T. Schrull, „Evaluation platform for state-machine replication,“ Masterarbeit VS-2024-10M, A. Heß (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2024 – Abgeschlossen.
D. Dik, „Automated disaster detection and recovery for cloud applications,“ Bachelorarbeit VS-2024-06B, L. Beyenburg (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2024 – Abgeschlossen.
C. Schilling, „A practical evluation of the Keylime framework,“ Bachelorarbeit VS-2023-14B, A. Heß (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2024 –
Abgeschlossen.
Keylime is a well-maintained open-source framework that provides secure bootstrapping procedures for remote machines based on Trusted Platform Modules (TPMs). The project promises to make TPM technology more accessible for developers. The task of this thesis or project is to browse Keylime's feature set and demonstrate a subset of the features with a suitable application scenario.
„Trust Assessment Framework for Connected, Cooperative, and Automated Mobility (CCAM),“ Bachelor oder Masterarbeit, N. Trkulja (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
Connected, Cooperative, and Automated Mobility presents the vision for the future of automotive transportation in which all vehicles generate and share vast amounts of data between themselves and with the rest of the Vehicle-to-Everything (V2X) network. These data are used in a variety of safety-critical functions such as Cooperative Adaptive Cruise Control (CACC) or Cooperative Intersection Management (CIM). As such, it is important to not blindly trust this data, but to continuously evaluate the level of data's trustworthiness in order to infer trust and decide whether to use the data. For the purpose of doing this, a Trust Assessment Framework (TAF) needs to be build that will be implemented in each entity that is part of the CCAM ecosystem and which runs relevant functions. The goal of the TAF will be to assess trustworthiness of the different types of safety-critical functions, as well as the data that serve as input to the TAF, and decide whether a node or a data set can be trusted. Such trustworthiness decisions will be based upon trust sources that will serve as evidence and consist of a variety of security controls, as well as the outputs from the misbehavior detection system.
„State of Event Sourcing Application Development,“ Masterarbeit VS-2023-04M, B. Erb and E. Meißner (Betreuung), F. Kargl and F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
The event sourcing storage architecture is increasingly used for developing applications. However, previous work shows that developers encounter a couple of challenges when applying the pattern. One such challenge is the lack of mature tools and solutions, which help developers in implementing event-sourced applications. No detailed and methodological comparison of the tools already available on the market existed at the time of writing. This thesis introduces a methodology on how to compare and categorize such tools and applies it to three solutions (EventStoreDB, Axon, and Akka), which are selected according to a set of requirements. To remove subjective opinions from the assessment of the qualitative aspects, quality gates are defined, in addition to benchmarks, which are used to evaluate some quantitative aspects. Two example applications which cover a selection of event sourcing features are defined and implemented using the three selected tools, providing insight into how they aid in the development process. In the end, a detailed comparison of the capabilities of the evaluated tools is given and recommendations for when to use each tool are provided.
„Security Mechanisms for Multi-Tenancy Event-Sourced Graphs,“ Masterarbeit VS-2023-13M, B. Erb and E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
This thesis aims to investigate and address the security challenges that arise when applying multi-tenancy to a graph-based processing platform that is characterized by computational entities that exchange messages and whose behavior depends on user-defined code. Using threat modeling techniques, we enumerate relevant threats and discuss adequate security mechanisms. The more promising ones are then deployed on a prototype platform. We compare the performance costs of access control using an attribute based policy language implementation (XACML, Authzforce) against extending the computational entities with this functionality and find that, in our case, the former is slower but may provide other benefits. We also measure the performance costs introduced by using a strategy against denial-of-service attacks through user-submitted code on the application level and determine that this introduces significant overhead. The general considerations in this thesis and the results obtained from the evaluations may prove useful when implementing a system that is similar to ours. It will aid in detecting threats and help in the selection of an adequate access control method.
R.-N. Schmidt, „Intel SGX Application Development with Gramine,“ Bachelorarbeit, A. Heß (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
Intel SGX allows to launch tamper-proof enclaves in main memory, which can be used to isolate parts of an application's codebase that have to deal with sensitive data. There is a broad spectrum of possible applications ranging from fault-tolerant systems to privacy-preserving machine learning approaches. Intel's SGX SDK provides functionality to derive C wrapper functions based on a special-purpose Enclave-Definition Language. These wrapper functions can then be used for the interaction between trusted and untrusted parts of C/C++ applications. However, the design of this enclave interface requires special care during the development process. The Gramine project promises to circumvent this step by providing functionality to wrap unmodified linux applications in Intel SGX enclaves. The goal of this thesis/project is to break down the application development process with Gramine, in order to reveal possible limitations or pitfals. Further, a performance evaluation could be conducted to measure the overhead of Gramine in comparison to a native implementation.
D. Hunt, „Implementation and Evaluation of Eve, a Speculative Byzantine Fault Tolerant State Machine Replication System for Multi-Core Servers,“ Masterarbeit, A. Heß (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 – Abgeschlossen.
J. Meyer-Hilberg, „GraphQL-Engine als Anwendung für State-Machine Replication,“ Bachelorarbeit VS-2023-12B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
State-machine replication (SMR) is a concept to achieve fault-tolerant services. The Institute of Distributed Systems has an own framework to deploy, run and evaluate such services. Unfortunately the overhead of SMR is quite high so that evaluations achieve bad results for very short-running applications. GraphQL is a backend technology for web-based services. The browser sends some sort of query to the backend where it is parsed, evaluated and the results are compiled according to the query demands. This sounds well-suited for evaluating practical SMR services. However, for SMR the application has to stick to certain rules, e.g. use provided locks to control concurrency. The task of this project is to evaluate existing GraphQL implementations in Java, decide on one to adapt, and transform this GraphQL in order to run on our SMR framework. Idealy, the typically used relational database management system is replaced by some simple in-memory implementation, so that a replicated GraphQL service does not need a DBMS to run. In case enough remaining time is available, measurements and comparisons to other non-adapted GraphQL implementations would be ideal.
X. Li, „Eine Proof-of-Concept-Studie über Service Mesh,“ Bachelorarbeit VS-2023-06B, E. Meißner (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 – Abgeschlossen.
„Confidential Computing via Multiparty Computation and Trusted Computing,“ Masterarbeit VS-2023-05M, E. Meißner and B. Erb (Betreuung), F. Kargl and F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2023 –
Abgeschlossen.
In the wake of the social sciences’ so-called replication crisis, researches increasingly strive to adopt methods preventing questionable research practices in empirical studies, e. g., study preregistration and full publication of survey datasets. However, publication of survey responses poses a serious threat to the privacy of study participants. Previous work has addressed this issue while maintaining protection against questionable research practices, but either relies on Trusted Execution Environments (TEEs), which have been shown to be susceptible to various kinds of attacks, or on Secure Multiparty Computation (SMPC), requiring a honest majority of participating parties. In this work, we combine TEEs with SMPC in a platform for conducting empirical studies that provides strong guarantees for the privacy of participants. Survey responses are split into secret shares, which are distributed among a number of TEE-protected computation parties. Statistical analysis of responses is performed as an SMPC. The platform is secure against a wider range of attackers than related work, i. e., against attackers either able to circumvent the utilised TEE or controlling a majority of the computation parties. We implement a prototype of this platform and evaluate its computational performance against alternative approaches. We show that it is suitable for conducting real-world privacy-preserving empirical studies, placing only minimal computational load on survey participants. Its performance in conducting statistical analysis is inferior to its alternatives, requiring ca. 10 min for performing one two-sample t-test. However, we argue that this is sufficient for real-world settings. Additionally, we list several approaches with which performance can be enhanced.
D. Riedel, „Simulation and evaluation of a Byzantine clock,“ Bachelorarbeit VS-2022-13B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 –
Abgeschlossen.
At the institute, an algorithm has been designed that realises a common time base in a group of nodes in a distributed system. Nodes can be compromised and may try to deceive the algorithm. The task of this thesis is to simulate and evaluate the behaviour of the algorithm in the presence of statistically distributed latencies between nodes. The simulation shall use a common network model for LAN and WAN scenarios. Through the simulation, the behaviour of the algorithm shall be investigated under conditions that are as realistic as possible and any problems shall be identified and addressed. Depending on the type of work, the effort will be adjusted. The work is suitable for people who are not afraid of random variables and probability distributions. Simulation frameworks in Java, an own implementation (preferably also in Java), or Matlab/Simulink could be used for the implementation.
„Optimization of Location Using a Single NB-IoT Cell,“ Masterarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
„Interaktive Demos für Grundlagen der Rechnernetze,“ Bachelorarbeit VS-2022-09B, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
„Exploring Linkability of Psychological Research Data using Socio-Demographic Attributes,“ Masterarbeit VS-2022-01M, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
„Exploring Linkability of Psychological Research Data Sets using Psychological Scales,“ Masterarbeit VS-2022-02M, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
J. Dommer, „Entwicklung eines Monitoring Tools für BFT-SMaRt,“ Bachelorarbeit VS-2022-12B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
M. Seiffert, „Efficiently Running and Accessing Remote Android Emulators,“ Masterarbeit VS-2022-18M, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 – Abgeschlossen.
„Comparing different vehicle architectures based on attack path analysis,“ Bachelorarbeit, M. Wolf (Betreuung), Inst. of Distr. Sys., Ulm Univ., 2022 –
Abgeschlossen.
In this thesis you have to make attack path analyses on different internal vehicle network architectures and compare them based on which provides more security with regards attack paths. The first step would be creating multiple different architecture diagrams. Then you have to write a program, which reads files of a vehicle network topology, maps this to a list of entry point and target ECUs, and generates a list of all possible attack paths. To get a quick and early result, this list should be sorted by the number of hops over each gateway. The next step would be giving each entry point, gateway and connection a rating on how big the attack feasibility for this element is. Then, attack paths can be calculated - e.g. with the formula of the paper "ThreatSurf A method for automated Threat Surface assessment". At last, you have to decide on a criteria on how to rate the different topologies and compare them with it.
T. Nguyen, „Combining software-transactional memory with deterministic execution for replicated state machines,“ Masterarbeit VS-2022-17M, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 –
Abgeschlossen.
Replicated state machines are used to tolerate failures in distributed services. Such state machines need to be deterministic in order to achieve the same output as their replicas. For deterministic and concurrent execution, deterministic multithreading is used. This thesis shall apply techniques from software-transactional memory (STM) to deterministic multithreading. STM uses atomic memory operations to achieve an atomic update of data structures, just like transactions in database systems. We envison the development of data structures in Java (e.g. single variables, lists, arrays, etc.) that are internally using STM techniques. Access to these data structures is always intercepted and traced by particular methods invocations. Internally, multiple versions of the data are stored and tracked to their transactions so that aborting a particular transaction can be easily undone, and tainted transactions can be identified for further aborts. Determinism can be easily achieved by enforcing the same serialisation of transactions in all replicas. However, there is room for improving concurrency. Appropriate concepts can be developed, implemented and evaluated by the student.
J. Ulrich, „Client-Server Interfaces for Byzantine Fault Tolerant Services in Kubernetes,“ Masterarbeit VS-2021-30M, A. Heß (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2022 – Abgeschlossen.
A. Abbati, „Byzantine fault-tolerant IoT sensor processing,“ Bachelorarbeit VS-2022-14B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2022 –
Abgeschlossen.
