Marker: AA, BA, MA, ThomasLukaseder, itsec, networks

Zusammenfassung: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

Marker: PROJEKT, AA, BA, MA, FrankKargl, retroaction, distributed, DominikMeissner

Zusammenfassung: Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Zusammenfassung: Pause/Shift/Resume is a mechanism for doing iterative graph processing on an evolving graph using snapshots. Our Chronograph graph processing platform provides very similar functionalities based on an event-sourced graph model. In this work, the student is asked to incorporate the Pause/Shift/Resume mechanism into our platform. Therefore, the mechanism has to be adapted and adjusted to event-sourced graphs. Furthermore, an evaluation should highlight the runtime behavior of the approach in different workloads.

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Marker: AA, BA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: A previous project implemented the dynamic network traffic analysis framework "ReFuzz". It allows to analyze unknown network protocols without having access to a endpoint implementation. For this framework, first, an evaluation of efficacy and efficiency of the method shall be performed for the use case of protocol reverse engineering. Therefore, suitable protocol specimens should be selected and metrics for the evaluation created from them. Measurements shall show the utility of ReFuzz for the use case of protocol reverse engineering in general.

Marker: BA, AA, VladimirNikolov, FranzHauck

Zusammenfassung: Ein Gegenstand von RTSJ sind die sog. Processing Groups. Ähnlich wie bei den Standard Java ThreadGroups können hiermit mehrere Echtzeitaktivitätsträger logisch zusammengefasst werden. Bei ihrer Ausführung schöpfen diese dann Ressourcen aus einem gemeinsamen Pool aus. Sind die Ressourcen verbraucht, müssen die Aktivitätsträger unter Umständen warten, bis der Pool wieder aufgefüllt wird. Dieses Verhalten ähnelt stark den aus der Echtzeitliteratur bekannten Deferrable Servers. Letztere werden z.B. für die Behandlung und Isolation von aperiodischen Aktivitäten in Systemen mit periodischen Echtzeit-Tasks verwendet und weisen eine bessere Reaktionsfähigkeit gegenüber anderen Servermechanismen. Im Rahmen dieser Bachelorarbeit soll die Funktionalität der RTSJ Processing Groups erweitert und ein Deferrable Server implementiert werden. Hierbei soll eine Real-Time fähige Java Virtual Machine unter Linux eingesetzt werden. Kenntnisse in den Programmiersprachen C und C++, sowie der JNI-Programmierschnittstelle sind von Vorteil.

Marker: AA, BA, MA, ThomasLukaseder, itsec, networks

Zusammenfassung: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

Marker: PROJEKT, AA, BA, MA, FrankKargl, retroaction, distributed, DominikMeissner

Zusammenfassung: Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

Marker: AA, MA, HenningKopp, FrankKargl, itsec

Zusammenfassung: Cryptographical hash functions are functions which compress an arbitrarily large (finite) input into a fixed finite set. They can serve as fingerprint of a file, since it is computationally difficult to find two inputs which yield the same hash value. Recently there appeared numerous cryptographic constructions which require a hash function which maps into an elliptic curve. This is a pretty recent development and has not yet been thoroughly researched. There are some candidate constructions but without performance measurements. The goal of the thesis is to compare the security properties of the schemes, as well as measuring their performance. Maybe you can even come up with your own own scheme for hashing into elliptic curves which you will get time to investigate.

Marker: MA, DA, AA, FrankKargl, privacy, mobile

Zusammenfassung: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Wissen über die Netzwerktopologie kann Helfen die Dienstgüte verteilter Multimedia-Anwendungen zu verbessern. Ein bekanntes Werkzeug zur Topologieerfassung ist traceroute, welches die einzelnen Hops einer Internet-Route von Quell- zu Zielhost sichtbar machen kann. Um ein umfassendes Bild der Topologie zwischen mehreren Teilnehmern zu erhalten müssen jedoch einige Herausforderungen angegangen werden: Zum einen existiert mit Load-Balancern eine starke Quelle von Ungenauigkeiten (Es können z.B. Links erkannt werden, welche nicht existieren.) zum anderen sind die Routen der Hin- und Rückrichtung im Allgemeinen nicht identisch und selbst wenn, ist dies nicht immer ohne Weiteres erkennbar: Router werden doppelt erkannt, weil deren ein- und ausgehendes Netzwerk-Inteface nicht zuordenbar sind. Man nennt dies Aliasing. In diesem Thema soll zunächst der Stand der Technik bei der Alias-Auflösung aufgearbeitet werden und dann aufbauend auf existierenden Vorarbeiten eine Implementierung angefertigt, sowie u.U. bestehende Heuristiken in ihrer Effizienz verbessert werden.

