Thesis Topics

On this page, you will find a list of available thesis topics that are available in our institute. Information about on-going and past theses can be found on this page. Some of the thesis descriptions are in German.

Note that because many of our topics are issued in German, some of the descriptions on this page are also German only. We are currently working on providing complete translations.

Open Theses

“Comprehensive Evaluation of Existing Policy Enforcement Point Solutions,” Bachelor- or Master's thesis, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Zero Trust Security is currently one of the most rising network security concepts. The concept was originally proposed to solve the flaws of the still predominant Perimeter Security. Preventing network internal attacker’s lateral movement is one of the core goals of Zero Trust Security. This goal is supposed to achieved i.a. by strictly enforced authentication, authorization, and least privilege approaches. One of the core components to perform these tasks are Policy Enforcement Points (PEP) in combination with Policy Decision Points (PDP). Each request asking for permission to access an network internal resource must be authenticated at the PEP before it is forwarded to the actual resource. In addition, coarse-grained authorization decisions can be enforced here. The actual decision is forwarded to the PDP that uses statically or dynamically defined authentication as well as authorization policies. The PEP is informed about the decision and must enforce it. Examples for existing open-source PEP/PDP solutions are – Pritunl Zero (https://github.com/pritunl/pritunl-zero) – Pomerium (https://github.com/pomerium/pomerium) – ORY Oathkeeper (https://github.com/ory/oathkeeper) The goal of this thesis is to comprehensively evaluate existing PEP/PDP solutions against some predefined criteria as the security state or the performance of the solutions. For master students it is expected to also expand the most promising solution by features according to some predefined use cases.
“Evaluation von Privacy Enhancing Group Making,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
In Peer-to-Peer Netzwerken interagieren alle beteiligten gleichberechtigt. Doch verschiedene Algorithmen erfordern das Guppen geformt werden. Um diese für Privatsphäre Schutzmaßnahmen zu verwenden, sollte ein geeignetes Protokoll zur Gruppenformung verwendet werden. Ein solches wurde am Institut für verteilte Systeme entwickelt. Ziel dieser Arbeit ist es eine Prototypimplementierung zu entwickeln und diese zu evaluieren. Hierfür müssen Netzwerkkomponenten entwickelt und geeignete Kommunikation zwischen diesen entwickelt werden. Hierzu gehören auch die Integration verschiedener kryptographischer Komponenten. Der genaue Umfang der Arbeit hängt von der gewählten Projektart ab. Empfohlene Programmiersprachen für die Arbeit sind Java, C++ oder Python. Geeignet für Studierende mit Erfahrung in Netzwerk und Softwareentwicklung. This project can also be completed in English. Please contact me for further details.
“IoT Ausfallsicherheit durch Redundante Netzwerkstrukturen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Das Internet der Dinge (IoT) bietet durch seine unvermeidliche physikalische Verteilung besondere Herausforderungen für die Entwicklung ausfallsicherer IoT Software. Während Software-Komponenten, etwa die Analyse von Sensordaten, auf verschiedene physikalische Komponenten verteilt werden können, unterliegen die Sensoren, Basisstationen und Gateways physikalischen Grenzen. Diese müssen durch Netzwerkkommunikation überbrückt werden und bergen somit weitere Ausfallrisiken. Ziel dieser Arbeit ist es, bestehende Arbeiten zu redundanten Netzwerken in IoT-Umgebungen zu analysieren und zusammenzufassen. Aufbauend auf diesen Erkenntnissen soll dann ein Konzept entwickelt werden, wie eine Beratung zu nötigen Redundanzen in eine Softwareentwicklungsumgebung für IoT Systeme eingebunden werden kann. Geeignet für Studierende mit Interesse an IoT, Ausfallsicherheit und Netzwerkkommunikation. This project can also be completed in English. Please contact me for further details.
“Login and user mangement for Angular and Shibboleth,” Bachelor- or Projectarbeit, F. J. Hauck (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.
“Verteiltes Caching in IoT Systemen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Für Systeme im Internet der Dinge (IoT) ist es oft hilfreich, Daten und Berechnungen auf die Cloud auszulagern, da Teilnehmern des Systems geographisch verteilt sind oder viele Instanzen zentral administriert werden sollen. Beispiele können hierfür Zugangsberechtigungen für Nutzer von Parkhäusern oder Sensordaten verschiedener Messstationen sein. Diese Zentralisierung kann jedoch Nachteile haben, etwa lange Latenzen um einen Nutzer zu authentisieren, selbst wenn dieser häufig diesselbe Instanz verwendet. Um diesem Problem entgegen zu wirken, können Daten auf verschiedenen Ebenen zwischengespeichert werden, z.B. in einer Einfahrtsschranke oder einem Parkhausserver. Ziel dieser Arbeit ist es, bestehende Arbeiten im Bereich des verteilten Cachings in IoT-Systemen zu untersuchen und gegebenenfalls einen Prototyp für eine Entwicklungsumgebung für IoT-Sofware zu schaffen. Geeignet für Studierende mit Interesse an IoT und verteilter Softwarearchitektur. This project can also be completed in English. Please contact me for further details.
“Efficient Updating of a Network-Protocol-Model with Message-Format Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.
“Machine Learning with TensorFlow Federated,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
To build powerful machine learning models, lots of data is required. However, obtaining the data comes with privacy risks for the people or entities that provide their data. Recently, Google published TensorFlow Federated - an open source framework to allow machine learning on decentralized data. The approach of federated learning makes machine learning in the age of mobile devices and wearables both more efficient, as well as more privacy-friendly. The goal of this thesis or project is to become familiar with the TensorFlow Federated framework, to understand and be able to explain the techniques which are implemented in it, to be able to build machine learning models in a federated way, and possibly to implement own enhancements of the framework.
“Machine Learning with TensorFlow Privacy,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
“Test-Case-Generation Strategies for Network-Protocol-Model Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.
“Using Machine Learning for Misbehavior Detection in CACC,” M. Wolf (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
“Controlled Neurofeedback using Mobile EEG and Smartphone,” Master's thesis, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy
“Machine Learning on Encrypted Data,” Bachelor Thesis, Master Thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Old news can be found in the archive.