In the Internet of Things (IoT), there are often sensors whose collected data must be prepared and further processed. This often happens in the edge area, i.e. close to the sensors, and in the cloud, i.e. in some remote data centre. The aim of this work is to explore how Byzantine errors can be tolerated in the pre-processing of sensor data until it arrives in the cloud. Byzantine errors range from total failure to sporadic hardware and software failures to nodes taken over by attackers. The work should include a reference implementation, ideally using the IoT framework developed in the SORRIR project. SORRIR is implemented in TypeScript. The work is suitable for people who have at least heard the lecture Introduction to Distributed Systems (GVS) or even Fault-tolerant Distributed Systems (FTDS), or want to familiarise themselves with these topics accordingly. The workload will be adjusted according to the type of thesis (project, bachelor, master).
„The impact of privacy in Vehicular Edge Computing,“ Bachelorarbeit, Masterarbeit, Projektarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
Modern vehicles will communicate with their environment using Vehicular Ad Hoc Networks (VANET) sending out regular status beacons or warning messages. Those are collected by Road Side Units (RSU) and will be combined with other data, like weather or information from the backend. With this data certain calculations can be performed (e.g. predicting the vehicle density). Furthermore, vehicles may transfer additional data, which is too resource intensive to calculate for themselves, to the RSUs . This process of transmitting data for expensive calculations is called Edge Computing. Currently a lot of work focuses on the benefits and possible applications of VEC, as well as on how PETS can be implemented. But little research is done how privacy techniques impact VEC and safety. In this project/thesis, you have to implement one or more PETS (depending on ECTS) in a VANET simulation framework (Plexe/Veins) and analyze its impact.
„The impact of privacy on smart traffic lights systems,“ Masterarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
With modern technologies in vehicles like the use of VANETS, other systems like traffic lights can be upgraded. A smart traffic light system (STLS) can adjust the green phases according to the number of vehicles driving towards it. An even more intelligent version, can even calculate the vehicles' trajectory and approximate arrival time, adjust the phase appropriately and then send a message to the vehicle with how long the green phase will last. With this information, the vehicle can then adjust the speed so it will does not need to break. The STLS would need certain information of the vehicles, like position, speed and size, which could lead to a privacy breach when the vehicle can be tracked. Therefore, privacy mechanisms need to be implemented, like the PET Differential Privacy. In this thesis, you should create a survey of possible PETs as well as look into possible scheduling algorithms for this scenario. Select a simple and a more complex algorithm for the traffic light control and compare them with the help of a simulation. Then choose at least one PET with which you will evaluate the impact of privacy on your STLS.
„Test-based Validation of Network Programming Tasks,“ Projektarbeit, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
We have a collection of Java programming tasks as part of our introduction to computer networks course. In these programming tasks students are instructed to implement network applications matching a strict set of rules. The goal of this project is to implement a rule-based testing framework to aid the grading of such programming tasks and providing immediate feedback to students whether their implementation is correct or not.
M. Glumann, „Modern Deployment Approaches for Web Applications,“ Projektarbeit, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
The deployment process of web applications has changed a lot over the recent years. Manual administration of infrastructure has been streamlined by provisioning tools, such as Ansible, and application deployment has been revolutionized by DevOps practices and orchestration systems, such as Kubernetes. However, these advances often hide a lot of complexity and require a lot of expertise to apply correctly. As part of this work, you should research and compare different approaches to deploy a typical modern three-tier web application (e.g., Vue, Node.js, PostgreSQL). Furthermore, a demo application should be deployed using the researched continuous integration and continuous delivery methods, with special consideration of monitoring, backups, and application upgrades.
M. Strobel, „Login and user mangement for Angular and Shibboleth,“ Bachelorarbeit VS-2021-17B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
Angular is a web framework for single-page application, i.e., most business logic resides in the browser not on the server. The server is contact by a REST interface, mainly used to get direct access to the application data. Shibboleth is an authentication technology used also by KIZ to authenticate and authorise web access. In this work, a simple demo application has to be developed together with a concept for authenticating users and authorisation of their application-logic and REST-based data accesses. Ideally the concept is some sort of library including guidelines, and is tested against the KIZ identity provider. This work includes some basic user management in the application to recognise already known users and attach preferences etc. to it. Challenges are user-authentication expiry during user sessions and version updates in the backend server during the life time of the single-page application.
„Impact of HTTP/3 on Microservice Architectures,“ Masterarbeit VS-2021-16M, B. Erb and E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 – Abgeschlossen.
F. Diemer, „Efficient acquisition data upload from mHealth applications to a back-end server for persistent storage,“ Masterarbeit VS-2021-13M, M. Mehdi (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2021 – Abgeschlossen.
„Designing exercise tasks for Security in IT-Systems lecture,“ Bachelorarbeit, Masterarbeit, Projektarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
This topic addresses primarily students of the teaching profession, however others may also apply. In this work you should design and create one or more exercise sheets (depending on the ECTS) for the lecture Security in IT-Systems combined with an automated grading system. One such sheet can be about web security where students have to hack a web server launched on a docker image - similar to hackthissite.org. For a list of other topics, please refer to the module description: https://www.uni-ulm.de/in/vs/teach/sec
„Designing and Validating a Trust Model based on Subjective Logic for the Automotive Domain,“ Bachelorarbeit, Masterarbeit, D. Mauksch (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
In this thesis, we want to investigate the design of a trust model to allow modeling of the security-related trust relationships between different entities and data items. This can be useful, for example, to determine whether to trust another vehicle or data received from that other vehicle through car-2-x communication. In the end, we aim for a reasoning framework that allows to automatically answer questions on whether to trust another entity or data in a cooperative traffic system or not. The model should be based on subjective logic, a powerful, probabilistic logic that allows reasoning under uncertainty. The resulting model should be generic enough to be used in various scenarios, like the aforementioned misbehavior detection in connected cars, evaluating trust in over-the-air software updates, or assessing trust of in-vehicle components. It can be built on earlier works in our institute that already described such a model for the specific purpose of misbehavior detection and where we aim now for a more generic model. Beyond designing the trust model, the thesis should also evaluate it by showing its applicability to the three scenarios, and by providing a proof-of-concept implementation of a reasoning framework to allow inference over that model.
B. Buffinton, „Database scheme evolution in CI/CD environments,“ Bachlor's Thesis VS-2021-09B, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2021 – Abgeschlossen.
M. Kempfle, „Consensus replacement in a modular state-machine replication framework: trial and evaluation,“ Masterarbeit VS-2021-11M, G. Habiger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2021 – Abgeschlossen.
W. Fischer, „A Tool Support for Privacy-Threat Countermeasure Selection,“ Masterarbeit, A. Al-Momani (Betreuung), F. Kargl (Prüfer), Inst. of. Distr. Sys., Ulm Univ., 2021 –
Abgeschlossen.
Privacy engineering and particularly privacy threat modelling have gained a lot of attention in the recent years. Many methodologies have been proposed to model privacy threats. Such methodologies provide only limited support to selection of proper countermeasures to elicited threats. We proposed to rely on privacy patterns as recipes for solutions to privacy threats. We analyzed those patterns with respect to their properties, and also proposed a decision tree approach to support their selection. Your task in this thesis work is to enhance our solution trees and implement a tool to support the deployment of the developed trees. The enhancement may include investigating how selecting a pattern affects selecting another pattern, i.e., the relationship among patterns, and how the best suited pattern for a certain threat can be selected. A ranking approach for the patterns can be investigated. Related work on the tool-support side includes LINDDUN Go, the OWASP threat dragon tool, and the commonly used Microsoft threat modelling tool which is used for security.
S. Merkel, „Web Content Integrity Protection,“ Masterarbeit VS-2020-13M, E. Meißner (Betreuung), F. Kargl and F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
Web clients can not determine whether they have been delivered the same version of a web application as the rest of the world, which allows a web server to deliver manipulated content to specific users, allowing them to bypass implemented functionality or inject other malicious behavior. For example, a malicious web application provider who offers a web application with end-to-end encryption functionality can deliver a manipulated implementation of the encryption mechanism to targeted users and obtain access to otherwise unreadable messages or secret keys. The thesis introduces a concept to authenticate web applications and thus prevent covert attacks by web application providers through different resource versions on individual users. Previous work has created more transparency in resource management, but still allows the use of different resource versions, violates privacy, or is based on a trust model without verification possibilities. The developed concept is based on a verifiable trust model, where all users accept only the same resource version, forcing web application providers to offer the correct web application or increasing the risk for malicious web operators of detecting their manipulated resources. Two different approaches for the verifiable trust model were designed based on available mechanisms and implemented and evaluated in proof-of-concept prototypes. By using the developed concept, web application providers are able to deliver an authenticated web application and thus provide functionality to all users in a trustworthy manner, while at the same time increasing the probability to catch malicious web application providers.
A. Heß, „Verwirklichung eines Privatsphäre garantierenden Broadcast Protokolls,“ Masterarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2020 –
Abgeschlossen.
Die Verbreitung von Transaktionen in Blockchain-Netzwerken kann viele Informationen über deren Nutzer preisgeben. Ins- besonder muss die Vertraulichkeit von Zahlungsinformationen geschützt werden. Um diesen Schutz zu erreichen, haben wir ein Protokoll entworfen, welches die Privatsphäre dieser Trans-aktionen gewährleistet und Entwicklern die nötige Flexibilität für verschiedenste Anwendungsszenarien bereitstellt. Doch es bleiben viele offene Fragen für die Umsetzung in der Praxis, beispielsweise die Anpassung an praktische Begebenheiten und die Erstellung der nötigen Gruppen. Ziel dieser Arbeit ist es, einige der offenen Fragen zu klären und das Protokoll im Rahmen einer Proof-of-Concept-Implementierung zu evaluieren. Geeignet für Studierende mit Erfahrung Netzwerkprogrammierung. This project can also be completed in English. Please contact me for further details.
„Security Analysis of an Android App,“ Masterarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
The majority of adults have cell phones that are used for many different tasks, and for each task there are different apps, resulting in 2.8 million apps in the Google Play Store. Using apps always requires a certain level of trust, as most of them require at least an Internet connection and access to storage. However, such permissions open the door to vulnerabilities that can be exploited. Especially apps for older Android versions that are no longer patched may have known vulnerabilities. Furthermore, these permissions can be abused to collect user information which are sent it to backend servers. In this thesis, you first have to consider which app of the Google Play Store is most likely to have a vulnerability and justify this decision. Then compare existing methods for finding vulnerabilities in APKs and either choose one or create a new methodology that is more appropriate for your use case.Then you must reverse engineer the app and analyze it for vulnerabilities. As an additional optional task, you can also look for security and privacy v breaches in the app itself.
N. Maier, „Privacy In Statistical Computations,“ Masterarbeit VS-2020-12M, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
In human science research, maintaining the privacy of research participant is of utmost importance as studies often collect highly sensitive data about individuals. However, most universal guidelines such as the APA code of conduct only state very broad requirements such as a "primary obligation [to] take reasonable precautions to protect confidential information". Additionally, the prevalence of other forms of research misconduct such as authorship fraud raises the question whether research participants can trust researchers to properly handle their data. To increase trust and improve the privacy of research participants, we propose a system that enforces rigorous privacy guarantees on research results. In this thesis, we focus on identifying possible privacy mechanisms which could be applied to statistical analyses as part of social science research and yield strong - and ideally easy to understand - privacy guarantees.
