Neben unseren regelmäßig stattfindenden Projektveranstaltungen (siehe rechte Spalte) bieten wir zusätzlich eine Reihe von individuellen Einzel- und Gruppenthemen für Projekte an. Diese können je nach Prüfungsordnung als Teil des Projektmoduls im Master eingebracht werden. Beachten Sie, dass in der Liste auch Arbeiten vorkommen, die sowohl als Abschluss- als auch als Projektarbeit ausgeschrieben wurden. Der Schwierigkeitsgrad und Umfang wird dann jeweils nach der Art der Arbeit angepasst.

„A Tool Support for Privacy Threat Modelling,“ Masterarbeit, Bachelorarbeit, Projektarbeitarbeit, A. Al-Momani (Betreuung), F. Kargl (Prüfer), Inst. of. Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Privacy engineering and particularly privacy threat modelling have gained a lot of attention in the recent years. Many methodologies have been proposed to model privacy threats. An example of such methods is the widely used LINDDUN method. As some recent (ISO/IEC) standards and regulations (e.g., GDPR) require handling risks associated with the elicited threats, we combined the LINDDUN method with a privacy risk rating method forming a holistic method that takes the system model as input and outputs a list of privacy risks. Your task in this project/thesis work is to implement a tool to support the the deployment of our developed method. Related work to such a tool is the commonly used Microsoft threat modelling tool which is used for security. Another very related example that is considered an extension to the MS tool is the TMTe4PT tool. There are no restrictions on the technologies or languages used in the implementation as long as it achieves the required features similarly to, e.g., TMTe4PT. This project can also be extended to a thesis by including research questions related to the countermeasure selection process.
„Applications for the LoRaPark Ulm,“ Projektarbeitarbeit, F. Kargl und B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
„ByTI: Simulation Environment for a Byzantine Timer for State-Machine Replication,“ Projektarbeitarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Byzantine fault tolerance can handle not only crashing nodes but also nodes with arbitrary faulty behaviour (hacking, intrusions, sporadic and intermittent faults). State-machine replication (SMR) can tolerate Byzantine failures by replicating a service onto multiple nodes and deploying a communication protocol that distributes requests to all replicas in the same order. Each replica node needs to run deterministically in order to achieve the same output in correct nodes. For implementing a deterministic timer (wall clock, interval timer), we developed a heartbeat-based distributed algorithm called ByTI (Byzantine Time Intervals). In order to improve and visualise its behaviour, this project is supposed to develop a simulation environment for the ByTI algorithm. The simulation environment should visualise the sent messages and its temporal distribution including the outcome of ByTI results (current time, interval lengths). The simulator should be able to simulate configurable message delays, delay distributions and predefined Byzantine behaviour. Further, the simulated algorithm should be adaptable in order to implement improvements. The student may decide on the technology used for implementation.
„Generating synthetic data using MABS,“ Bachelorarbeit, Projektarbeit, M. Wolf (Betreuung), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
PaySim, a Mobile Money Payment Simulator simulates money transactions between users based on Multi Agent Based Simulation (MABS). It also generates data that can be used to test algorithms which should detect suspicious activities or fraud. This generated data is based on real financial data, which cannot be published for security reasons. In order to use or train the detection algorithms on real data, the synthetic information should be as similar as possible to the real one but not exactly the same. In this project or thesis, you should read the work of A. Elmir and E. Lopez-Rojas (PaySim), as well as the theory of MABS. Then you should implement a similar program to PaySim, which has certain data as input and should output generated synthetic data which fulfills the above requirement. As a test, you have to use the VeReMi Dataset where detection algorithms and results already exist. Then, the tool will be used on CAN messages.
„in.Crease-Reg: Design and implementation of a web application for student regulations,“ Projektarbeitarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Imagine you could read all regulations of your study program online. You could see diffs to previous version, see only the paragraphs that matter to you, and you can follow links to referred paragraphs and even other regulations. Official comments may explain complex wordings. Sounds interesting? You could work towards that with this project. As part of the in.Crease web application, we want to create a regulation module that does exactly that. Technologies in use are among others Angular, TypeScript, Node.js and PostgreSQL. The project has to design the user story, the user interface, the interface between frontend and backend, the data model, and the caching strategy for improving server performance. A lot of previous thoughts are available as a starting point, as is a framework of components for the UI, e.g., a sophisticated tree component and the main component to select context and the type of module of the service. As the envisioned service is rather complex, this topic could easily be split among multiple students or into multiple parts for a single student. Pairs of students are also welcome.