Contact

Secretary's Office

Marion Köhler
Claudia Kastner
E-Mail
Phone: +49 731 50-24140
Fax: +49 731 50-24142

Postal Address

Institute of Distributed Systems
Ulm University
Albert-Einstein-Allee 11
89081 Ulm

Visiting Address

James-Franck-Ring
Gebäude O27, Raum 349
89081 Ulm

Directions

Topics By Degree

Bachelor's Theses

“Comprehensive Evaluation of Existing Policy Enforcement Point Solutions,” Bachelor- or Master's thesis, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Zero Trust Security is currently one of the most rising network security concepts. The concept was originally proposed to solve the flaws of the still predominant Perimeter Security. Preventing network internal attacker’s lateral movement is one of the core goals of Zero Trust Security. This goal is supposed to achieved i.a. by strictly enforced authentication, authorization, and least privilege approaches. One of the core components to perform these tasks are Policy Enforcement Points (PEP) in combination with Policy Decision Points (PDP). Each request asking for permission to access an network internal resource must be authenticated at the PEP before it is forwarded to the actual resource. In addition, coarse-grained authorization decisions can be enforced here. The actual decision is forwarded to the PDP that uses statically or dynamically defined authentication as well as authorization policies. The PEP is informed about the decision and must enforce it. Examples for existing open-source PEP/PDP solutions are – Pritunl Zero (https://github.com/pritunl/pritunl-zero) – Pomerium (https://github.com/pomerium/pomerium) – ORY Oathkeeper (https://github.com/ory/oathkeeper) The goal of this thesis is to comprehensively evaluate existing PEP/PDP solutions against some predefined criteria as the security state or the performance of the solutions. For master students it is expected to also expand the most promising solution by features according to some predefined use cases.
“Evaluation von Privacy Enhancing Group Making,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
In Peer-to-Peer Netzwerken interagieren alle beteiligten gleichberechtigt. Doch verschiedene Algorithmen erfordern das Guppen geformt werden. Um diese für Privatsphäre Schutzmaßnahmen zu verwenden, sollte ein geeignetes Protokoll zur Gruppenformung verwendet werden. Ein solches wurde am Institut für verteilte Systeme entwickelt. Ziel dieser Arbeit ist es eine Prototypimplementierung zu entwickeln und diese zu evaluieren. Hierfür müssen Netzwerkkomponenten entwickelt und geeignete Kommunikation zwischen diesen entwickelt werden. Hierzu gehören auch die Integration verschiedener kryptographischer Komponenten. Der genaue Umfang der Arbeit hängt von der gewählten Projektart ab. Empfohlene Programmiersprachen für die Arbeit sind Java, C++ oder Python. Geeignet für Studierende mit Erfahrung in Netzwerk und Softwareentwicklung. This project can also be completed in English. Please contact me for further details.