„IoT Ausfallsicherheit durch Redundante Netzwerkstrukturen,“ Bachelorarbeit VS-2021-12B, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2020 –
Abgeschlossen.
Das Internet der Dinge (IoT) bietet durch seine unvermeidliche physikalische Verteilung besondere Herausforderungen für die Entwicklung ausfallsicherer IoT Software. Während Software-Komponenten, etwa die Analyse von Sensordaten, auf verschiedene physikalische Komponenten verteilt werden können, unterliegen die Sensoren, Basisstationen und Gateways physikalischen Grenzen. Diese müssen durch Netzwerkkommunikation überbrückt werden und bergen somit weitere Ausfallrisiken. Ziel dieser Arbeit ist es, bestehende Arbeiten zu redundanten Netzwerken in IoT-Umgebungen zu analysieren und zusammenzufassen. Aufbauend auf diesen Erkenntnissen soll dann ein Konzept entwickelt werden, wie eine Beratung zu nötigen Redundanzen in eine Softwareentwicklungsumgebung für IoT Systeme eingebunden werden kann. Geeignet für Studierende mit Interesse an IoT, Ausfallsicherheit und Netzwerkkommunikation. This project can also be completed in English. Please contact me for further details.
„Indistinguishability of Swap Transactions in a Typed Confidential Asset Exchange using Ring Confidential Transactions,“ Masterarbeit VS-2020-24M, F. Engelmann (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2020 – Abgeschlossen.
„Generating synthetic data using MABS,“ Bachelorarbeit, Projektarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
PaySim, a Mobile Money Payment Simulator simulates money transactions between users based on Multi Agent Based Simulation (MABS). It also generates data that can be used to test algorithms which should detect suspicious activities or fraud. This generated data is based on real financial data, which cannot be published for security reasons. In order to use or train the detection algorithms on real data, the synthetic information should be as similar as possible to the real one but not exactly the same. In this project or thesis, you should read the work of A. Elmir and E. Lopez-Rojas (PaySim), as well as the theory of MABS. Then you should implement a similar program to PaySim, which has certain data as input and should output generated synthetic data which fulfills the above requirement. As a test, you have to use the VeReMi Dataset where detection algorithms and results already exist. Then, the tool will be used on CAN messages.
„Defense strategies against attacks on platooning,“ Bachelorarbeit, M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
In this Bachelor thesis possible attacks on platooning should be gathered and defense strategies against these attacks proposed. With the help of a simulation framework (OMNET++, SUMO, VEINS) one attack and defense mechanisms should be implemented and evaluated.
L. Krieg, „A Tool Support for Privacy Threat Modelling,“ Masterarbeit, A. Al-Momani (Betreuung), F. Kargl (Prüfer), Inst. of. Distr. Sys., Ulm Univ., 2020 –
Abgeschlossen.
Privacy engineering and particularly privacy threat modelling have gained a lot of attention in the recent years. Many methodologies have been proposed to model privacy threats. An example of such methods is the widely used LINDDUN method. LINDDUN provides threat trees catalogue with which users can analyze whether a privacy threat applies or not. The trees are extensive and conducting the privacy analysis based on them manually is a lengthy process. There is currently limited tool support to enhance both the time-efficiency and the outcome accuracy of the problem-space. Enhancing the accuracy may be done through re-defining some the logical operators in the trees, and reducing the redundancy of the elicited threats. Your task in this thesis work is to enhance the threat trees of LINDDUN and implement a tool to support the the deployment of the developed trees. Related work to such work includes LINDDUN Go, the OWASP threat dragon tool, and the commonly used Microsoft threat modelling tool which is used for security.
J. Hutter, „Web-based Interface for a Programmable Chatbot,“ Bachelorarbeit, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Gemeinsam mit Abteilungen aus der Psychologie wird am Institut für Verteilte Systeme ein programmierbarer Chatbot entwickelt, der insbesondere für Studien und Experimente eingesetzt werden soll. Der derzeitige Prototyp erfordert eine Programmierung der Zustandsautomaten des Bots in Java. Dies ist vor allem für Personen ohne Programmierhintergrund eine große Hürde bei der Gestaltung von Dialog-Skripten. In dieser Abschlussarbeit soll hierfür eine webbasierte Oberfläche entwickelt werden, die eine grafische Erstellung von Chatbot-basierten Studien ermöglicht. Im Rahmen der Arbeit soll zunächst ein überblick über bestehende Tools und Formate erarbeitet werden. Anschließend soll der Funktionsumfang des Bots in einer interaktiven Web-Anwendung abgebildet werden. Die so modellierten Dialoge sollen schließlich in code-basierte Zustandsautomaten zur Ausführung in der Bot-Plattform trans-formiert werden.
„Using Machine Learning for Misbehavior Detection in CACC,“ M. Wolf (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Modern vehicles will use communication to increase the safety of its passengers, reduce fuel consumption, travel time, and more. The communication between the vehicles will be mainly beacon messages containing the speed, position, acceleration and other properties. These messages need to be validated, if they contain correct (plausible) information. For example, when a vehicle is suddenly stopping, but sending an increase in speed, the following vehicles may crash into the misbehaving vehicle. In literature, there is already existing work on detecting misbehavior in the data with different techniques such as subjective logic or machine learning. In this project, we will analyze the VeReMi data-set with the help of different machine learning algorithms. The number of algorithms compared is depending on the scope (credits). The student can choose the framework, e.g. PyTorch.
M. Matousek, „Security Analysis of Home Assistant,“ Masterarbeit, Bachelorarbeit, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Home automation is becoming more and more popular. Many companies sell sensors and actuators to automate lights, doors, vacuum robots, plant watering, etc. While many products rely on closed-source control software, which often lives in the cloud, there are also open-source alternatives. Open-source projects like Home Assistant aim to provide integration for home automation solutions of many different vendors and also to give full control to the user without compromising privacy or becoming dependant on specific operators. A software that has so much data about peoples' personal lives should fulfill high security requirements. The goal of this thesis or project is to conduct a methodical security analysis of Home Assistant and to document the outcomes.
M. Matousek, „Privacy-Preserving First Responder Alert System,“ Masterarbeit, Bachelorarbeit, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
In a medical emergency every minute counts. While emergency services are generally very quick, first responders can have immense positive impact on a patient's further recovery and sometimes even their chance of survival. Trained first responders are often already part of many companies and most people have some first aid training that enables them to help in medical emergencies. However, what if an emergency happens quite close to a well-trained first responder (or even a medical professional), but this person just does not know about it? With today's prevalent smartphone and wearable technology, it is obvious to integrate it in rescue operations. A service can automatically track the locations of first responders and dispatch them accordingly. Such a system can help save lives, but it comes with a big privacy issues: the first responders must be location-tracked. This could be a reason for someone not to register with such a service. Furthermore, large scale tracking may be problematic from a legal perspective as well (consider the EU's General Data Protection Regulation). The goal of this project or thesis is to develop a prototype of a privacy-preserving first responder alert system by devising an architecture, analyzing privacy issues, and finally selecting and implementing suitable privacy-enhancing technologies.
N. Fröhlich, „Privacy Increasing Group Creation for Networks,“ Masterarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Peer-to-peer networks sometimes use group based comm- unication protocols. These share messages within a group of participants, e.g., to enhance privacy or provide fault tolerance. But group-based network protocols are faced with the hard problem of creating suitable communication groups. This problem is especially hard if you want to optimize for privacy. For privacy-preserving protocols we want communication partners that do not collude. The goal of this thesis is to design a scheme to classify network participants by collusion probability and deduce a suitable group size for minimal collusion. The result of the thesis should be a proof of concept implementtation of the scheme, as well as a theoretical evaluation of the probabilities involved.
M. Benz, „Modular State Machine Replication,“ Masterarbeit, G. Habiger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 – Abgeschlossen.
„Machine Learning with TensorFlow Privacy,“ Masterarbeit, Bachelorarbeit, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Machine learning offers great opportunities, but also comes with risks. Especially the privacy risks are becoming more prevalent in the discussions about machine learning. Recently, Google published a machine learning library called TensorFlow Privacy. Its goal is to make it easier for developers and researchers to build privacy-preserving machine learning models. Specifically, it utilizes Differential Privacy, which mathematically guarantees that the training data to create the models is protected from being extracted. The goal of this thesis or project is to become familiar with the TensorFlow Privacy library, to understand and be able to explain the techniques which are implemented in it, to be able to build privacy-preserved machine learning models, and possibly to implement own protection techniques that could enhance the TensorFlow Privacy library.
„Machine Learning with TensorFlow Federated,“ Masterarbeit, Bachelorarbeit, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
To build powerful machine learning models, lots of data is required. However, obtaining the data comes with privacy risks for the people or entities that provide their data. Recently, Google published TensorFlow Federated - an open source framework to allow machine learning on decentralized data. The approach of federated learning makes machine learning in the age of mobile devices and wearables both more efficient, as well as more privacy-friendly. The goal of this thesis or project is to become familiar with the TensorFlow Federated framework, to understand and be able to explain the techniques which are implemented in it, to be able to build machine learning models in a federated way, and possibly to implement own enhancements of the framework.
M. Matousek, „Machine Learning on Encrypted Data,“ Masterarbeit, Bachelorarbeit, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
Machine Learning enables great applications, such as voice assistants and image recognition. However, in most cases, it is required to send the input data to another party with powerful machine learning models and lots of computing power, in order to utilize the power of machine learning. This is a risk for privacy. Libraries like tf-encrypted and PySyft aim to address this issue by implementing encryption mechanisms that allow machine learning on encrypted data. The goal of this thesis or project is to understand how encrypted machine learning techniques work and how they get implemented with tf-encrypted and/or PySyft. Further, it is possible to extend on this by comparing different libraries and techniques or by implementing own encrypted machine learning techniques.
„Extension of a Monero Wallet,“ Bachelorarbeit, F. Engelmann (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
The goal of this project is to extend the Monero project [1] to support an additional transaction type. The transaction itself is already implemented, but is not integrated into the cli tools and the consensus mechanism. A good knowledge of C++ is required and a basic understanding of cryptocurrencies is helpful. The evaluation of the project consists of creating a cli demo in a test setup.
„Applying Machine Learning Approaches to Anomaly Detection in a Research Network,“ Masterrarbeit, L. Bradatsch (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2019 –
Abgeschlossen.
In this thesis, we aim to evaluate multiple supervised and unsupervised machine learning methods in network anomaly detection scenario with the up-to-date, flow-based traffic data from research networks. Related work has been done by the other researchers either with the out-of-date benchmark dataset KDD CUP 99 or NSL-KDD which cannot reflect modern network environments, or with the other problems of the datesets that don’t meet our data requirements. Hence, we searched for the most up-to-date datasets, preprocessed data especially ex- plored several encoding methods for categorical features as well as implemented Multilayer Perceptron (MLP), Convolutional Neural Network (CNN) and One Class Support Vector Machine(OCSVM) algorithms, and in the end evaluated and compared those methods according to their accuracy performance and time performance. The results show that neural network based methods have de- cent accuracy and time performance but require labels of the data. In contrast, OCSVM has relatively worse accuracy performance and needs longer training and test time but it doesn’t demand labels and is able to detect novel anomalies.
