Beschreibung:

The bachelor project in the winter term 24/25 is on hot topics in computer security based on the USENIX Security Symposium 2022 and 2023 . The USENIX Security Symposium is a flagship security conference that provides a dedicated evaluation process on artifacts that are submitted in addition to the scientific paper. Our course allows students to do a bachelor project within the scope of computer security research published on top conferences, i.e., taking a deep dive in recent research implementation projects and evaluation data.

Please note that this course will be in English: students are required to write their project report in English and give an oral presentation in English.

There will be 5 mandatory meetings throughout the semester. Every meeting is mandatory; students cannot pass the bachelor project if they miss any of these meetings. The first meeting is the kick-off meeting on Thursday, October 10th at 12:00 in S-GW 009. The dates of the four remaining meetings will be fixed in October.

The procedure is as follows:

1. Students join the kick-off meeting on Thursday, 10th October at 12:00 in S-GW 009 (no pre-registration is required).
2. Our chair will publish a selected list of artifacts (on this website) from USENIX Security Symposium 2022 and 2023
3. Until Thursday, 14th October EOD students select and submit three artifacts from that list. Students also provide a ranking preference of the selected artifacts.
4. Next, the course organizers assign one artifact to each student.
5. Meeting 2 (end of Oct): students have read the paper of their assigned artifact. During the meeting, they provide a summary of the paper. They also provide a very general overview of what the artifact includes (which components have been implemented? If applicable, what kind of evaluation data includes the artifact? What hasn't been provided in the artifact?).
6. Meeting 3 (mid Nov): The students have tested the artifacts. They provide information on the structure of the artifact implementation and evaluation data, and share their experiences in testing the artifact. All the students engage in a discussion on the artifact helping each student to determine the key questions that need to be considered for reverse-engineering, evaluating, and extending the artifact.
7. Meeting 4 (mid Dec): The students have a clear understanding of the artifact and its evaluation data. They provide a proposal on the next steps. Possible steps are: extending the artifact with a new feature, porting the artifact to another platform, creating a new benchmark, or developing and evaluating a new use-case. Again, all the students engage in a discussion on the artifact helping each student to decide on the next steps.
8. Meeting 5 (end of Jan): Oral presentation of the project work and submission of the project paper.

Please note that the topics mentioned above often deal with system-level software and hardware aspects (operating system code, low-level code such as C code, Ethereum bytecode, and x86 or ARM assembly instructions). We recommend choosing the Bachelor project "Secure Software Systems" only if you are willing to deal with system-level programming techniques, meaning that you are ready to learn and apply these techniques within the scope of the project.

Literatur:

Unsere Themen richten sich an aktuellen Forschungsthemen der IT-Sicherheit (insbesondere Systemsicherheit). Die besten IT-Sicherheitstagungen (A*-Konferenzen) sind nachfolgend aufgeführt. Über das Uni-Netzwerk können Sie für alle der genannten Konferenzen die wissenschaftliche Artikel (die sogenannten Papers) kostenlos herunterladen und sich die Vortragsvideos anschauen. Beachten Sie, dass für dieses Bachelorprojekt die Konferenz USENIX Security insbesondere von Relevanz ist. Die anderen Konferenzen können aber für Hintergrundinformationen zum Thema Computer Security gerne herangezogen werden.

• IEEE Security and Privacy Symposium (IEEE S&P)
• ACM Conference on Computer and Communications Security (CCS)
• USENIX Security Symposium
• ISOC Network and Distributed System Security Symposium (NDSS)