„Login and user mangement for Angular and Shibboleth,“ Bachelor- oder Projektarbeitarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.
„Porting a Statistics Language Interpreter to Rust,“ Projektarbeitarbeit, D. Meißner (Betreuung), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
As part of our ongoing research, are we currently building a platform for secure statistical analysis based on SGX. The current prototype relies on a very simple statistics language, which we are planning to extend in the future. The goal of this project is to port an existing statistics language interpreter, such as PSPP, to the Rust programming language. Rust features a rich type system and can guarantee memory-safety and thread-safety during compile time, which makes it a great candidate for building safe and fast programming language interpreters. nom is a parser combinators library written in Rust that allows to build safe parsers without compromising on speed or memory consumption. This library can be used as a starting point to implement the parser.
„Yahoo Cloud Storage Benchmark for State-Machine Replication,“ Projektarbeitarbeit, G. Habiger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
The YCSB is an open source benchmarking specification and framework for evaluating the performance of database-like software. Since its release in 2010, it has evolved into a de facto stan-dard for benchmarking commercial products like Redis, HBase, Cassandra and many others. Not only in the industry, but also in the scientific community, many researchers are using the YCSB to evaluate and compare their scientific findings and software artifacts against other published solutions. This project should create a YCSB Client implementation and workloads for benchmarking our platform for replicated state-machines built within our institute in the recent years. State-machine replication is a technique for providing high levels of fault-tolerance. In research projects we extended the existing BFT-SMaRt framework for our use. In the future we would like to use the results of this project to evaluate performance changes when extending the framework further. Students with previous knowledge in these areas are preferred, but the necessary skills can also be acquired during the project. At the end of the project, a thorough comparison of the newly YCSB-enabled software artifacts should be conducted.
„Zero Trust SFC enabled HTTP based Multi Factor Authentication,“ Projektarbeitarbeit, L. Bradatsch (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Since Google introduced their BeyondCorp project, Zero Trust (ZT) is one of the most popular buzzwords in the area of network security. In a ZT network, Policy Enforcement Point (PEP) and Policy Decision Point (PDP) are responsible for central authentication and authorization (Auth*). Both mentioned components and conventional security functions such as firewalls work largely independently of each other when it comes to processing packets. This leads to inefficient scenarios in which all packets are processed by time- consuming security functions. By coupling the conventional security functions to the PEP/PDP, higher efficiency in security-relevant packet processing can be achieved. This can be achieved by leveraging the Service Function Chaining (SFC) approach. SFC allows the dynamic chaining of conventional network service functions such as HTTP header enricher or firewalls. For each network flow can be decided what service function should be applied to all the flow's packets. The PEP/PDP in a ZT network acts then as the orchestrator, decides about the functions that should be chained together. By doing this, it can be efficiently decided which function should be applied. The goal of the project is to implement one of the thus orchestrated security service functions namely a Multi Factor Authenticator (MFA) that is embedded in a already existing Zero Trust SFC prototype. The MFA must be HTTP based and written in Go. Requirements: Good knowledge of Go and security protocols).
„Machine Learning with TensorFlow Privacy,“ Masterarbeit, Bachelorarbeit, Projektarbeitarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Verfügbar.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
„Using Machine Learning for Misbehavior Detection in CACC,“ M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Verfügbar.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
„Machine Learning on Encrypted Data,“ Bachelor Thesis, Master Thesis, Projektarbeitarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Verfügbar.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Reguläre Projekte im Master

Rechnernetze und IT-Sicherheit I und II
4Pj, 8LP, jedes Semester

Verteilte Anwendungen, Plattformen und Systeme I und II
3Pj, 8LP, jedes Semester



Marion Köhler
Claudia Kastner
Emailaddresse Sekretariat
Telefon: +49 731 50-24140
Telefax: +49 731 50-24142


Institut für Verteilte Systeme
Universität Ulm
Albert-Einstein-Allee 11
89081 Ulm


Gebäude O27, Raum 349
89081 Ulm