Diese umfasst Anwesenheit und enthält Ausarbeitung, Vortrag und Mitarbeit.
FSPO ≥ 2017: Die Vergabe der Leistungspunkte für das Modul erfolgt aufgrund der regelmäßigen Teilnahme, der vollständigen Bearbeitung eines übernommenen Themas (Vortrag und schriftliche Ausarbeitung) sowie der Beteiligung an der Diskussion. Die genauen Modalitäten werden zu Beginn der Veranstaltung bekannt gegeben. Die Anmeldung zur Prüfung setzt keinen Leistungsnachweis voraus.


FSPO < 2017: unbenotet
FSPO ≥ 2017: Die Modulnote entspricht dem Ergebnis der Modulprüfung. Die Note der Modulprüfung ergibt sich aus den Noten der Ausarbeitung (40%), der Präsentation (40%) und der Arbeitsweise (20%). Im Transcript of Records wird die errechnete Note für die Modulprüfung als eine Prüfungsleistung eingetragen und ausgewiesen.


Präsenzzeit: 30 h
Vor- und Nachbereitung: 90 h
Summe: 120 h