Marker: AA, BA, MA, ThomasLukaseder, itsec, networks

Zusammenfassung: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

Marker: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Zusammenfassung: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

Marker: DA, MA, AA, SvenSchober, networks

Zusammenfassung: Wissen über die Netzwerktopologie kann Helfen die Dienstgüte verteilter Multimedia-Anwendungen zu verbessern. Ein bekanntes Werkzeug zur Topologieerfassung ist traceroute, welches die einzelnen Hops einer Internet-Route von Quell- zu Zielhost sichtbar machen kann. Um ein umfassendes Bild der Topologie zwischen mehreren Teilnehmern zu erhalten müssen jedoch einige Herausforderungen angegangen werden: Zum einen existiert mit Load-Balancern eine starke Quelle von Ungenauigkeiten (Es können z.B. Links erkannt werden, welche nicht existieren.) zum anderen sind die Routen der Hin- und Rückrichtung im Allgemeinen nicht identisch und selbst wenn, ist dies nicht immer ohne Weiteres erkennbar: Router werden doppelt erkannt, weil deren ein- und ausgehendes Netzwerk-Inteface nicht zuordenbar sind. Man nennt dies Aliasing. In diesem Thema soll zunächst der Stand der Technik bei der Alias-Auflösung aufgearbeitet werden und dann aufbauend auf existierenden Vorarbeiten eine Implementierung angefertigt, sowie u.U. bestehende Heuristiken in ihrer Effizienz verbessert werden.

Marker: MA, DA, AA, FrankKargl, privacy, mobile

Zusammenfassung: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

Marker: PROJEKT, AA, BA, MA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Zusammenfassung: Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Zusammenfassung: Pause/Shift/Resume is a mechanism for doing iterative graph processing on an evolving graph using snapshots. Our Chronograph graph processing platform provides very similar functionalities based on an event-sourced graph model. In this work, the student is asked to incorporate the Pause/Shift/Resume mechanism into our platform. Therefore, the mechanism has to be adapted and adjusted to event-sourced graphs. Furthermore, an evaluation should highlight the runtime behavior of the approach in different workloads.

Marker: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Marker: AA, MA, DA, PROJEKT, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Zusammenfassung: The chronograph platform is a system for computing on evolving graphs. One module of the platform should provide an interactive user interface for exploring the history, evolution, and topology of the graph. The goal of this project is the design and implementation of a scalable, web-based user interface for the exploration of chronograph data.

Marker: AA, BA, HenningKopp, distributed, itsec, privacy

Zusammenfassung: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

Marker: AA, BA, MA, ThomasLukaseder, itsec, networks

Zusammenfassung: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

Marker: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

Marker: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

Marker: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Zusammenfassung: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

Marker: AA, BA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Zusammenfassung: A previous project implemented the dynamic network traffic analysis framework "ReFuzz". It allows to analyze unknown network protocols without having access to a endpoint implementation. For this framework, first, an evaluation of efficacy and efficiency of the method shall be performed for the use case of protocol reverse engineering. Therefore, suitable protocol specimens should be selected and metrics for the evaluation created from them. Measurements shall show the utility of ReFuzz for the use case of protocol reverse engineering in general.

Marker: MA, DA, AA, ChristianSpann, FranzHauck, ft

Zusammenfassung: Die Implementierung von Einigungsalgorithmen wie zum Beispiel Paxos oder dessen Erweiterung Vertical Paxos stellen den Programmierer wiederholt vor ähnliche Designentscheidungen. Eine generische API könnte eine Basis für die Wiederverwendung vieler Teilkomponenten schaffen und so den Aufwand für die Implementierung neuer Algorithmen reduzieren. Ziel der Arbeit ist der Entwurf einer solchen API.