“IoT Ausfallsicherheit durch Redundante Netzwerkstrukturen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Das Internet der Dinge (IoT) bietet durch seine unvermeidliche physikalische Verteilung besondere Herausforderungen für die Entwicklung ausfallsicherer IoT Software. Während Software-Komponenten, etwa die Analyse von Sensordaten, auf verschiedene physikalische Komponenten verteilt werden können, unterliegen die Sensoren, Basisstationen und Gateways physikalischen Grenzen. Diese müssen durch Netzwerkkommunikation überbrückt werden und bergen somit weitere Ausfallrisiken. Ziel dieser Arbeit ist es, bestehende Arbeiten zu redundanten Netzwerken in IoT-Umgebungen zu analysieren und zusammenzufassen. Aufbauend auf diesen Erkenntnissen soll dann ein Konzept entwickelt werden, wie eine Beratung zu nötigen Redundanzen in eine Softwareentwicklungsumgebung für IoT Systeme eingebunden werden kann. Geeignet für Studierende mit Interesse an IoT, Ausfallsicherheit und Netzwerkkommunikation. This project can also be completed in English. Please contact me for further details.
“Login and user mangement for Angular and Shibboleth,” Bachelor- or Projectarbeit, F. J. Hauck (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.
“Verteiltes Caching in IoT Systemen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Für Systeme im Internet der Dinge (IoT) ist es oft hilfreich, Daten und Berechnungen auf die Cloud auszulagern, da Teilnehmern des Systems geographisch verteilt sind oder viele Instanzen zentral administriert werden sollen. Beispiele können hierfür Zugangsberechtigungen für Nutzer von Parkhäusern oder Sensordaten verschiedener Messstationen sein. Diese Zentralisierung kann jedoch Nachteile haben, etwa lange Latenzen um einen Nutzer zu authentisieren, selbst wenn dieser häufig diesselbe Instanz verwendet. Um diesem Problem entgegen zu wirken, können Daten auf verschiedenen Ebenen zwischengespeichert werden, z.B. in einer Einfahrtsschranke oder einem Parkhausserver. Ziel dieser Arbeit ist es, bestehende Arbeiten im Bereich des verteilten Cachings in IoT-Systemen zu untersuchen und gegebenenfalls einen Prototyp für eine Entwicklungsumgebung für IoT-Sofware zu schaffen. Geeignet für Studierende mit Interesse an IoT und verteilter Softwarearchitektur. This project can also be completed in English. Please contact me for further details.
“Efficient Updating of a Network-Protocol-Model with Message-Format Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.
“Machine Learning with TensorFlow Federated,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
To build powerful machine learning models, lots of data is required. However, obtaining the data comes with privacy risks for the people or entities that provide their data. Recently, Google published TensorFlow Federated - an open source framework to allow machine learning on decentralized data. The approach of federated learning makes machine learning in the age of mobile devices and wearables both more efficient, as well as more privacy-friendly. The goal of this thesis or project is to become familiar with the TensorFlow Federated framework, to understand and be able to explain the techniques which are implemented in it, to be able to build machine learning models in a federated way, and possibly to implement own enhancements of the framework.
“Machine Learning with TensorFlow Privacy,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
“Test-Case-Generation Strategies for Network-Protocol-Model Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.
“Using Machine Learning for Misbehavior Detection in CACC,” M. Wolf (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
“Machine Learning on Encrypted Data,” Bachelor Thesis, Master Thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Master's Theses