N. Ritter, „Simulation von Broadcastprotokollen in NS3,“ Bachelorarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
Um Transaktionen in Blockchain Netzwerken zu verteilen wird üblicherweise ein Broadcast Mechanismus verwendet. Dieser bietet jedoch Angriffsfläche für verschiedene Arten der Deanonymisierung. Da die Privatsphäre im Umgang mit Geld jedoch besonders wichtig ist, arbeiten wir an einem Protokoll um diese zu schützen. Derzeit existieren bereits einige Vorschläge für verwandte Protokolle. Für vergleichbare Untersuchungen sollten alle unter denselben Bedingungen evaluiert werden. Um diese Umstände zu erreichen, möchten wir dieselbe Simulationsumgebung für alle verwenden. Ziel der Arbeit ist die Implementierung verschiedener Protokolle und deren Auswertung. Literaturrecherche fällt je nach gewähltem Umfang und Arbeitsart an.
T. Nguyen, „Parallelizing a Java Re-implementation of etcd,“ Bachelorarbeit, G. Habiger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
Ein kürzlich abgeschlossenes Studierendenprojekt reimplemen-tierte den verteilten Key-Value Store etcd in Java. Um diese Implementierung für zukünftige Forschung an fehlertoleranten Systemen weiter zu verwenden, soll dieses Projekt die Java-Implementierung parallelisieren. Durch intelligentes Locking in der zugrunde liegenden Datenstruktur soll ein möglichst hoher Grad an Parallelität erreicht werden, während die Korrektheit des Systems in allen Fällen bestehen bleibt. Anschließend sollen durch Messungen die Performance-veränderungen gegenüber der sequentiellen Variante gezeigt werden.
„Online Text Processing for Chatting Applications,“ Bachelorarbeit VS-B19-2018, E. Meißner and B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Abgeschlossen.
„Event-Sourced Graph Processing in Internet of Things Scenarios,“ Masterarbeit VS-M03-2018, B. Erb and E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Abgeschlossen.
J. Dispan, „Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke,“ Bachelorarbeit VS-B16-2019, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2018 –
Abgeschlossen.
Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.
M. Matousek, „Driving Behaviour Analysis,“ Bachelor Thesis, Master Thesis, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
Connected cars (cars that communicate with a backend) enable numerous interesting and useful applications, such as remote status checking, geofencing applications, or even remote control functionality. However, the backend operator – usually the car manufacturer – potentially gains access to very sensitive information about the users. To investigate the privacy issues, the goal of this thesis or project is to collect data from a vehicle's debugging port and other sensors, such as a smartphone's accelerometers. The collected data should then be analysed to demonstrate the privacy impact. This could include the training of classification algorithms to recognize drivers by their driving styles, or to detect abnormal events in the data traces.
F. Hohberger, „Design einer generischen API für Gruppenkommunikationsprotokolle,“ Masterarbeit VS-M09-2018, C. Spann (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2018 –
Abgeschlossen.
Die Implementierung von Einigungsalgorithmen wie zum Beispiel Paxos oder dessen Erweiterung Vertical Paxos stellen den Programmierer wiederholt vor ähnliche Designentscheidungen. Eine generische API könnte eine Basis für die Wiederverwendung vieler Teilkomponenten schaffen und so den Aufwand für die Implementierung neuer Algorithmen reduzieren. Ziel der Arbeit ist der Entwurf einer solchen API.
U. Eser, „Design einer flexiblen Peer-to-Peer Bibliothek,“ Bachelorarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2018 –
Abgeschlossen.
Peer-to-Peer Systeme werden Heute in einer vielfalt von Situationen eingesetzt. Dies geht von verteilung von Dateien für Programme bis hin zu Transaktionen und Blöcken in modernen Blockchain Systemen. Zur implementierung dieser Systeme kann oft nicht auf eine geeignete Bibliothek zurück gegriffen werden, da diese nicht verfügbar sind. Ziel dieser Arbeit ist die Analyse von Anforderungen an eine geeignete Peer-to-Peer Bibliothek, sowie die Implementierung eines Prototypen der Bibliothek und dessen Evaluation. Der genaue Umfang richtet sich nach dem Vorwissen, dem gewählten Fokus und der Art der Arbeit.
M. Diemer, „Dependency Tracking in Distributed Retroactive Applications,“ Bachelorarbeit, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.
R. Claus, „Data-Centric Misbehavior Detection in Platooning,“ Bachelor Thesis, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
In recent years, much research has been devoted to the design and implementation of vehicle-to-vehicle communication, based on a variety of communication technologies. Current standards foresee an ad-hoc communication architecture, where vehicles interact with other vehicles without the need for infrastructure. A major concern in such a network is the integrity and correctness of the exchanged information. Although solid proposals exist to protect message integrity, the detection of incorrect messages (misbehaviour detection) is a domain where there is no agreed-upon solution. At the institute of distributed systems, we are developing the Maat framework, which is designed to collect messages and apply misbehaviour detection mechanisms to determine which messages are valid. We use techniques from information fusion and trust management to establish trustworthiness of messages and vehicles. For validation of our framework, we are looking for a student interested in designing novel attacks to test the reliability of our framework. In particular, we are interested in attacks designed to be difficult to detect, either by combining multiple attack strategies or designing new ones. These attack should be developed within the VEINS framework, a C++-based simulation library for vehicle-tovehicle communication.
A. Kononenko, „Blockchain Analysis with Chronograph,“ Bachelorarbeit, E. Meißner (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.
S. Schmidt, „Automatic and Architecture-Agnostic Message Format Extraction,“ Masterarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 – Abgeschlossen.
„Automatisierte Vergabe von temporären administrativen Zugängen für heterogene Systeme,“ Bachelorarbeit, F. J. Hauck (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2018 –
Abgeschlossen.
In der Arbeit soll eine Zugriffskontrolle für administrative Zugänge in einem heterogenen verteilten System entwickelt werden. Diese Systeme werden für die Demonstration von Einsatzszenarien genutzt. Der Zugang muss daher mit Administratorrechten erfolgen, was sich bei vielen der beteiligten Systemen nicht durch unterschiedliche Benutzer abbilden lässt. Um das Problem der Zugangsbeschränkung und des Nachweises von getätigten Aktionen zu behandeln, sollen diese Zugänge von einer zentralen Stelle aus vergeben und wieder zurückgezogen werden. Die Arbeit erstellt eine Anforderungsanalyse, ein Konzept sowie eine Umsetzung für die wichtigsten Einzelsysteme.
T. Lukaseder, „Analyse von DDoS Angriffstraffic und DDoS Mitigation Tests,“ Bachelorarbeit, Masterarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2018 –
Abgeschlossen.
DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.
A. Martel, „Vergleich Statistischer Informationsverteilung in Peer-to-Peer Netzen,“ Bachelorarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
With classical broadcast mechanism, a source detection algorithm is fairly successful. There exist proposals to break the symmetry and make source detection hard. In this thesis, two of those proposals, adaptive diffusion and dandelion, should be implemented in a simulator and evaluated for interesting characteristics in realistic networks.
„Vergleich Statistischer Informationsverteilung in Peer-to-Peer Netzen,“ Bachelorarbeit, H. Kopp and D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2017 –
Abgeschlossen.
Cryptocurrencies including Bitcoin are the focus of ongoing research, with many practical implementation questions (such as the optimal block size) left unanswered. There exist a number of Bitcoin simulators that simulate various aspects of the network in order to help answer these questions and design new cryptocurrencies. We perform a comparative study of three simulators (ns-3, Shadow and simbit) and evaluate their user friendliness and ease of use, performance and scaling characteristics, adaptability to other cryptocurrencies and the range of parameters which they can simulate. We present these findings in the form of a detailed description for each simulator as well as a tabular overview. In addition to this, we perform a comparison of the simulation performance and provide the results in the form of a graph.
C. Lüthi, „Secure Reset: Transforming a Comprised System into a Secure State,“ Masterarbeit oder Diplomarbeit, D. Lang (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Modern vehicles contain up to 100 ECUs (Electronic Control Units). These are interconnected via an on-board network and together form a complex computer system on wheels. Vehicles now also include various wireless communication systems, such as WiFi for infotainment, Bluetooth for TPMS (Tire Pressure Monitoring System), and cellular communication for backend services. It has been shown that it is possible to gain access to the internal network and compromise ECUs, for example by flashing the ECUs to add backdoors. Consequently, it is necessary to create methods for a secure bootstrapping process that resets all ECUs of a vehicle to a secure state after a compromise has been detected. With this scenario in mind, the goal of this Master's thesis is to create an architecture and respective strategies that allow for an over-the-air secure bootstrapping process. This process should be based on a security module, such as can been found in modern ARM processors. In addition, the student should create and evaluate a prototype implementation.
M. Gassner, „Recording and analysing attacks on Industrial Control Systems,“ Bachelorarbeit, S. Kleber and R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Die Arbeit wird in Kooperation mit Daimler TSS durchgeführt.
„Querying and Processing Event-sourced Graphs,“ Masterarbeit VS-M06-2017, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 – Abgeschlossen.
M. Matousek and D. Lang, „OBD Data-Logger for Driving Behaviour Analysis,“ Projektarbeit, D. Lang and M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Analysis of driving behaviour presents opportunities for security, but comes with implications for privacy. In order to conduct research in this field, driving data is required. The goal of this project is to implement tools that log driving data from a vehicle's OBD port. Further, a framework for data analysis – e.g. via machine learning mechanisms – should be provided.
M. Matousek, „Neural Network Prototyping,“ Bachelor Thesis, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Machine learning with Neural Networks – especially Deep Learning – is currently booming. In order to test the potential of such algorithms for specific use cases, it is necessary to be able to quickly prototype and evaluate neural networks. In this thesis or project, the student shall compare different neural network frameworks, such as TensorFlow or Caffe, and implement an exemplary use case. Such a use case could be an anomaly detection mechanism for connected cars.
„Infecting 3D Printers via Manipulated Object Designs,“ Masterarbeit, F. Engelmann (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
You should investigate attack vectors on 3D printers via STL or GCODE to see whether a remote code injection could be triggered on the printer or control software. This includes fuzzing existing open source firmwares of printers and parsers as well as verifying the attack against a real 3D printer. The 2nd goal is to design a general manipulation to the printing system that would create structural deficits in printed objects to limit their lifetime. Depending on the type of thesis, the scope can be adapted accordingly.
F. Diemer, „Improving position verification in VANETs,“ Bachelor Thesis, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
One important use case for vehicular ad-hoc networks is to improve safety by giving vehicles communication capabilities, allowing them to respond to dangers earlier than autonomously operating vehicles, which must rely on their sensors alone. However, it is possible that vehicles transmit incorrect positions into the network. In this work, the goal is to detect such incorrect positions. This involves several steps; designing an attacker model, developing or implementing detection approaches, and evaluating the result. The implementation work will be in Java, within the Maat framework, a prototype detection framework under development at the institute of distributed systems.
A. Hess, „Feature Extraction by Natural Language Processing for Type-based Alignment,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
The field of research of protocol reverse-engineering has gained increasing popularity in the recent years. Several papers proposing automatic protocol reverse-engineering tools for inferring the message formats of unknown network protocols operating on captured network traces were published in the past years. While some of these tools rely on field distinguisher tokens for approximating field boundaries with sequences of tokens, which can be used for inferring the message formats, others have adopted natural language processing methods for the identification of protocol keywords, which can be used to group similar messages together and use a sequence alignment algorithm to retrieve the message formats. The major limitation of these existing approaches is their computational efficiency. Therefore this thesis proposes an implementation which combines the ideas of two existing approaches and introduces some additional functionality in order to address these performance issues.
