Neben unseren regelmäßig stattfindenden Projektveranstaltungen (siehe rechte Spalte) bieten wir zusätzlich eine Reihe von individuellen Einzel- und Gruppenthemen für Projekte an. Diese können je nach Prüfungsordnung als Teil des Projektmoduls im Master eingebracht werden. Beachten Sie, dass in der Liste auch Arbeiten vorkommen, die sowohl als Abschluss- als auch als Projektarbeit ausgeschrieben wurden. Der Schwierigkeitsgrad und Umfang wird dann jeweils nach der Art der Arbeit angepasst.

„A Tool Support for Privacy Threat Modelling,“ Masterarbeit, Bachelorarbeit, Projektarbeitarbeit, A. Al-Momani (Betreuung), F. Kargl (Prüfer), Inst. of. Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Privacy engineering and particularly privacy threat modelling have gained a lot of attention in the recent years. Many methodologies have been proposed to model privacy threats. An example of such methods is the widely used LINDDUN method. As some recent (ISO/IEC) standards and regulations (e.g., GDPR) require handling risks associated with the elicited threats, we combined the LINDDUN method with a privacy risk rating method forming a holistic method that takes the system model as input and outputs a list of privacy risks. Your task in this project/thesis work is to implement a tool to support the the deployment of our developed method. Related work to such a tool is the commonly used Microsoft threat modelling tool which is used for security. Another very related example that is considered an extension to the MS tool is the TMTe4PT tool. There are no restrictions on the technologies or languages used in the implementation as long as it achieves the required features similarly to, e.g., TMTe4PT. This project can also be extended to a thesis by including research questions related to the countermeasure selection process.
„Login and user mangement for Angular and Shibboleth,“ Bachelor- oder Projektarbeitarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.
„Porting a Statistics Language Interpreter to Rust,“ Projektarbeitarbeit, D. Meißner (Betreuung), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
As part of our ongoing research, are we currently building a platform for secure statistical analysis based on SGX. The current prototype relies on a very simple statistics language, which we are planning to extend in the future. The goal of this project is to port an existing statistics language interpreter, such as PSPP, to the Rust programming language. Rust features a rich type system and can guarantee memory-safety and thread-safety during compile time, which makes it a great candidate for building safe and fast programming language interpreters. nom is a parser combinators library written in Rust that allows to build safe parsers without compromising on speed or memory consumption. This library can be used as a starting point to implement the parser.
„Service Function Chaining,“ Projektarbeitarbeit, L. Bradatsch (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 – Verfügbar.
To deliver end-to-end services like Internet access in a network, usually several network sub-services must be provided by the network infrastructure itself. In the case of providing Internet access to their users, a network infrastructure deploys Firewall and IP Network Address Translator (NAT) services in row to steer all incoming and outgoing packets through these services. Such sub-services are called network service functions. To provide Internet access to their users, several functions must be chained, which results in a service function chain. Motivated by the mostly statically deployed service function chains nowadays, the goal of this project topic is to evaluate and implement dynamic service functions. These functions must be dynamically adaptable to ongoing network needs. For the example of providing Internet access, it is possible that only critical network flows must steered through the Firewall. The service function chain could then decide dynamically (e.g. based on the destination port and IP address) if the specific flows must be processed by the Firewall or not. The decision itself could be made by a central enforcement point that routes the network packets through the network according to predefined rules. The minimum requirements to implement are a small dynamic service function chain consisting of all necessary Service Function Chain (SFC) components, a Firewall and an Reverse/Access Proxy (RP/AP) as service functions. It must be possible to dis- or enable the components dynamically (meaning that the packets are routed on an alternative route through the network). The implementation should base mostly on the SFC standards RFC 7665, 7498, 8595, 8459 and an existing SFC framework implemented by the University of Tübingen (which uses the MPLS protocol).
„Machine Learning with TensorFlow Privacy,“ Masterarbeit, Bachelorarbeit, Projektarbeitarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Verfügbar.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
„Optimizing Smart Mobile Crowdsensing Apps,“ Projektarbeitarbeit, M. Mehdi (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Verfügbar.
Mobile crowdsensing is the method of acquiring user experience data from users. Either in an automated fashion without limited user engagement, for instance using embedded sensors of the smartphone. Or in a participatory fashion, where the user is the main responsible for the provision of data, for instance filling out surveys. With regard to this, we have developed an app that acquires user experience data related to weather in both - automated as well as participatory fashion. However, using multiple embedded sensors of the smartphone consumes resources, battery, as well as storage. For successful completion of the project, the student is required to work on the existing mobile crowdsensing app. More specifically, in the project, the student will have the options to work on optimizing battery consumption, limiting resource usage, optimize sensor data storage, or improve the sensor data accuracy. Or the student has the freedom to suggest his own vision about extending the current app. The successful completion of the project requires the student to actively participate in the project meetings, deliver the tasks on time, write a project report and present their work at the end.
„Using Machine Learning for Misbehavior Detection in CACC,“ M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Verfügbar.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
„Electroencephalography (EEG) using Smartphones,“ Projektarbeitarbeit, M. Mehdi (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Verfügbar.
Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus enabling mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Mobile EEGs are dedicated hardware equipment capable of coupling with many state-of-the-art smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with smartphones. For successful completion of the project, the student is required to work on Bluetooth 2.1 stack to couple electrical signal simulator with Smartphones. More specifically, in the project, the student will have the options to work on acquiring and collecting data from the simulator, managing the bandwidth of incoming data, real-time data compression, visualizing data on smartphone, or optimally storing data in a database.
„Machine Learning on Encrypted Data,“ Bachelor Thesis, Master Thesis, Projektarbeitarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Verfügbar.
Encryption is one of the most reliable techniques for protecting information. However, once data is encrypted, using it becomes very difficult. Goal of this thesis or project, is to explore how Machine Learning algorithms can be designed to be able to deal with encrypted data. Firstly, a survey of existing mechanisms should be conducted. In a second part, algorithms will be comparatively implemented, or own encryption mechanisms introduced.

Reguläre Projekte im Master

Rechnernetze und IT-Sicherheit I und II
4Pj, 8LP, jedes Semester

Verteilte Anwendungen, Plattformen und Systeme I und II
3Pj, 8LP, jedes Semester



Marion Köhler
Claudia Kastner
Emailaddresse Sekretariat
Telefon: +49 731 50-24140
Telefax: +49 731 50-24142


Institut für Verteilte Systeme
Universität Ulm
Albert-Einstein-Allee 11
89081 Ulm


Gebäude O27, Raum 349
89081 Ulm