“Comprehensive Evaluation of Existing Policy Enforcement Point Solutions,” Bachelor- or Master's thesis, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Zero Trust Security is currently one of the most rising network security concepts. The concept was originally proposed to solve the flaws of the still predominant Perimeter Security. Preventing network internal attacker’s lateral movement is one of the core goals of Zero Trust Security. This goal is supposed to achieved i.a. by strictly enforced authentication, authorization, and least privilege approaches. One of the core components to perform these tasks are Policy Enforcement Points (PEP) in combination with Policy Decision Points (PDP). Each request asking for permission to access an network internal resource must be authenticated at the PEP before it is forwarded to the actual resource. In addition, coarse-grained authorization decisions can be enforced here. The actual decision is forwarded to the PDP that uses statically or dynamically defined authentication as well as authorization policies. The PEP is informed about the decision and must enforce it. Examples for existing open-source PEP/PDP solutions are – Pritunl Zero (https://github.com/pritunl/pritunl-zero) – Pomerium (https://github.com/pomerium/pomerium) – ORY Oathkeeper (https://github.com/ory/oathkeeper) The goal of this thesis is to comprehensively evaluate existing PEP/PDP solutions against some predefined criteria as the security state or the performance of the solutions. For master students it is expected to also expand the most promising solution by features according to some predefined use cases.
“Evaluation von Privacy Enhancing Group Making,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
In Peer-to-Peer Netzwerken interagieren alle beteiligten gleichberechtigt. Doch verschiedene Algorithmen erfordern das Guppen geformt werden. Um diese für Privatsphäre Schutzmaßnahmen zu verwenden, sollte ein geeignetes Protokoll zur Gruppenformung verwendet werden. Ein solches wurde am Institut für verteilte Systeme entwickelt. Ziel dieser Arbeit ist es eine Prototypimplementierung zu entwickeln und diese zu evaluieren. Hierfür müssen Netzwerkkomponenten entwickelt und geeignete Kommunikation zwischen diesen entwickelt werden. Hierzu gehören auch die Integration verschiedener kryptographischer Komponenten. Der genaue Umfang der Arbeit hängt von der gewählten Projektart ab. Empfohlene Programmiersprachen für die Arbeit sind Java, C++ oder Python. Geeignet für Studierende mit Erfahrung in Netzwerk und Softwareentwicklung. This project can also be completed in English. Please contact me for further details.
“IoT Ausfallsicherheit durch Redundante Netzwerkstrukturen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Das Internet der Dinge (IoT) bietet durch seine unvermeidliche physikalische Verteilung besondere Herausforderungen für die Entwicklung ausfallsicherer IoT Software. Während Software-Komponenten, etwa die Analyse von Sensordaten, auf verschiedene physikalische Komponenten verteilt werden können, unterliegen die Sensoren, Basisstationen und Gateways physikalischen Grenzen. Diese müssen durch Netzwerkkommunikation überbrückt werden und bergen somit weitere Ausfallrisiken. Ziel dieser Arbeit ist es, bestehende Arbeiten zu redundanten Netzwerken in IoT-Umgebungen zu analysieren und zusammenzufassen. Aufbauend auf diesen Erkenntnissen soll dann ein Konzept entwickelt werden, wie eine Beratung zu nötigen Redundanzen in eine Softwareentwicklungsumgebung für IoT Systeme eingebunden werden kann. Geeignet für Studierende mit Interesse an IoT, Ausfallsicherheit und Netzwerkkommunikation. This project can also be completed in English. Please contact me for further details.
“Verteiltes Caching in IoT Systemen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Für Systeme im Internet der Dinge (IoT) ist es oft hilfreich, Daten und Berechnungen auf die Cloud auszulagern, da Teilnehmern des Systems geographisch verteilt sind oder viele Instanzen zentral administriert werden sollen. Beispiele können hierfür Zugangsberechtigungen für Nutzer von Parkhäusern oder Sensordaten verschiedener Messstationen sein. Diese Zentralisierung kann jedoch Nachteile haben, etwa lange Latenzen um einen Nutzer zu authentisieren, selbst wenn dieser häufig diesselbe Instanz verwendet. Um diesem Problem entgegen zu wirken, können Daten auf verschiedenen Ebenen zwischengespeichert werden, z.B. in einer Einfahrtsschranke oder einem Parkhausserver. Ziel dieser Arbeit ist es, bestehende Arbeiten im Bereich des verteilten Cachings in IoT-Systemen zu untersuchen und gegebenenfalls einen Prototyp für eine Entwicklungsumgebung für IoT-Sofware zu schaffen. Geeignet für Studierende mit Interesse an IoT und verteilter Softwarearchitektur. This project can also be completed in English. Please contact me for further details.
“Efficient Updating of a Network-Protocol-Model with Message-Format Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.
“Machine Learning with TensorFlow Federated,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
To build powerful machine learning models, lots of data is required. However, obtaining the data comes with privacy risks for the people or entities that provide their data. Recently, Google published TensorFlow Federated - an open source framework to allow machine learning on decentralized data. The approach of federated learning makes machine learning in the age of mobile devices and wearables both more efficient, as well as more privacy-friendly. The goal of this thesis or project is to become familiar with the TensorFlow Federated framework, to understand and be able to explain the techniques which are implemented in it, to be able to build machine learning models in a federated way, and possibly to implement own enhancements of the framework.
“Machine Learning with TensorFlow Privacy,” Master's thesis, Bachelor's thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
“Test-Case-Generation Strategies for Network-Protocol-Model Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.
“Using Machine Learning for Misbehavior Detection in CACC,” M. Wolf (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
“Controlled Neurofeedback using Mobile EEG and Smartphone,” Master's thesis, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy
“Machine Learning on Encrypted Data,” Bachelor Thesis, Master Thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Topics By Research Area

