Themen

✘ Resource Scheduling in Cloud Computing – English only

With increased popularity of Cloud Computing the approach of treating multiple nodes as one big resource unit came up. This allows to run multiple different applications on one cluster at the same time. The biggest challenge is to schedule the processes of the applications without overstress the cluster or slowing down one of the applications.

The goal of this seminar is to look at the different scheduling approaches and their use caces in cloud computing.

Eugen Frasch

✘ Analysis of Scheduling Algorithms on Multiprocessor Systems – English only

The most complex environment for scheduling processes of applications is a multiprocessor system. Therefore many scheduling algorithms and approaches  for multiprocessor systems have been developed over the past 20 years. As consequence many researchers published their scheduling algorithms claiming to have the most efficient algorithm.

The goal of this seminar is to give a survey of the latest tools and frameworks for testing and analysing multiprocessor scheduling algorithms. Also one selected framework should be used to analyse few given algorithms.

Eugen Frasch

✘ Individual Mobile Sensing in Healthcare - Trends and State-of-the-art – English only

Individual Mobile Sensing or Personal Mobile Sensing often focuses on the aspects of sensor data collection and analysis applied specifically for the pruposes of education, diagnosis, event detection, treatment, or monitoring. The aim of this seminar is to study recent trends and review state-of-the-art already reported in existing literature, specifically applied in the domain of healthcare.

Muntazir Mehdi

✘ Surveying Peripheral Sensors in Context of Mobile Crowdsensing – English only

In this seminar report, the students are required to survey the current state of peripheral sensors that can be coupled with smartphones to further accurate the mobile crowdsensing applications. These peripheral sensors can be coupled with smartphones using Bluetooth technology or wifi. The students would be further required to study the current state of coupling technologies. In addition to the general perspective, the students will survey the peripheral sensors, their technology, and limitations within the context of mHealth (mobile health).

Muntazir Mehdi

✘ Jepsen: Breaking Distributed Systems – English only

Distributed systems like distributed databases or coordination services often promise specific data consistency models, make fault tolerance claims and guarantee resilience in the face of failures of all kinds.

In reality, however, designing such systems is difficult and few systems really keep their promises. Jepsen is a framework for thoroughly testing fault-tolerant distributed applications. It can deliberately introduce faults and by stress systems with various client loads. After a test, Jepsen checks whether the system under test performed according to specifications. Jepsen has been used to test (and break) all kinds of well-known software, like Apache Cassandra, MongoDB, Apache ZooKeeper, RabbitMQ and many more.

This seminar should have a closer look at Jepsen, describe how it operates, and how it helped to break such a multitude of different systems.

Gerhard Habiger

✘ Data Entanglement – English only

In Coding and Data Reliability, e.g., censorship resistance, research applies a concept called data entanglement. For this technique parts of a file are combined with parts of another file to reconstruct a lost file or to make fully removing a file from a system expensive. The goal of this seminar is to look at one or more applied schemes for data entanglement and its uses in real world applications.

David Mödinger

✘  Analysis of Distributed Denial of Service Attacks – English only

Distributed Denial of Service Attacks are a common problem in networks all over the world. They are hard to defend against as they affect services that usually are accessible to the public and exploit usual, standard conform behaviour. There are many different kinds of attacks. From the usual flooding attacks over slow HTTP attacks to reflective attacks, there are many ways a system can be taken down. Attackers mimic the behaviour of legitimate clients and thus make it hard to be identified as perpetrators. This seminar shall analyse the different kinds of attacks, how attackers can be identified, and how attacks can be mitigated.

✘ The Dark Side of Network Data Analysis: Censorship Infrastructure Around the World – English only

From the Big Firewall of China to The Supreme Council of Virtual Space in Iran, authoritarian regimes around the world try to limit personal freedom to suppress possible opposition or – so they say – protect their citizens from outside influence or "moral decline". The goal of this seminar is to analyse censorship infrastructure around the world on a technical level and to discuss the societal impact thereof.

✘ Machine Learning Privacy – English only

Machine Learning has a number of very useful applications and offers great benefits. Machine learning algorithms can be used for recommendation systems, data analysis, or security applications. However, while machine learning can provide useful predictions and analysis, there are also privacy concerns. The aim of this seminar is to identify privacy issues, and survey possible solutions.

✘ Computer Game Security – English only

Video games have always been the kind of software that pushed the limits of existing programming platforms. Today, with the very popular online multiplayer games, thousands of players can share their experience with others online. But what about the security of video games? Can it keep up with cheating, fraud, and other malicious attacks? The goal of this seminar is to have a look at the motives and kinds of cheating, as well as to survey state-of-the-art protection mechanisms and how they are applied in computer games. 

