I currently have several open M.Sc. thesis topics that have not yet been reserved. If you are interested in working on one of these topics with me, get in touch.
The open topics are:
Privacy-respecting business intelligence in the cloud – The goal of the proposed project is to utilize cloud computing to rapidly evaluate large data sets used by an online retailer, while at the same time keeping security-sensitive information inside the security perimeter. Cloud computing is especially interesting for companies that have varying demand of computing capacity. The IT Infrastructure can hence be efficiently designed with low fixed cost for spare capacity. Business intelligence according to businessdictionary.com are „computer-based techniques used in spotting and analyzing business data, such as sales revenue by products or departments or associated costs and incomes. Objectives of business intelligence include understanding of a firm’s internal and external strengths and weaknesses, understanding of the relationship between different data for better decision making, detection of opportunities for innovation, and cost reduction and optimal deployment of resources.“ Algorithms for in-house evaluation of large data sets are already applied, albeit with a long processing time. To increase flexibility with respect to quick and unforeseen requests, moving these algorithms to a cloud platform is desired. A security challenge is to design evaluation in a way that person-related data and trade secrets are kept under control of the enterprise and are not processed on untrusted computing infrastructure. The industrial partner ELV Elektronik is a medium-sized online retail business with a history of more than 30 years serving thousands of customers per day. Well-suited for full-time students who want to „get their hands dirty“ with programming applications that run in the cloud. Bonus: I have received funding for project SKYLINE (cost-effective use of cloud computing for small companies) that allows to re-use development to be done this autumn as a platform for this M.Sc. thesis next spring.
ICT supply chain integrity – The goal of the proposed project is to secure the integrity of firmware used in production of electronic devices, i.e., make sure that a predictable version of code is used in a device. Firmware embedded in a device, e.g., in a heating controller, is ultimately based on a collection of source code files, a compiler, and a compiler configuration. To ensure predictable functionality of the device delivered to the customer, integrity and authenticity of all intermediate components in the development and production process have to be verified. This includes management of (possibly external) contributors to the source code, repeatable compilation of code, provision of compiled code to quality assurance department, provision of exactly the version of compiled code that was released by quality assurance to the production database, transfer of production data over a public network to the production site in another country, transfer of production data over an insecure local network to a production machine, programming of firmware chunks into a processor in the presence of un-trusted workers. In addition, there is the requirement of logging all steps in the process for presentation to the customer, and for analysis in case of malfunctions. Ideally, it should be possible to trace the source code version used for a device based on the device identifier used in production. An initial version of integrity assurance in the production process exists and is in place. However, some security trade-offs were made in favour of time to implementation. The intention of the project is to document and analyze the current process, remaining vulnerabilities, and to point out improvements that enhance security and reliability. The industrial partner eQ-3 group is a global player in development and manufacturing of innovative electronic devices for use in domestic and commercial environments. This area of business has been active on the market for over 25 years. Well-suited for full-time students who are able to think in processes and those who are not afraid to talk to engineers.
Security architecture of a home automation gateway – The goal of the proposed project is to analyze the software architecture of a home automation gateway with respect to confidentiality, integrity, availability, and accountability requirements. A home automation gateway connects sensors and actuators with an internet portal server. Sensors and actuators are used to control heating and cooling in a building. The internet portal server can be accessed from a range of devices including smart phones and personal computers. Access to sensors and actuators needs to be protected against malicious activity. A product version is already being shipped to customers. Trade-offs were made and an independent evaluation of product security is desired. The industrial partner eQ-3 group is a global player in development and manufacturing of innovative electronic devices for use in domestic and commercial environments. This area of business has been active on the market for over 25 years. Well-suited for full-time students who want to know more about embedded systems, code review, and those who are not afraid of C and Java.
Survey of contracts in access control models – The goal of the proposed project is to gain an overview of how civil law contracts can be represented in access control models, with the ultimate goal of closing the gap between law and its implementation in IT. The proposed topic is an extensive literature survey on existing access control models with respect to how they support representation of access rights implied by contracts. It should also be evaluated where there are shortcomings of existing models and it should be pointed out how an existing model could be improved/enhanced to better accommodate contracts. Contracts exist in the civil law codes of all jurisdictions, be it based on Roman Law, Napoleonic Code, Sharia, chinese civil law and others. Many classic access control models allow a unilateral specification of access rights in the form of a triple (subject, object, access mode). In civil law codes, however, a contract is between legal persons with equal standing and involves rights as well as obligations. To better facilitate modeling of rights and obligations stated in contracts, the technical infrastructure, i.e., an access control model, should be able to deal with specification of multilateral access rights. Contractual relations have become more important in computer science with respect to applications like web services and software as a service, and will continue to be important owing to outsourced computation in cloud computing. Well-suited for part-time students with a sense of legal/commercial issues and those who are not afraid of formal models.
Other topics that I am about to supervise next spring comprise „Cross-platform evaluation of app hardening“, „Client-side vulnerabilities – how to manage and prevent them in a e-ID environment“, and „Trusted path and logging+audit support in operating systems“.
You enjoy working with me if you are able to think independently, are technically proficient, are able to develop software, and consider a M.Sc. thesis project to have a workload of ca. 900 hrs. And, as I said of my field of research in a presentation of open topics in May: „No biometrics, no crypto, no questionnaires“.
If you are interested in working on one of the open topics with me, get in touch.