Networks

“Comprehensive Evaluation of Existing Policy Enforcement Point Solutions,” Bachelor- or Master's thesis, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Zero Trust Security is currently one of the most rising network security concepts. The concept was originally proposed to solve the flaws of the still predominant Perimeter Security. Preventing network internal attacker’s lateral movement is one of the core goals of Zero Trust Security. This goal is supposed to achieved i.a. by strictly enforced authentication, authorization, and least privilege approaches. One of the core components to perform these tasks are Policy Enforcement Points (PEP) in combination with Policy Decision Points (PDP). Each request asking for permission to access an network internal resource must be authenticated at the PEP before it is forwarded to the actual resource. In addition, coarse-grained authorization decisions can be enforced here. The actual decision is forwarded to the PDP that uses statically or dynamically defined authentication as well as authorization policies. The PEP is informed about the decision and must enforce it. Examples for existing open-source PEP/PDP solutions are – Pritunl Zero (https://github.com/pritunl/pritunl-zero) – Pomerium (https://github.com/pomerium/pomerium) – ORY Oathkeeper (https://github.com/ory/oathkeeper) The goal of this thesis is to comprehensively evaluate existing PEP/PDP solutions against some predefined criteria as the security state or the performance of the solutions. For master students it is expected to also expand the most promising solution by features according to some predefined use cases.
“Evaluation von Privacy Enhancing Group Making,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
In Peer-to-Peer Netzwerken interagieren alle beteiligten gleichberechtigt. Doch verschiedene Algorithmen erfordern das Guppen geformt werden. Um diese für Privatsphäre Schutzmaßnahmen zu verwenden, sollte ein geeignetes Protokoll zur Gruppenformung verwendet werden. Ein solches wurde am Institut für verteilte Systeme entwickelt. Ziel dieser Arbeit ist es eine Prototypimplementierung zu entwickeln und diese zu evaluieren. Hierfür müssen Netzwerkkomponenten entwickelt und geeignete Kommunikation zwischen diesen entwickelt werden. Hierzu gehören auch die Integration verschiedener kryptographischer Komponenten. Der genaue Umfang der Arbeit hängt von der gewählten Projektart ab. Empfohlene Programmiersprachen für die Arbeit sind Java, C++ oder Python. Geeignet für Studierende mit Erfahrung in Netzwerk und Softwareentwicklung. This project can also be completed in English. Please contact me for further details.
“Service Function Chaining,” Projectarbeit, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
To deliver end-to-end services like Internet access in a network, usually several network sub-services must be provided by the network infrastructure itself. In the case of providing Internet access to their users, a network infrastructure deploys Firewall and IP Network Address Translator (NAT) services in row to steer all incoming and outgoing packets through these services. Such sub-services are called network service functions. To provide Internet access to their users, several functions must be chained, which results in a service function chain. Motivated by the mostly statically deployed service function chains nowadays, the goal of this project topic is to evaluate and implement dynamic service functions. These functions must be dynamically adaptable to ongoing network needs. For the example of providing Internet access, it is possible that only critical network flows must steered through the Firewall. The service function chain could then decide dynamically (e.g. based on the destination port and IP address) if the specific flows must be processed by the Firewall or not. The decision itself could be made by a central enforcement point that routes the network packets through the network according to predefined rules. The minimum requirements to implement are a small dynamic service function chain consisting of all necessary Service Function Chain (SFC) components, a Firewall and an Reverse/Access Proxy (RP/AP) as service functions. It must be possible to dis- or enable the components dynamically (meaning that the packets are routed on an alternative route through the network). The implementation should base mostly on the SFC standards RFC 7665, 7498, 8595, 8459 and an existing SFC framework implemented by the University of Tübingen (which uses the MPLS protocol).
“Efficient Updating of a Network-Protocol-Model with Message-Format Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.
“Realisierung von spieltheoretischer Peer-to-Peer Netzwerkerzeugung II,” D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Die Topologie von Peer-to-Peer-Netzen spielt für viele darauf aufbauende Protokolle eine zentrale Bedeutung. So bestimmt der Netzwerkdurchmesser beispielsweise, wie schnell alle Teilnehmer Broadcastnachrichten erhalten können. Zudem agieren Teilnehmer in einem Peer-to-Peer-Netzwerk üblicherweise so, dass sie ihre ei-gene Situation verbessern. Basierend darauf lassen sich die Hand-lungen der Teilnehmer spieltheoretisch modellieren. Ziel dieser Arbeit ist es, aufbauend auf Ergebnisse einers vorherigen Projekts, ein gegebenes spieltheoretisches Modell in ein Protokoll umzusetzen, das jeder Spieler bzw. Teilnehmer befolgt. Hierfür soll die gegebene Simulation erweitert werden. Dieses Projekt wird in Kooperation zwischen den Instituten für Theoretische Informatik und Verteilte Systeme durchgeführt und gemeinsam betreut.
“Test-Case-Generation Strategies for Network-Protocol-Model Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open.
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