✘ Differential Privacy – English only

Statistics about user data are used heavily for improving services, performing marketing studies, and many other purposes. The acquisition and processing of potentially sensitive information poses serious privacy threats to individuals participating in, e.g., surveys. Such information might include birthdate, gender, religion, and nationality, from which identifying an individual becomes a trivial task. Moreover, inferring more sensitive information about a specific individual becomes also possible. To solve issue, many service providers, e.g., Apple and Google, started using the so-called “Differential Privacy” to preserve their users’ privacy. In this seminar, you will investigate differential privacy with respect to both theoretical and practical aspects. In addition to addressing the privacy guarantees of differential privacy, your task will then be addressing how major tech companies are implementing differential privacy nowadays.

✘ Generative Adversarial Networks (GANs) – English only

AI nowadays is getting better at identifying things with high accuracy allowing, e.g., the dream of autonomous driving to become a reality. However, this high accuracy needs, generally speaking, a huge set of training data. Instead of having a real-world dataset, which might be costly to have in many cases, a recent approach proposed to use a generated synthetic data instead. This is done through the so-called “Generative Adversarial Networks (GANs)”. The goal is then to create ultra-realistic e.g. images or sounds to train the network on. This, in fact, requires giving the machine a sense of imagination. In this seminar, you will investigate the latest trends in the field of GANs while reporting recent results found in literature. Moreover, you will address what challenges face GANs including security ones. 

✘ Zcash – English only

Zcash is a privacy-preserving digital currency that launched in late 2016. It uses a method called zk-SNARK (zero-knowledge succinct non-interactive argument of knowledge). This, unlike other cryptocurrencies ,e.g., Bitcoin, gives the users the possibility to perform transactions anonymously. Accountability and integrity is preserved as the anonymity might be broken through combining several data pieces allowing to track a specific user, and identify her if needed. In this seminar, you will address Zcash and its underlying technologies. This seminar aims at giving a comprehensive overview on how Zcash works and how it provides anonymity to its users. Furthermore, you will address challenges facing Zcash based on what found in the literature. 

✘ Range Proofs – English only

Confidential transactions in crypto currencies require range proofs to detect integer overflows. Any output amount of a transaction has to be a positive integer. As storage is valuable on block-chains, the goal is to reduce the size as much as possible. Recent advances in bulletproofs reduce the size significantly. The paper should compare the different existing methods and point out how the improvements are achieved.

✘ Ring Signatures – English only

Common signatures require one private key and the corresponding public key and provide authenticity for the signed data. Ring signatures allow to disguise the real signer in a set of public keys. The verifier can only check that the signer was in possession of at least one corresponding private key, but not which one. In comparison to group signatures, the key advantage is that ring signatures can be created without the interaction of the decoy participants. The paper should give an overview of the different constructions of ring signature schemes and an in-depth explanation of one of them.

✘ Distributed Causality Tracking – English only

Distributed systems bring along certain challenges, such as an unreliable network and varying latencies. These challenges make it impossible in a distributed system, to agree on the current time and thus the ordering of events. The latter is only possible when two events can be causally linked. There are various approaches to establish these causal links and, thus, allowing to reason about whether an event happened before the other or if they happened concurrently. This causality serves as an enabling technology for other important technologies, such as consistency, distributed consensus, snapshotting, and blockchains. The goal of this seminar is to give an overview of distributed causality tracking and approaches to track causality.

✘ Securing Smartphones – English only

In this day and age, almost everyone owns a smartphone and takes it with them wherever they go. These devices contain a lot of personal data; thus, securing these devices is very important.

The goal of this seminar is to give an overview of the security architectures and mechanisms implemented in modern smartphones (for example based on iOS and/or Android) and to research solutions and proposals from academic literature.

✘ The rise of authenticated encryption – AES-GCM  – English only

"It is encrypted, why should I need integrity protection? It decrypts to garbage anyway if it was tampered with!" Statements such as this are often discussed with people less familiar with cryptography in protocol design. Unfortunately, it is not that easy and there are some (corner) cases in which this is plain wrong. However, even in general it is problematic to go without integrity protection. A long time, major cryptographic protocols such as TLS where mostly using HMACs in addition to encryption to ensure the integrity of messages. More recently, combined algorithms that provide encryption with authentication became more popular. Most commonly, we have AES in Galois Counter Mode (AES-GCM) today. In your presentation and paper, you should motivate the necessity of authenticated encryption and explain the basic idea and reasons for the success of AES-GCM.

✘ End-To-End Security for whole Software images – dm-verity – English only

Smartphones have become the extension of a person’s brain. They contain a lot of sensitive data and thus got more attractive for all kinds of attacks by criminals but also by state actors. Modern software vendors want to use hardware features such as secure boot to not only secure the kernel but also the complete user-land. Towards this end, dm-verity was introduced to the Linux kernel. It provides a way to ship whole Linux system images with an integrity protection mechanism based on Merkle-Trees. It enables vendors of embedded devices to sign a single hash in their CI infrastructure to secure a whole Linux system. In your presentation and paper, you should motivate the necessity for integrity protected software images by providing a threat analysis. Based on this, you introduce and explain the idea of dm-verity and the Merkle-Tree Construction.

Martin Lang (BMW Car IT)