„Design and Implementation of an Web-based API and Interactive Dashboard,“ Bachelorarbeit VS-B07-2017, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 – Abgeschlossen.
M. Matousek, „Comparison of Homomorphic Encryption Scheme Implementations,“ Master Thesis, Projektarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Homomorphic Encryption (HE) – the 'holy grail' of cryptography – allows computation on encrypted data without knowledge of the encryption keys. While it has been shown that both partially (only limited operations) as well as fully homomorphic crypto-systems (unlimited, arbitrary operations) are possible, they still come with substantial computation complexity and storage requirements. Goal of this work is to survey and compare HE scheme implementations. Properties of interest are their capabilities (partially vs. fully homomorphic), performance (speed and storage), as well as their favourable applications. The applicant should be familiar with IT security concepts (lecture 'Security of IT-Systems') and cryptography (lecture 'Kryptologie - Methoden und Algorithmen' and optimally 'Privacy Engineering and Privacy Enhancing Technologies - PET'). They should further be interested in the application of different programming languages (such as C++, Python, Haskell, Java, and others). While no expert knowledge of programming languages is required, HE schemes are implemented in different languages, and thus, the willingness to explore these should be present. This topic is suitable for a Master thesis, or as a Master project.
„Asynchrones latentes Snapshotting von dynamischen event-sourced Systemen,“ Bachelorarbeit VS-B05-2017, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 – Abgeschlossen.
P. Speidel, „Anonymity in Peer-to-Peer Storage Systems,“ Masterarbeit, D. Mödinger (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 – Abgeschlossen.
J. Diebold, „Angriffe auf Cooperative adaptive cruise control (CACC),“ Bachelorarbeit, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 – Abgeschlossen.
E. Meißner, „A Methodology for Performance Analysis and Performance Engineering of Distributed Event-sourced Systems,“ Masterarbeit VS-M22-2017, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2017 –
Abgeschlossen.
Distributed event-sourced systems adopt a fairly new architectural style for data-intensive applications that maintain the complete history of the application state. However, the performance implications of such systems is not yet well explored, let alone how the performance of these systems can be improved. A central issue is the lack of systematic performance engineering approaches that incorporate the specific properties of distributed event-sourced systems, such as messaging and event persistence. To address this problem, we developed a methodology for performance engineering and performance analysis of distributed event-sourced systems as part of a software engineering process. This approach helps developers to identify bottlenecks and resolve performance issues based on specific micro benchmarks and subsequent targeted optimizations. To show the practicality of our methology, we applied it to the \cg platform to improve the overall performance of its current research prototype. Using our structured approach, we improved the performance of the prototype system and made it more than twice as fast for certain workloads.
C. Keazor, „World-Modeling in Cooperative Intelligent Transport Systems,“ Diplomarbeit, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
„Vergleich und Evaluierung von Time Series Databases,“ Bachelorarbeit VS-B07-2016, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
S. Cepcik, „Update Strategie für IoT-Geräte auf Basis der Windows 10 IoT Core Plattform im Kontext von Industrie 4.0,“ Masterarbeit, D. Lang (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2016 – Abgeschlossen.
„Untersuchung der Sicherheit von Eduroam (IEEE 802.1X),“ Bachelorarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2016 –
Abgeschlossen.
Das Absichern von kabellosen Netzwerken stellt die Informatik schon seit langem vor große Herausforderungen. Viele Firmen entscheiden sich noch heute dafür nur kabelgebundene Internetverbindungen in ihren Netzwerken zu erlauben um so Angriffe zu erschweren. Der IEEE Standard 802.1X, der zum Beispiel bei Eduroam Anwendung findet, gilt als einer der sichersten Möglichkeiten kabellose Netzwerke gegen Angriffe abzusichern. Doch auch für Implementierungen dieses Standards sind Attacken bekannt. Smartphones mit dem Android Betriebssystem etwa verwenden in der Standardeinstellung kein Zertifikat zur überprüfung der Validität des Access Points, was Man-in-the-Middle-Attacken ermöglichen kann. Auch Denial of Service Angriffszenarien sind bekannt. Ziel dieser Arbeit soll sein, eine übersicht dieser Attacken zu erstellen, Proof of Concept Angriffe zu implementieren und zu testen wie anfällig aktuelle Implementierungen des Standards gegenüber Angriffen sind.
M. Moll, „Survey von Physically-Unclonable-Functions- (PUF) Anwendungsszenarien,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
Sicherheit in IT-Systemen vor allem im Bereich von verteilten Systemen wird immer wichtiger. Jedoch sind Softwarelösungen für diesen Zweck nicht als Sicher einzustufen. Der relativ leichte Zugang zu der Hardware von solchen Systemen stellt dabei das größte Problem dar, Damit kann die Software umgangen werden. Somit sind Sicherheitslösungen über Hardwarekomponenten nötig. Eine solche Komponente stellt die Physical Unclonabel Functions(PUF) dar. In dieser Arbeit werden mögliche Anwendungsszenarien vorgestellt in denen diese zum Einsatz kommen können. Die Einsatzgebiete sind die Bereiche Authentifizierung und Identifizierung, Verwaltung von geheimen Schlüsseln und Kryptographische Primitive An Hand der vorgestellten Szenarien werden dann Kriterien aufgestellt mit denen beurteilt werden kann wann und ob eine PUF eingesetzt werden kann.
R. Heijden and F. Kargl, „Subjective Logic Operators for Fusion of Misbehavior Detection Mechanisms,“ Bachelor Thesis, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
D. Kneer, „Simulation of Backend-Based Misbehaviour Detection for Connected Cars,“ Masterarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
L. Maile, „Processes for Network Protocol Analyses,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
For every communication between two or more participants in distributed systems or networks, protocols are needed in order to agree upon the way the communication messages are interpreted. Unfortunately, many protocols are unknown to the public because of missing or unavailable specifications. To understand the functionality of these protocols and, eventually, their message content, these unknown protocols need to be reversed engineered. At present, network protocol reverse engineering is performed mostly manually with the expertise and intuition of the engineer, insofar as there are no completely automated methods yet. If analyzed by hand, the most difficulties are faced when comparing protocols with variable field lengths, since the protocol’s structure is blurred and patterns cannot be detected easily. Furthermore, complex state machines are hardly manageable without the support of automated tools. The value gained from protocol analyses research ranges from general understanding of the protocol to security issues, such as the creation of specific firewall rules or by helping intrusion detection systems to identify the behavior of malware. This bachelor thesis analyzes static protocol analyses and describes every stage passed from capturing unknown protocols to the deduction of protocol message formats and the state machine. It thereby presents currently existing automatic approaches for each stage and the benefits compared to a purely manual task. Finally, it evaluates the current processes, emphasizes limitations and proposes improvement suggestions for the future.
T. Waldenmaier, „Privacy-Preserving Geofencing,“ Masterarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
With geofencing, car holders can get notified when their vehicle leaves a predetermined area. This feature can be used by companies to keep tabs on their company vehicles, or by private individuals to gain higher security. However, when the vehicle manufacturer or a third-party provider is hosting the geofencing service, he also needs access to the vehicle location. This also means that the provider can derive movement profiles of the vehicle's drivers. So-called searchable encryption has the potential to enable geofencing without the need for the provider to know the exact vehicle locations. The goal of this thesis is to develop and evaluate a proof-of-concept that provides geofencing while preserving the drivers' privacy. Thus, several searchable encryption schemes should be compared and assessed for their applicability to this task. At least one of the schemes should be implemented and the resulting prototype evaluated regarding its adequacy and efficiency.
„Performance Engineering in verteilten, polyglotten Berechnungsplattformen,“ Masterarbeit VS-M08-2016, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
„Implementation of a Pre-Filter for Network Intrusion Detection Systems,“ Diplomarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
„Erstellung eines dynamischen Testdatensets zur Sicherheitsanalyse,“ Masterarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2016 – Abgeschlossen.
„Erkennung und Abwehr von DoS-Attacken mit Hilfe von Software Defined Networking,“ Bachelorarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 – Abgeschlossen.
„Enabling Retroactive Computing Through Event Sourcing,“ Masterarbeit VS-M01-2016, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
Event sourcing is a style of software architecture wherein state altering operations to an application are captured as immutable events. Each event is appended to an event log, with the current state of a system derived from this series of events. This thesis addresses the utilization of retroactive capabilities in event-sourced systems: computing alternate application states, post hoc bug fixes, or the support of algorithms which have access to their own history, for example. The possibility of retroactively accessing and modifying this event log is a potential capability of an event-sourced system, but a detailed exploration how these operations can be facilitated and supported has not yet been conducted. We examine how retroaction can be applied to event-sourced systems and discuss conceptual considerations. Furthermore, we demonstrate how different architectures can be used to provide retroaction and describe the prototypical implementation of an appropriate programming model. These findings are applied in the Chronograph research project, in order to utilize potential temporal aspects of this platform.
„DoS Attacks on Congestion Control Algorithms,“ Bachelorarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
Current TCP congestion control algorithms have many drawbacks, especially the introduction of new high-speed and low-delay congestion control variants is impaired by the aggressiveness of the existing variants. In context of a research project by the state of Baden-Württemberg, a new system for the coexistence of different congestion control mechanisms is currently in development. As this new system strongly depends on conform/honest behavior of network subscribers, DoS attacks paralyzing the network might be possible. This thesis shall evaluate possible attack vectors and methods to detect and mitigate or prevent successful attacks.
H. F. Nölscher, „Automatisiertes PCB Reverse Engineering,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
Die Arbeit wird in Kooperation mit Code White durchgeführt.
„A Persistence Layer for Distributed Event-Sourced Architectures,“ Masterarbeit VS-M09-2016, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2016 –
Abgeschlossen.
Due to the increasingly large amount of data which is collected and processed each day, enabling fast, reliable, and scalable distributed computing on very large datasets has become more important than ever. Unfortunately, distributed computation on large inhomogeneous datasets is still time-consuming and it is very difficult to make evaluations and predictions. To address these issues, event sourcing and graph computing are relevant topics. While event sourcing provides techniques to save data in a particular way, which enables evaluations and makes predictions possible, graph computing provides a way to distribute the computation on large datasets. Although there is a conceptual idea which addresses these issues, no practical experience how such a concept can be implemented in case of persistence and communication is available. As a result, a prototype system to measure and evaluate different persistence and communication implementations for distributed event-sourced architectures using event sourcing and graph computing needs to be created. Such a system can be used to find a way how to persist and work on large distributed inhomogeneous datasets efficiently.
„Verwendung von CRDTs in mobilen verteilten Anwendungen,“ Bachelorarbeit VS-B07-2015, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Einen Ansatz für asynchrone Datenhaltung in verteilten Systemen bieten Conflict-free Replicated Data Types (CRDT). Sie stellen Verfügbarkeit über strikte Konsistenz, trotzdem konvergieren die Zustände der Datentypen zu einem späteren Zeitpunkt mit Hilfe einfacher mathematischer Annahmen wie Kommutativität oder den Eigenschaften eines Halbverbandes. Diese Arbeit erklärt die Grundsätze, Unterscheidungsmöglichkeiten, Funktionsweisen, Anwendungsfälle und Probleme dieser CRDTs und überträgt deren Konzepte anschließend in den mobilen Kontext. Dabei werden auf theoretischer Basis zunächst geeignete Anwendungsszenarien unter verschiedenen Kriterien untersucht und anschließend ein Framework entwickelt, mit dem Entwickler mobiler Anwendungen CRDT-Instanzen verschiedener Datentypen verwenden können, die automatisiert über mehrere Geräte repliziert werden.