Mobile Systems

“Optimizing Smart Mobile Crowdsensing Apps,” Project, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Mobile crowdsensing is the method of acquiring user experience data from users. Either in an automated fashion without limited user engagement, for instance using embedded sensors of the smartphone. Or in a participatory fashion, where the user is the main responsible for the provision of data, for instance filling out surveys. With regard to this, we have developed an app that acquires user experience data related to weather in both - automated as well as participatory fashion. However, using multiple embedded sensors of the smartphone consumes resources, battery, as well as storage. For successful completion of the project, the student is required to work on the existing mobile crowdsensing app. More specifically, in the project, the student will have the options to work on optimizing battery consumption, limiting resource usage, optimize sensor data storage, or improve the sensor data accuracy. Or the student has the freedom to suggest his own vision about extending the current app. The successful completion of the project requires the student to actively participate in the project meetings, deliver the tasks on time, write a project report and present their work at the end.
“Controlled Neurofeedback using Mobile EEG and Smartphone,” Master's thesis, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy
“Electroencephalography (EEG) using Smartphones,” Project, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus enabling mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Mobile EEGs are dedicated hardware equipment capable of coupling with many state-of-the-art smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with smartphones. For successful completion of the project, the student is required to work on Bluetooth 2.1 stack to couple electrical signal simulator with Smartphones. More specifically, in the project, the student will have the options to work on acquiring and collecting data from the simulator, managing the bandwidth of incoming data, real-time data compression, visualizing data on smartphone, or optimally storing data in a database.

Distributed Computing

“Login and user mangement for Angular and Shibboleth,” Bachelor- or Projectarbeit, F. J. Hauck (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.

Privacy

“Evaluation von Privacy Enhancing Group Making,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
In Peer-to-Peer Netzwerken interagieren alle beteiligten gleichberechtigt. Doch verschiedene Algorithmen erfordern das Guppen geformt werden. Um diese für Privatsphäre Schutzmaßnahmen zu verwenden, sollte ein geeignetes Protokoll zur Gruppenformung verwendet werden. Ein solches wurde am Institut für verteilte Systeme entwickelt. Ziel dieser Arbeit ist es eine Prototypimplementierung zu entwickeln und diese zu evaluieren. Hierfür müssen Netzwerkkomponenten entwickelt und geeignete Kommunikation zwischen diesen entwickelt werden. Hierzu gehören auch die Integration verschiedener kryptographischer Komponenten. Der genaue Umfang der Arbeit hängt von der gewählten Projektart ab. Empfohlene Programmiersprachen für die Arbeit sind Java, C++ oder Python. Geeignet für Studierende mit Erfahrung in Netzwerk und Softwareentwicklung. This project can also be completed in English. Please contact me for further details.

