Master Theses

    • Replication of typical Internet services (e.g. web, mail, DNS, databases, real time communication, etc.) over multiple, geographically distributed sites
      The main idea of this project is to use cheap virtual servers from multiple different platform-as-a-service providers to establish highly available Internet services (including web applications with typical database backends, email server, DNS server, and others). All these virtual machines should act as a single, virtual Internet server in a way that is similar to content distribution networks for web pages with geo-location, but with the aim of improved availability instead of better performance (which would be more difficult to realize without centralized services). To do so, the virtual machine images should be identical, and application data (e.g. databases and mail spools) should be replicated over these multiple instances. When one instance fails, it should be removed from the (also distributed) DNS zone to keep the virtual service running without manual actions.

      This thesis and/or project aims at creating a configuration/deploy script to easily configure Linux virtual machines (e.g. based on Debian/Ubuntu or Fedora base system as installed by virtual host providers) with replication set up for all relevant services. Specific projects to use could be Ansible/Chef/Puppet for configuration/deployment, Nagios/Icinga/Zabbix/etc. for distributed, mutual monitoring of virtual instances among each other, Bind/PowerDNS/Knot as DNS server with distributed, dynamic updates, Postgresql with BDR, MongoDB, or other databases with asynchronous multi-master replication, and Dovecot/Cyrus as IMAP mail server with multi-master replication. The final goal is a single script that can be run from an administrative machine with configured access details for multiple platform-as-a-service providers (e.g. Amazon AWS, Microsoft Azure, or oethers) that will complete the set-up of all required services on these virtual instances and can be re-executed whenever a new instance is required (e.g. because another one failed or more distributed resources are required for load balancing).

      Please contact Rene Mayrhofer or Rudolf Hörmanseder for details.

    • Implementation of a modular "Personal Agent" for handling electronic identity (eID) on Android
      The aim of this project is to implement a so-called "Personal Agent" in the scope of project Digidow on Android. In this implementation, the standard Android APIs e.g. for geolocation, fingerprint authentication etc. should be used to locally (on-device) authenticate and track the end-user. This information should then be used to authenticate interaction with so-called "Verifiers" (e.g. public transport, door locks, web page login, etc.) in the digital or physical worlds.
      One core aspect in this project is modularization of the application into multiple components with clearly defined security boundaries. That is, the project and thesis should explore options to protect parts of the application (e.g. the cryptographic signature module) from other, potentially compromised parts (e.g. the service discovery module with a network interface). Current options to investigate include using multiple Android services within one app, multiple apps (with different UIDs in the sense of the kernel sandbox), SELinux policies, and seccomp filters. Ideally, core parts of these modules should be written in Scala with Java parts only to interface with required Android app framework components.
      Another Master thesis on implementing the Personal Agent in Rust with respective modularization methods available on Linux on Unikernels is currently ongoing. The network interfaces of both implementations should be interoperable, so some coordination with the other Master thesis will be required.

      Please contact Rene Mayrhofer or Michael Hölzl for details.

    • Injecting URLs and other data to Smart TVs via DVB-T
      The Institute of Networks and Security has a software defined radio that should be suitable to create and inject DVB-T signals into receivers such as Smart TVs. The aim of this thesis is to reproduce and potentially extend the work shown in on how injected HbbTV URLs are automatically opened/executed on some Smart TVs to allow a remote code execution.

    • Security Analysis of the Communication Protocol of a MAVIC PRO drone
      This project aims to investigate the two communication channels (Wi-Fi and a custom RF) of a commercial drone ( and analyze the used communication protocol. Using a software defined network and state-of-the-art reverse engineering tools, your goal is to find potential security weaknesses and make suggestions on how to improve the existing protocols.

      Please contact Rene Mayrhofer or Michael Hölzl for details.

    • Multiple topics on dynamic, behaviour-based recognition of malicious software (in cooperation with Sophos Labs)
      Please contact Rene Mayrhofer (rmatins [dot] jku [dot] at) for details.
    • TPM and remote attestation for cloud infrastructure providers

    • Reproducible builds for Java and Android apps

    • Smart home security: preventing privacy leaks with home routers

    • Vibration patterns for authenticating phones to users (study if randomly generated patterns can be recognized by users incl. the expected training effect)

    • Dienst zum Rendern von Browser-Screenshots
    • E-Learning System für Websites am Beispiel RIS: Beispiels-Suchaufgaben mit Beobachtung des Benutzers (Eingabe, Mausbewegungen etc.) und adaptiven Reaktionen darauf (Verbesserungsvorschläge, Vorzeigen mit Maus&Eingabe + Audio-Kommentar); Zwei Varianten (ca. 10 Min. für Laien, ca. 90 Minuten für Profis)

    • Verteiltes Sensor-Netzwerk: Geographisch weit verteilt befinden sich viele Sensoren, die Daten (welcher Art auch immer, zB Temperatur) an eine zentrale Instanz zur Auswertung schicken. Die Kommunikation der Sensoren soll mittels diverser Protokolle erfolgen: XMPP, IRC, P2P, RSS, HTTP (alle potentiell auch indirekt, dh mit Vermittlung durch außenstehende Server – hole punching – um Sperren zu umgehen oder über Tor, zB Hidden Services). Die Daten sind abzusichern (Verschlüsselung/Signatur). Fällt die zentrale Instanz aus, soll ein anderes Gerät diese Aufgabe übernehmen.
    • Automatische Anonymisierung von Urteilen: Analyse von Texten um Namen zu identifizieren und diese zu ersetzen.

    • Setup a Tor hidden service online shop&forum and simulate customers and forum traffic convincingly as a virtual machine (preferably docker, so it can be scaled). Monitor all kinds of attacks on the service. The service is not to be published, but check when any (and what) kind of communication starts. Later, publish it in various ways with small differences and check how “customers” arrive. The shop is “invitation only”, but no invitations are given out. It contains illegal items, documents with “phone home” content or similar. Passwords for E-Mail accounts (fake ones) with weak hashing. When are these contacted, by whom, for what (=were stolen from the shop)? The idea is to find out about attacks on hidden services.

    • VM ressource usage verification: Unter Hype-V kann man den Ressourcenverbrauch einer VM genau messen. Kann man Software so ändern, dass sie regelmäßig Logging an Drittmaschinen ausgibt, wie viel Arbeit sie verrichtet hat? Kann man dies dann mit den Hyper-V-Messungen vergleichen? Kann man daraus feststellen, ob zusätzliche Software (=Malware) in der Maschine läuft bzw die Abrechnung zumindest ungefähr korrekt ist? Implementierung eines Beispiels an einem Webserver (plus Datenbank intern oder separat sowie Zugriff auf externe Webressourcen). Relevant: CPU-Last/Nutzung, Disk-Nutzung, Bandbreite – nicht unbedingt absolut aber zB nach einer Kalibrierungsphase.
    • Translate security protocols specified in Alice&Bob notation to Scyther language. Alice&Bob notation has been widely used to describe security protocols. However, protocol verification tools such as ProVerif, Scyther, and Tamarin have their own specification language. We are therefore interested in developing a tool that allows translating an Alice&Bob specification to other languages that can then be used as input to different verification tools. The goal of this particular task is to build a tool that translates an Alice&Bob specification to Scyther specification. As Scyther does not support equational theories that are often used to model for instance Diffie-Hellman exponentiation, not all Alice&Bob specifications are convertible to Scyther's language. Nevertheless, many protocols such as Kerberos and Needham-Schroeder variants are translatable.