„Verhalten von TCP-Varianten in Hochgeschwindigkeitsnetzwerken,“ Bachelorarbeit VS-B08-2015, B. Erb and T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 – Abgeschlossen.
V. Müller, „über das Design von Privacy-preserving Cloud Storage,“ Masterarbeit, H. Kopp (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2015 –
Abgeschlossen.
Eines der großen Probleme von externen Storage Providern ist der Datenschutz. Lädt man eine Datei auf Dropbox, so muss man als User annehmen, dass die Firma Dropbox Inc. vollen Zugriff darauf hat und damit auch die NSA, da Dropbox ihren Firmensitz in den USA hat. Um dieses Problem zu umgehen, gibt es mehrere Ansätze. Einerseits kann Verschlüsselung verwendet werden, um die Daten für den Storage Provider unkenntlich zu machen. Andererseits könnte man seine Daten auch mithilfe von Secret Sharing zum Beispiel auf n Storage Provider aufteilen, sodass die ursprünglichen Daten nur wiederhergestellt werden können, wenn t von diesen n Storage Providern kollaborieren. In diesem Fall müsste man jedoch mit allen n Storage Providern kommunizieren, wenn man Daten schreibt. Im Allgemeinen ist das Design von Privacy-preserving Cloud Storage konkret von den Anforderungen abhängig, zum Beispiel ob die Zugriffe eher lesend oder schreibend sind. In dieser Arbeit sollen verschiedene Ansätze zum Design von Privacy-preserving Cloud Storage verglichen werden und ihre jeweiligen Vor- und Nachteile untersucht werden.
M. Matousek, „Software Support for the Secure Execution PUF-based Processor,“ Masterarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
The Secure Execution PUF-based Processor (SEPP), designed and implemented previously by Florian Unterstein, counters the problem of code injection attacks which are still a major threat for computer security. The ultimate goal of this thesis is to end up with an operating system running on the SEPP. Intermediate goals this thesis will address are solutions for compiler support, deployment scenarios, multi-threading of secure and insecure execution modes and even software dependend hardware optimizations.
M. Reuter, „Passwordless Authentication via Hardware Tokens,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 – Abgeschlossen.
N. Haas, „Evaluation of Cryptocurrency Simulators,“ Bachelorarbeit, D. Mödinger and H. Kopp (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Over the last few years, cryptocurrencies gained momentum. Cryptocurrencies are digital currencies on top of peer-to-peer networks. Many open questions about cryptocurrencies can be solved through experiments. For those experiments the network is simulated and the influence of certain parameters is observed. Currently there are few simulators for peer-to-peer based cryptocurrencies, e.g. Btcsim and Shadow. The goal of this thesis is a comparison of simulators for Bitcoin. The evaluation should especially examine the following features: Scalability of simulations, complexity of usage and complexity of adaption for different currencies.
„Ereignisorientierte, diskrete Netzwerksimulation mit Pregel,“ Bachelorarbeit VS-B05-2015, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Diese Arbeit verfolgt das Ziel festzustellen, ob sich die Architektur von Pregel - ein Framework für verteilte Berechnungen auf großen Graphen - eignet, um eine ereignisorientiert-diskrete Netzwerksimulation zu implementieren. Dazu wurde ein Simulator entworfen, der das Verhalten eines Transportprotokolls innerhalb eines Computernetzwerks darstellt. In der Entwurfsphase hat es sich ergeben, dass die Konzepte, die eine ereignisorientiert-diskrete Simulation ausmachen, in Pregel umgesetzt werden können. Dieser Entwurf wurde praktisch umgesetzt, um innerhalb einer Evaluierung zu ermitteln, wie sich die Simulation verhält, je größer die Eingabe-Netzwerkgraphen werden.
„Distributed Versioning and Snapshot Mechanisms on Event-Sourced Graphs,“ Masterarbeit VS-M13-2015, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Two interesting approaches to tackle many of today's problems in large scale data processing and live query resolution on big graph datasets have emerged in recent years. Firstly, after Google's presentation of its graph computing platform Pregel in 2010, an influx of more or less similar platforms could be observed. These platforms all share the goal of providing highly performant data mining and analysis capabilities to users, enabling a wide variety of today's technologies like ranking web pages in the the web graph of the WWW or analysing user interactions in social networks. Secondly, the old concept of message logging for failure recovery was rediscovered and combined with event based computing in the early 2000s and is now known as event sourcing. This approach to system design keeps persistent logs of every single change of all entities in a computation, providing highly interesting options like state restoration by replaying old events, retroactive event modifications, phenomenal debugging capabilities and many more. A recently published paper suggests the merging of those two approaches to create a hybrid event-sourced graph computing platform. This platform would show unique characteristics compared to other known solutions. For example, computations on temporal data can yield information about the evolution of a graph and not only its current state. Furthermore, for backups or to enable offline analysis on large compute clusters, snapshot extraction – i.e. reproducing any consistent global state the graph has ever been in – from the event logs produced by event-sourced graph computations is possible. This thesis provides one of the first major works related to this proposed hybrid platform and provides background knowledge related to these aforementioned topics. It presents a thorough overview over the current state-of-the-art in graph computing platforms and causality tracking in distributed systems and finally develops an efficient mechanism for extracting arbitrary, consistent global snapshots from a distributed event log produced by an event-sourced graph computation.
„Designing a Disaster Area Network for First Responders in Disastrous and Emergency Scenarios,“ Bachelorarbeit VS-B18-2015, B. Erb and R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Man-made disasters, earthquakes, floods, and other natural disasters come with a great number of casualties, which have to be treated as quickly as possible by emergency services to minimize fatalities. Due to the large number of casualties and aid workers, it is difficult to maintain an accurate overview of the situation. To improve the clarity of the situation, a comprehensive support system can be used for the forces on-site, which supports them in information gathering and distribution to all involved parties. Previous work has failed to implement independency of public infrastructure (e.g. power grid, cellular network) or suffer data loss due to single node failures. To solve this problem, we propose a fault-tolerant design that fully distributes information to all devices in a mobile ad hoc network, while allowing offline work outside of it. We present a proof-of-concept prototype for the proposed design and show that its data distribution component behaves as designed using a series of trials. To the best of our knowledge, there is currently no DAN system that uses multi master replication to fully distribute data, where every node has an individual copy of every piece of information.
„Communication Patterns for Concurrent and Distributed Computations,“ Bachelorarbeit VS-B04-2015, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
This bachelor thesis presents a catalog of communication patterns for concurrent and distributed computations. We compose this catalog by reviewing the inter-process communication in common concurrency models and surveying existing pattern resources, such as professional books and weblogs. In addition to the selection and composition of patterns, we determine our own pattern template structure and an appropriate visualization, specifically matching the requirements of communication patterns. The catalog itself consists of a variety of patterns, intended for the reader to get a grasp of proven solutions for recurring problems in the field of concurrent programming. We provide simplified examples for every solution by the means of message-passing.
„Betrachtung der Sicherheitsaspekte von VoIP,“ Bachelorarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2015 – Abgeschlossen.
S. Gaiser, „Analysis of the Data Security and Privacy in Connected Cars,“ Masterarbeit, M. Matousek (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
Vehicular networks are becoming reality in todays cars. Modern cars are connected to the Internet using a WLAN or GSM connection. The cars are communicating with the backend of the vendor and also with other service providers on the Internet. The data contains a lot of private information about the driver. From this data, a data profile can be achieved, for example from location data, contacts and calender entries. This work analyses how the data protection and privacy is implemented by the vendors of different cars and shall give an overview of the different connected car systems. Therefore an overview of the different services of the cars will be created which categorizes the privacy terms. Another point is the analysis and categorization of the privacy terms which have to be accepted to use the services when buying or renting a car. The next step is – if possible – to analyse the technical implementation. Therefore a sniffing of the traffic of the different services will be realised. The goal of the thesis is to give an overview of the data protection and privacy of the services in current connected cars.
„An Evaluation of Distributed Approaches to Large-Scale Graph Computing,“ Bachelorarbeit VS-B09-2015, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
This thesis takes a look at several considerations for developers and users of distributed graph computing platforms. Two popular computing platforms, Apache Giraph on Hadoop and the GraphX library in Apache Spark, are analyzed and tested through a benchmarking process. We examine a basic PageRank and ConnectedComponents algorithm for a variety of input graphs and cluster sizes. We hereby discover how immensely different parameters of distributed graph computations, such as graph sizes and topology properties, impact the execution time. Concluding, we carve out the application fields, for which both platforms are practical and where trade-offs have to be made.
D. Lang, „Accelerating Network Intrusion Detection Using a NetFPGA Pre-Filter,“ Masterarbeit, T. Lukaseder (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2015 –
Abgeschlossen.
The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms such as firewalls and intrusion detection systems are urgently required. To enable intrusion detection systems to reach higher bandwidths, parts of their implementation can be moved to the hardware with the usage of the high-speed NetFPGA platform. A first implementation for byte-oriented protocols already exists and proves that this can be a way to tackle the challenges ahead. In this work the student shall design, implement and evaluate an efficient and reliable string matching system based on the existing byte-oriented filter implementation and might in the end implement a full-scale regular expression parser in the hardware description language Verilog.
F. Unterstein, „Using PUFs to Secure Computer Systems against Code Injection,“ Masterarbeit, S. Kleber and R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
Despite decades of research and development, code injection attacks still pose a significant threat to computer security. Also, cloud computing services move the physical hardware out of the user’s reach. Therefore, there is a dire need for a secure computing environment which can protect personal computers from malware as well as maintain the integrity and confidentiality of programs even if executed in cloud computing scenarios. One method that establishes such an environment is code encryption. Physical unclonable functions (PUFs) have recently emerged as promising cryptographic primitives. PUFs leverage device inherent randomness and can be used to generate cryptographic keys which are tied to the hardware. We propose the architecture for a secure processor which uses PUFs to create and execute encrypted programs. The unique properties of PUFs are used to create programs which are only executable on the device they were created on. Instruction level encryption is employed to keep code encrypted within the system memory and caches which are considered unsafe. A prototype was implemented which is able to execute encrypted standalone programs. Benchmark results indicate a performance penalty of between 23% and 49% when executing encrypted programs. We are optimistic that the performance can be considerably improved and believe, that this architecture is a viable approach towards secure computing.
„Sicherheitsanalyse von NoSQL-Datenbanken,“ Bachelorarbeit VS-B15-2014, R. van der Heijden and B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
NoSQL-Datenbanken werden immer häufiger produktiv eingesetzt, um die steigenden Datenmengen bewältigen zu können. Derzeit ist allerdings noch nicht klar, ob diese die notwendigen Sicherheitsanforderungen erfüllen. Zu diesem Zweck stellt die vorliegende Arbeit eine Methodik zur Sicherheitsanalyse von NoSQL-Datenbanken vor. Hierzu werden die wichtigsten Sicherheitsrisiken identifiziert und es wird aufgezeigt, wie eine NoSQL-Datenbank auf diese überprüft werden kann. Die Methodik wird auf die NoSQL-Vertreter Neo4j und CouchDB angewendet. Es zeigt sich hierbei, dass beide Datenbanken schwerwiegende Sicherheitsdefizite aufweisen. Deshalb werden Empfehlungen zur Steigerung der Informationssicherheit gegeben, die bei Beachtung die ermittelten Schwachstellen beheben.