IT Security

“Comprehensive Evaluation of Existing Policy Enforcement Point Solutions,” Bachelor- or Master's thesis, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
Zero Trust Security is currently one of the most rising network security concepts. The concept was originally proposed to solve the flaws of the still predominant Perimeter Security. Preventing network internal attacker’s lateral movement is one of the core goals of Zero Trust Security. This goal is supposed to achieved i.a. by strictly enforced authentication, authorization, and least privilege approaches. One of the core components to perform these tasks are Policy Enforcement Points (PEP) in combination with Policy Decision Points (PDP). Each request asking for permission to access an network internal resource must be authenticated at the PEP before it is forwarded to the actual resource. In addition, coarse-grained authorization decisions can be enforced here. The actual decision is forwarded to the PDP that uses statically or dynamically defined authentication as well as authorization policies. The PEP is informed about the decision and must enforce it. Examples for existing open-source PEP/PDP solutions are – Pritunl Zero (https://github.com/pritunl/pritunl-zero) – Pomerium (https://github.com/pomerium/pomerium) – ORY Oathkeeper (https://github.com/ory/oathkeeper) The goal of this thesis is to comprehensively evaluate existing PEP/PDP solutions against some predefined criteria as the security state or the performance of the solutions. For master students it is expected to also expand the most promising solution by features according to some predefined use cases.
“Service Function Chaining,” Projectarbeit, L. Bradatsch (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
To deliver end-to-end services like Internet access in a network, usually several network sub-services must be provided by the network infrastructure itself. In the case of providing Internet access to their users, a network infrastructure deploys Firewall and IP Network Address Translator (NAT) services in row to steer all incoming and outgoing packets through these services. Such sub-services are called network service functions. To provide Internet access to their users, several functions must be chained, which results in a service function chain. Motivated by the mostly statically deployed service function chains nowadays, the goal of this project topic is to evaluate and implement dynamic service functions. These functions must be dynamically adaptable to ongoing network needs. For the example of providing Internet access, it is possible that only critical network flows must steered through the Firewall. The service function chain could then decide dynamically (e.g. based on the destination port and IP address) if the specific flows must be processed by the Firewall or not. The decision itself could be made by a central enforcement point that routes the network packets through the network according to predefined rules. The minimum requirements to implement are a small dynamic service function chain consisting of all necessary Service Function Chain (SFC) components, a Firewall and an Reverse/Access Proxy (RP/AP) as service functions. It must be possible to dis- or enable the components dynamically (meaning that the packets are routed on an alternative route through the network). The implementation should base mostly on the SFC standards RFC 7665, 7498, 8595, 8459 and an existing SFC framework implemented by the University of Tübingen (which uses the MPLS protocol).

Fault Tolerance

“IoT Ausfallsicherheit durch Redundante Netzwerkstrukturen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Das Internet der Dinge (IoT) bietet durch seine unvermeidliche physikalische Verteilung besondere Herausforderungen für die Entwicklung ausfallsicherer IoT Software. Während Software-Komponenten, etwa die Analyse von Sensordaten, auf verschiedene physikalische Komponenten verteilt werden können, unterliegen die Sensoren, Basisstationen und Gateways physikalischen Grenzen. Diese müssen durch Netzwerkkommunikation überbrückt werden und bergen somit weitere Ausfallrisiken. Ziel dieser Arbeit ist es, bestehende Arbeiten zu redundanten Netzwerken in IoT-Umgebungen zu analysieren und zusammenzufassen. Aufbauend auf diesen Erkenntnissen soll dann ein Konzept entwickelt werden, wie eine Beratung zu nötigen Redundanzen in eine Softwareentwicklungsumgebung für IoT Systeme eingebunden werden kann. Geeignet für Studierende mit Interesse an IoT, Ausfallsicherheit und Netzwerkkommunikation. This project can also be completed in English. Please contact me for further details.
“Verteiltes Caching in IoT Systemen,” Bachelor-, Master- or Projectarbeit, D. Mödinger (Supervisor), F. J. Hauck (Examiner), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Open.
Für Systeme im Internet der Dinge (IoT) ist es oft hilfreich, Daten und Berechnungen auf die Cloud auszulagern, da Teilnehmern des Systems geographisch verteilt sind oder viele Instanzen zentral administriert werden sollen. Beispiele können hierfür Zugangsberechtigungen für Nutzer von Parkhäusern oder Sensordaten verschiedener Messstationen sein. Diese Zentralisierung kann jedoch Nachteile haben, etwa lange Latenzen um einen Nutzer zu authentisieren, selbst wenn dieser häufig diesselbe Instanz verwendet. Um diesem Problem entgegen zu wirken, können Daten auf verschiedenen Ebenen zwischengespeichert werden, z.B. in einer Einfahrtsschranke oder einem Parkhausserver. Ziel dieser Arbeit ist es, bestehende Arbeiten im Bereich des verteilten Cachings in IoT-Systemen zu untersuchen und gegebenenfalls einen Prototyp für eine Entwicklungsumgebung für IoT-Sofware zu schaffen. Geeignet für Studierende mit Interesse an IoT und verteilter Softwarearchitektur. This project can also be completed in English. Please contact me for further details.

