This page contains a number of open projects that are currently available in our group. See https://www.vusec.net/student-projects/ for organizational info.
|Build OS |
Goal: build minimal OS from scratch that does something interesting. Minimally, the students should implement some basic functionality, e.g., bring up MMU, but the goal is to do something more interesting: target a new architecture or use a new feature.
Bonus: some novel feature
|Hard cases for Fuzzing|
Goal:Identify hard cases for current fuzzers and create a unit-test-like suite to evaluate Fuzzers
Bonus:Write fuzzing strategies that can solve these cases
|Bug/ fuzzing ground truth using commit logs in OSS|
Goal:Assess the ground truth of bugs found by fuzzers based on real-world Open Source Software (see https://arxiv.org/pdf/1808.09700.pdf Section 7.2), based on git diffs.
Bonus:Link these bugs to the corresponding real CVEs to build a database of real-world bugs. Assess how existing memory safety mechanisms detect these vulnerabilities.
Goal: Analyse how long it takes for different fuzzers from reaching a BB to triggering a bug in that BB. Probably different projects for different types of bug.
Bonus:Speed this up?
Goal:adapt some fuzzer to handle a new class of applications (e.g., network servers, multiple input files, configuration).
Bonus: proper evaluation of an interesting dataset
Goal: software vendors may want to using fuzzing themselves to find bugs during the testing phase, but when they finally release the binary code, make it as hard as possible for *others* to fuzz the program. This is known as anti-fuzz. The idea is that you transform the program in a way that makes it very hard for automated fuzzers to make much progress. The goal is to build a translator (compiler or binary translator) that transforms a program in this way.
Bonus: target multiple types of fuzzer
|Reproducibility of research results|
Goal:look at the code released by researchers. Evaluate if it works. Do some statistics
Goal: grep for interesting features in published papers. E.g., how many papers use SPEC, etc. How often do ppl push papers on arxiv prior to publishing papers? Self-citation, citation rings?
Goal:how influential are certain researchers on specific research directions?
We have too many ever-changing project ideas to discuss here. Please contact us if you are interested in our research-oriented Master projects.
These are smaller projects for courses such as Android Lab (XM_40011), Individual Systems Practical (XM_405088), PDCS Programming Project (XM_405054), etc. Usually 6 or 12 ECTS. These projects can be a stepping-stone to a larger Master Project.