J. Schregle, „Lokale Ereigniserkennung in VANET,“ Bachelorarbeit VS-B16-2014, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 – Abgeschlossen.
„Intrusion Detection in Software Defined Networks,“ Bachelorarbeit VS-B02-2014, R. van der Heijden and B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
Intrusion detection systems are valuable tools to improve security in a network. Due to growing network bandwidths not all packets can be investigated because of resource limitations. Special traffic filters can be used to forward only traffic that is suspected of containing intrusions. Software defined network is an architecture which allows to interact with a network in a programmable way. With OpenFlow a switch can be programmed reactive, were flows are created dynamically and proactive, were flows are created statically. This work evaluates the impact of filtering traffic proactive and reactive. Evaluated was the number of alerts the SNORT IDS generated. An emulated SDN testbed was used for the evaluation. Compared to forwarding without filtering, the traffic can be reduced by more than a half.The results show that supporting an IDS is possible with OpenFlow, either in a reactive or a proactive way.
S. Schwerin, „Identifikation optimaler Einsatzbereiche der Einigungsalgorithmen Paxos und Vertical Paxos,“ Masterarbeit, C. Spann (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2014 –
Abgeschlossen.
Die beiden Einigungsalgorithmen Paxos und dessen Erweiterung Vertical Paxos sind strukturell grundverschieden. Das daraus resultierende, vermutlich sehr unterschiedliche Verhalten soll in dieser Arbeit in geeigneten Evaluationen untersucht und beschrieben werden. Der Unterschied der Verfahren ergibt sich in der Verteilung des Aufwands zur Fehlererholung. In Paxos kann jeder Knoten selbst direkt mit Fehlern umgehen, in Vertical Paxos gibt es einen externen Knoten, der das System überwacht.
D. Kumar, „Framework to Reverse Engineer Unknown Signal Communication Aiming Towards Understanding Implantable Device Communication,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
The manufacturers of IMDs guard the technical details of their devices very closely and hence, the onlyoption left at studying them is Reverse Engineering. Through reverse engineering IMD communication, weattempt to understand how the IMD and its programmer device communicate with each other, whattype of modulation is used, what kind of mapping of data with symbols is used and how the data isencoded.Once the details of IMD communication are established, grouping all the working modules into a singleentity should automate the whole process. Feasibility of automating the process of reverse engineering anunknown signal is also to be attempted considering the process does not require human intervention atany stage. If the process does require human intervention, then automation to the maximum possibleextent should make it convenient enough.
„Evaluation von Distributed Event Processing Frameworks für Zeitreihenanalysen,“ Bachelorarbeit VS-B03-2014, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2014 – Abgeschlossen.
„Entwurf & Implementierung einer kollaborativen Web-Plattform zur Dokumentation von Design Patterns,“ Bachelorarbeit VS-B07-2014, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2014 –
Abgeschlossen.
In dieser Arbeit wurde eine Plattform zur kollaborativen Dokumentation von Patterns entworfen und prototypisch implementiert. Hierfür wurden die Anforderungen für eine generische Plattform gesammelt und Konzepte für die kollaborative Nutzung erörtert. Die Implementierung verwendet verschiedene Konzepte des Web 2.0 zur Kollaboration und zeigt prototypisch den Funktionsumfang einer Plattform für Patterns verschiedener Anwendungsgebiete.
„Distributed Architecture using Event Sourcing & Command Query Responsibility Segregation,“ Bachelorarbeit VS-B04-2014, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
In a common software system we occasionally want to know how we got to the current application state without making the system more complicated. Mostly, this question can not be answered because the software just saves the newest application state. Even if the software architects implement their own history support later, it can not tell anything about the previous changes. This is where Event Sourcing and Command Query Responsibility Segregation come into play. Event Sourcing saves every change as an event and Command Query Responsibility Segregation helps to handle the increased complexity. Therefore, we can build a system which provides a history support and which is still maintainable. If we use Event Sourcing and Command Query Responsibility Segregation, we just have to make small changes to a traditional architecture in order to fix that problem. By saving all changes as events we can evaluate everything we want.
„Design und Implementierung eines skalierenden Database-as-a-Service Systems,“ Masterarbeit VS-M05-2014, J. Domaschka and B. Erb (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2014 –
Abgeschlossen.
Datenbanksysteme stellen in Anwendungen die zentrale Komponente zur Persistierung von Daten dar. Die Speicherung der Daten kann über verschieden Datenmodelle, welche die Literatur in die Kategorien relational und NoSQL einteilt, realisiert werden. Die Datenmodelle bieten unterschiedliche Funktionalitäten in Bereichen wie Konsistenz, Verteilung und Skalierbarkeit. Skalierbarkeit stellt besonders für Datenbanken innerhalb Webanwendungen eine wichtige Anforderungen dar, da zum einen die Nutzeranzahl von Webanwendungen immer weiter steigt und zum anderen die Webanwendungen starke Lastschwankungen bewältigen müssen. Um diese Lastschwankungen verarbeiten zu können, werden flexible Ressourcen benötigt, die das Cloud-Computing verspricht. Diese Arbeit betrachtet die Cloud-Computing-Architektur des DBaaS, welche Datenbanken als abstrakte Ressource bereitstellt. Der Schwerpunkt liegt hierbei auf skalierenden DBaaS-Systemen. Das Ziel dieser Arbeit besteht aus dem Design und der Implementierung eines DBaaS-Dienstes, der eine automatisierte Skalierung bietet und auf frei verfügbarer Software basiert. Hierfür werden die Anforderungen eines solchen DBaaS-Dienstes anhand eines Anwendungsfalls herausgearbeitet und die Skalierbarkeit existierender Datenbanken auf Basis von Benchmarks untersucht. Aus diesen Ergebnissen wird ein prototypisches DBaaS-System umgesetzt.
„Design und Implementierung eines zuverlässigen und verfügbaren (NoSQL) Datenbanksystems,“ Masterarbeit OMI-2014-M-02, J. Domaschka and B. Erb (Betreuung), S. Wesner and F. Kargl (Prüfer), Inst. f. Organisation und Management von Informationssystemen, Ulm Univ., 2014 –
Abgeschlossen.
Datenbanken bilden das Rückgrat vieler Anwendungen. Wegen dieser zentralen Rolle sind Zuverlässigkeit und Ausfallsicherheit für sie essentiell. In dieser Arbeit sollen existierende Ansätze zur Fehlertoleranz bestehender relationaler und nicht-relationer Datenbanken zunächst untersucht und verglichen werden. Aufbauend darauf soll ein System mit Hilfe des Virtual Nodes Frameworks nachimplementiert werden.
S. Wieluch, „BANDIT - Bat Indiviudal Identity,“ Bachelorarbeit VS-B09-2014, J.-P. Elsholz (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
Bat individual identity (BANDIT) is the idea to apply traditional speaker recognition to identify individual bats. This helps biologists in their researches, reducing the analysing time of recorded bat signals drastically. This thesis uses mel frequency celspral coefficients for feature extraction and tests three different learning strategies (gaussian mixture model, k-nearest-neighbour and support vector machines) on their ability to identify individual bats. Additionally, the speaker recognition is optimized for the best results. The thesis shows that identifying bats by their calls is possible and depending on the learning strategy good results can be achieved (Saccopteryx bilineata: 100% with 4 bats, 75.8% with 10 bats; Micronycteris microtis: 82.8% with 4 bats).
A. Kuntschick, „Automatisierte Post Exploitation in Windows Netzwerken,“ Bachelorarbeit, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
Die Arbeit wird in Kooperation mit Daimler TSS durchgeführt.
„A Collection of Privacy Patterns,“ Bachelorarbeit VS-B06-2014, B. Erb and H. Kopp (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2014 –
Abgeschlossen.
In dieser Arbeit wurde die Dokumentation von Patterns im Kontext von Privacy untersucht. Es wurden Anforderungen an die Struktur von Privacy Patterns diskutiert sowie die Kategorisierung von Privacy Patterns in einem Katalog betrachtet. Auf Basis einer eigenen Pattern-Struktur wurde dann anhand von exemplarischen Privacy Patterns ein kleiner, beispielhafter Katalog von Privacy Patterns vorgestellt.
ömer Sahin, „Untersuchung von Tools zur forensischen Analyse von Android Malware,“ Bachelorarbeit VS-B11-2013, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Der Entwicklungszustand von Android-Malware ist in der heutigen Zeit sehr hoch und kommt dem von PC-Malware sehr nahe. Um bösartige Aktivitäten von hochentwickelter Android-Malware zu detektieren, identifizieren und zu rekonstruieren, ist eine kontinuierliche Weiterentwicklung von Tools zur forensischen Analyse unerlässlich. Ziel dieser Arbeit ist es, einen Ausschnitt der State of the Art Tools zur forensischen Analyse von Android-Malware zu untersuchen. Dabei wird ermittelt, welche Resultate diese bei der Analyse von hochentwickelter Android-Malware liefern und wie aussagekräftig diese sind. Die Resultate werden anhand eines Kriterienkatalogs bewertet und miteinander verglichen. Dabei sollen vorhandene und fehlende Features der einzelnen Tools ermittelt, gegenübergestellt und ein Benutzerprofil für jedes Tool beschrieben werden. Da das aktuelle Angebot an Tools zur forensischen Analyse von Android-Malware immens ist, werden zunächst Auswahlkriterien deklariert. In dieser Arbeit werden die drei webbasierten State of the Art Tools Mobile-Sandbox, Dexter und Andrubis genauer untersucht. Für die Toolanalysen werden die aktuell als hochentwickelt bekannten Android-Malware AnserverBot und Obad analysiert. Bei den Resultaten der Analysen stellt sich heraus, dass Andrubis durch die Kombination von statischer und dynamischer Analyse größtenteils antiforensischen Maßnahmen entgegenwirkt und insgesamt aussagekräftige Informationen über die Android-Malware liefert. Mobile-Sandbox listet bei Codeverschleierung und Codeverschlüsselung keine und Dexter nur wenig aussagekräftige Resultate auf. Alle in dieser Arbeit getesteten Tools sind in der Lage, ohne Fehlerprozesse, die zum Abbruch der Analyse führen, hochentwickelte Android-Malware zu analysieren. Antiforensische Maßnahmen sind bei Android-Malware stark vertreten. Aufgrund dessen müssen die forensischen Fähigkeiten der Tools auf statischer, als auch auf dynamischen Ebene stets weiterentwickelt werden. Dies ist bei der Implementierung von neuen Tools und bei der Verbesserung von aktuellen oder veralteten Tools von großem Nutzen.
J. Gürtler, „Sicherung der Datenintegrität bei Nachrichtenaggregation in VANETs,“ S. Dietzel (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2013 – Abgeschlossen.
S. Rotter, „Secure Cloud Computing and Storage,“ Bachelorarbeit VS-B08-2013, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Secure Computation ist ein relativ altes kryptographisches Problem. Intuitives Ziel ist ein korrektes Resultat einer Berechnung zu erhalten wobei alle Eingaben geheim bleiben. Als Erweiterung sind diese Eingaben möglicherweise im Besitz verschiedener Parteien; diesen Fall nennt man Secure Multiparty Computation. Die Arbeit soll aktuelle Fortschritte in der Kryptographie sowie im Bereich Searching in Encrypted Data untersuchen und deren Eignung für verschiedene Cloud Computing Szenarien evaluieren.