Cloud Computing

“Porting a Statistics Language Interpreter to Rust,” Projectarbeit, D. Meißner (Supervisor), Inst. of Distr. Sys., Ulm Univ., 2020 – Open.
As part of our ongoing research, are we currently building a platform for secure statistical analysis based on SGX. The current prototype relies on a very simple statistics language, which we are planning to extend in the future. The goal of this project is to port an existing statistics language interpreter, such as PSPP, to the Rust programming language. Rust features a rich type system and can guarantee memory-safety and thread-safety during compile time, which makes it a great candidate for building safe and fast programming language interpreters. nom is a parser combinators library written in Rust that allows to build safe parsers without compromising on speed or memory consumption. This library can be used as a starting point to implement the parser.
“Practical Overview of Serverless Computing,” Projectarbeit, D. Meißner (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Serverless is a current trend in cloud computing. In contrast to what the name indicates it does not describe an architecture without servers. Instead, it really means that developers do not have to worry about servers and infrastructure, but can completely focus on their code. Unlike previous cloud computing models, a cloud vendor does not offer full platforms or virtual machines, but an execution environment for functions. These often feature a pay-per-use billing model and automatic scalability of resources based on current utilization. Thus, developers are completely relieved of the operational concerns of their applications. All major cloud computing providers offer their own flavor of serverless computing or Function as a Service (FaaS). The goal of this project is to provide a comparison of the similarities and differences of these platforms. Another goal of this project is the implementation of a reference application that can be used to compare different platforms and their programming model. As the practical part of this project a multi node Apache OpenWhisk (an open source serverless platform) cluster should be set up and tested.
“Machine Learning on Encrypted Data,” Bachelor Thesis, Master Thesis, Project, M. Matousek (Supervisor), F. Kargl (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Multimedia Communication

Miscellaneous Topics

“Optimizing Smart Mobile Crowdsensing Apps,” Project, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2019 – Open.
Mobile crowdsensing is the method of acquiring user experience data from users. Either in an automated fashion without limited user engagement, for instance using embedded sensors of the smartphone. Or in a participatory fashion, where the user is the main responsible for the provision of data, for instance filling out surveys. With regard to this, we have developed an app that acquires user experience data related to weather in both - automated as well as participatory fashion. However, using multiple embedded sensors of the smartphone consumes resources, battery, as well as storage. For successful completion of the project, the student is required to work on the existing mobile crowdsensing app. More specifically, in the project, the student will have the options to work on optimizing battery consumption, limiting resource usage, optimize sensor data storage, or improve the sensor data accuracy. Or the student has the freedom to suggest his own vision about extending the current app. The successful completion of the project requires the student to actively participate in the project meetings, deliver the tasks on time, write a project report and present their work at the end.
“Controlled Neurofeedback using Mobile EEG and Smartphone,” Master's thesis, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy
“Electroencephalography (EEG) using Smartphones,” Project, M. Mehdi (Supervisor), F. J. Hauck (Examiner), Inst. of Distr. Sys., Ulm Univ., 2018 – Open.
Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus enabling mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Mobile EEGs are dedicated hardware equipment capable of coupling with many state-of-the-art smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with smartphones. For successful completion of the project, the student is required to work on Bluetooth 2.1 stack to couple electrical signal simulator with Smartphones. More specifically, in the project, the student will have the options to work on acquiring and collecting data from the simulator, managing the bandwidth of incoming data, real-time data compression, visualizing data on smartphone, or optimally storing data in a database.