C. Forst, „SecaaS Lösung für AIL-Prozesse auf Smartphones/Tablet PCs oder serverbasiert für Portalanwendungen,“ Bachelorarbeit VS-B07-2013, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2013 – Abgeschlossen.
P. Hochscheidt, „Penetration Test von automotiven IT Systemen,“ Masterarbeit VS-M04-2013, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Die Arbeit wurde in Kooperation mit Daimler TSS durchgeführt.
R. Heijden and F. Kargl, „Implementierung und Anwendung eines Sensor Netzwerks,“ Masterarbeit, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2013 –
Abgeschlossen.
In den letzte 10-15 Jahren gab es eine starke Weiterentwicklung der Möglichkeiten für drahtlose Kommunikation. Gleichzeitig hat auch die Entwicklung von billiger und energie-effizienter Hardware dazu geführt, das man gute und kleine Sensoren entwicklen hat. Diese Sensoren können dann in eine bestimmte Umgebung verbreitet werden, um zum Beispiel regelmäßige Messungen zu machen, insbesondere an Orten die für Menschen schlecht erreichbar sind. Diese Sensoren können sich dann ad-hoc vernetzen, um ihre Informationen auszutauschen und an eine oder mehrere Basis-Stationen weiterzuleiten, wo eine komplexere Auswertung oder Verarbeitung der Daten stattfinden kann. Die Sensoren können aber auch für generelle kosten-sparende Aktivitäten bentuzt werden. Für unsere Forschungsarbeiten brauchen wir eine konkrete Implementierung einer Anwendung dieser Netzwerke. Mögliche Anwendungen sind z.B. ein Aggregationsverfahrens über ein weit verbreitetes ad-hoc Netzwerk. Schlüsselwörter für solche Netzwerken sind Wireless Sensor Networks und Delay-Tolerant Networks. Hintergrund: In diese Netzwerken, die ad-hoc aufgebaut werden, ist es wichtig dass die Daten die gesammelt werden auch wirklich der Realität entsprechen. Weil die Netzwerke über ein freies Medium ad-hoc aufgebaut werden, ist es aber gut möglich, dass auch Angreifer sich in diese Netzwerken einblenden, oder die tatsächliche Sensoren angreifen und ändern. Im Rahmen unsere Forschung arbeiten wir an ähnlichen Problemen in unterschiedliche Arten von Netzwerken, und möchten unsere Ergebnissen auf Sensor-Netzwerken übertragen. Auch möchten wir die Effekte unserer Mechanismen auf solche Netzwerken evaluieren. Im Rahmen einer Master- oder Diplomarbeit könnte man entweder eine komplexere Implementierung bauen, oder bestimmte reaktive Sicherheitsmechanismen entwerfen und implementieren.
S. Herrdum, „Identifizierung von WLAN-Geräten durch Probe Requests,“ Bachelorarbeit VS-B03-2013, S. Kleber (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
In unserem heutigen Zeitalter spielen Informationen und Technik für viele Menschen eine wichtige Rolle. Die Machtposition und der Einfluss zahlreicher Unternehmen begründet sich in vielen Fällen allein auf dem Informationsvorsprung gegenüber der Konkurrenz. So nehmen Themen wie Datensammlung und Informationsbeschaffung einen immer wichtiger werdenden Stellenwert in unserem Leben ein. Auch lässt sich der Fortschritt der Technik in allen Bereichen unseres Lebens wiederfinden. Mittlerweile gibt es kaum noch ein mobiles Endgerät, welches nicht mit einem WLAN-Adapter ausgestattet ist. Es ist daher eine praxisrelevante Fragestellung, ob es möglich ist, personenbezogene Informationen durch die Sammlung von WLAN-Paketen zu erhalten.Um dieser Fragestellung nachzukommen, wird in dieser Bachelorarbeit eine Methodik vorgestellt, mit welcher sich ein WLAN-Gerät anhand seiner versendeten Probe Requests klassi- fizieren lässt. Das entwickelte Verfahren untersucht dabei sowohl das Sendeverhalten der Probe Requests als auch gerätespezifische Eigenschaften, welche in den Probe Requests enthalten sind. Es generiert Merkmalsvektoren aus den zeitlichen Abständen der einzelnen Probe Requests und berechnet für jeden generierten Merkmalsvektor den nächsten Nachbar aller bereits bekannten Geräte, welche über die gleichen gerätespezifischen Eigenschaften verfügen. Anschließend wird für jeden gefundenen Nachbarn eine prozentuale Wahrscheinlichkeit für eine übereinstimmung angegeben.Die Evaluation des Verfahrens ergab, dass WLAN-Geräte unter Berücksichtigung ihrer gerätespezifischen Eigenschaften in kurzer Zeit mit einer hohen Wahrscheinlichkeit erfolgreich klassifiziert werden konnten.
„Evaluation von existierenden Lösungen zur Simulation von Netzwerken,“ Bachelorarbeit VS-B05-2013, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Gegenstand dieser Arbeit ist die Erstellung eines aktuellen Surveys von bestehenden Netzwerksimulatoren, insbesondere für VANET-Simulationen.
„Design & Durchführung einer Benutzerstudie zur Nutzung von Netzwerksimulatoren,“ Bachelorarbeit VS-B06-2013, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2013 –
Abgeschlossen.
Im Rahmen dieser Arbeit wurde eine Benutzerstudie durchgeführt, die sich mit Fragen der Benutzerbarkeit und Komplexität von Netzwerksimulatoren befasst und offene Problemstellungen für Anwender von Netzwerksimulatoren identifizierte.
F. Engelmann, „Content-Inspection in Hochgeschwindigkeitsnetzen,“ Bachelorarbeit VS-B17-2013, R. van der Heijden and B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Computational power for content filtering in high-speed networks reaches a limit, but many applications as intrusion detection systems rely on such processes. Especially signature based methods need extraction of header fields. Hence we created an parallel protocol-stack parser module on the NetFPGA 10G architecture with a framework for simple adaption to custom protocols. Our measurements prove that the appliance operates at 9.5 Gb/s with a delay in order of any active hop. The work provides the foundation to use for application specific projects in the NetFPGA context.
„Comparison of Concurrency Frameworks for the JVM,“ Bachelorarbeit VS-B13-2013, B. Erb (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 –
Abgeschlossen.
Aufgrund von Multi-Core-CPUs wird Nebenläufigkeit ein zunehmend wichtigerer Teil bei der Programmierung von performanten und skalierbaren Anwendungen. Für Java existieren diverse Frameworks, die höhere Abstraktionen für Nebenläufigkeit anbieten und somit nebenläufige Programmierung vereinfachen. Im Rahmen dieser Bachelor-Arbeit wurden wichtigte Frameworks vorgestellt und miteinander verglichen. Ebenso wurde aufgezeigt, welche Frameworks sich für welche Einsatzzwecke besonders eignen.
M. Balanici, „Cluster-based Aggregation for Inter-vehicle Communication,“ S. Dietzel (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2013 – Abgeschlossen.
R. Heijden and F. Kargl, „Survey of anomaly-based intrusion detection,“ Bachelorarbeit, R. van der Heijden (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2012 –
Abgeschlossen.
In our research work, we investigate how to detect any form of misbehavior in cyber-physical systems. Cyber-physical systems are any type of networked device that interacts with the real world, and ranges from Vehicular Ad-hoc Networks (VANETs) to smart grid applications, industrial control systems and monitoring of (hospital) patients. Each of these systems has its own security mechanisms; in industrial control systems, a common approach is to use anomaly-based intrusion detection mechanisms to detect attacks on the network and report them to an administrator. The goal is to do a survey of anomaly-based intrusion detection in general, for example by using a self-established taxonomy and then transfering those approaches to CPS. For the Masterarbeit case, a practical evaluation of these systems in one of the CPS settings is of major interest.
C. Staudenmayer, „Replikation des HDFS Namenodes,“ Diplomarbeit VS-D11-2011, C. Spann (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2012 –
Abgeschlossen.
In diesar Arbeit wurde der HDFS Namenode mit Virtual Nodes nebenläufig repliziert. Dabei wurden die Java Synchronisationsmechanismen durch die von 'Virtual Nodes' ersetzt und die Nebenläufigkeit im Gegensatz zu anderen Arbeiten beibehalten. Die Lauffähigkeit wurde demonstriert, weitergehende Benchmarks müssen die Effizienz aber noch belegen.
M. Müller, „Design and Implementation of the UULM Network Lab,“ Bachelorarbeit VS-B11-2012, F. Kargl (Betreuung), F. Kargl (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2012 –
Abgeschlossen.
This thesis discusses the design of a network laboratory for educational purposes. We analyze educational requirements for such a laboratory and describe different possibilities of organizing the group work and the assignments, in order to derive an educational concept for the laboratory. We then describe various operational requirements and constraints for the system’s technical aspects. In order to establish a suitable technical architecture, we identify necessary components and compose an encompassing architecture. The reasons for the necessity of a management system to enable flexible administration of the laboratory are outlined, and the requirements for such a management architecture are introduced. Based upon these requirements, we develop a modular implementation for managing the devices in the laboratory. To verify that the software performs as expected and whether the technical architecture offers enough options for student assignments, we describe the implementation of a firstprototype with specific hardware. An exemplary assignment sheet based upon the educational and architectural concepts previously developed is then introduced.
B. Erb, „Concurrent Programming for Scalable Web Architectures,“ Diplomarbeit VS-D01-2012, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2012 –
Abgeschlossen.
Web architectures are an important asset for various large-scale web applications, such as social networks or e-commerce sites. Being able to handle huge numbers of users concurrently is essential, thus scalability is one of the most important features of these architectures. Multi-core processors, highly distributed backend architectures and new web technologies force us to reconsider approaches for concurrent programming in order to implement web applications and fulfil scalability demands. While focusing on different stages of scalable web architectures, we provide a survey of competing concurrency approaches and point to their adequate usages.
F. Hofherr, „Synchronisierungstechniken für replizierte verteilte Objekte,“ Diplomarbeit VS-D05-2010, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2010 – Abgeschlossen.
V. Lang, „Transaktionaler Speicher für Objektreplikation,“ Diplomarbeit VS-D02-2009, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2009 – Abgeschlossen.
M. Pfeil, „Optimising and Self-adaptive Strategy Selection in a Replication Framework,“ Masterarbeit VS-D07-2009, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2009 – Abgeschlossen.
S. Kächele, „nOSGi - Eine native OSGi Implementierung,“ Diplomarbeit VS-D05-2009, J. Domaschka and H. Schmidt (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2009 – Abgeschlossen.
C. Näveke, „Konfliktvorraussage für lock-basierte Synchroninierung,“ Diplomarbeit VS-D06-2009, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. f. Vert. Sys., Univ. Ulm, 2009 – Abgeschlossen.
M. Herchel, „Transparent Integration of Passive Replication in a Fault-Tolerant Framework for Distributed Objects,“ Masterarbeit VS-M02-2007, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2007 – Abgeschlossen.
M. Meßner, „Eclipse-Plugin zur Analyse von Thread-Synchronisierung in Java-Programmen,“ Diplomarbeit VS-D04-2007, J. Domaschka (Betreuung), F. J. Hauck (Prüfer), Inst. of Distr. Sys., Ulm Univ., 2007 – Abgeschlossen.