in.Crease ist ein geplantes Informationssystem für Studierende. In Vorarbeiten wurde bereits ein Modul entworfen, um Personen und Gremien zu verwalten und geeignet darszustellen. Ziel dieses Projekts ist es die Anforderungen an die Darstellung von Personen und Gremien zu überarbeiten und neu zusammen zu stellen. Auch das Datenmodell soll auf Vollständigkeit und Konsistenz abgeklopft werden. Im Anschluss sollen UI-Elemente sowie entsprechende Berechtigungen für die einzelnen Use-Cases implementiert werden - je nach Umfang eventuell nur eine Teilmenge von wichtigen Use-Cases. Zu den Use-Cases gehören nicht nur lesende Zugriffe in Form von geeigneten Anzeigeelementen sondern auch Editier-, Anlege- und Löschfunktionen. Die Arbeit hat damit einen konzeptionellen Anteil sowie einen Implementierungsanteil, der mit TypeScript und Angular in Verbindung mit einem Redux-Store.

State-machine replication (SMR) is a fault-tolerance concept where multiple servers (replicas) execute the same requests. Replicas are then able to replace each other in case of faulty servers. BFT-SMaRt is a popular framework to implement SMR. BFT-SMaRt is able to add and remove replicas from the replica group at runtime. Unfortunately only the latest of the added replicas can be removed again, which is obviously an odd restriction. It is likely that the reconfiguration part is just a proof-of-concept implementation. As part of this project the restrictions should be removed so that any replica can be removed by a reconfiguration request. This needs a cleanup in the internal software as replicas are internally numbered from 0 upwards and only the replica with the highest number can be removed. This numbering scheme has to be replaced by a more sophisticated solution.

Intel SGX is a technology that allows to launch tamper-proof enclaves in main memory, which isolate parts of applications that deal with sensitive data. There is a broad spectrum of application scenarios, ranging from fault-tolerant systems to privacy-preserving machine learning approaches. Intel provides a native SDK that can be used to derive low-level wrapper functions from a function definitions provided in a DSL, which are then used to interact with the protected parts of the application applications. However, the SDK requires special care during the design process as well as C/C++ programming skills, in order to create a bulletproof interface to the enclave. The Gramine project promises to simplify the SGX application development process by providing functionality to wrap unmodified linux applications in Intel SGX enclaves. Since this approach trades in performance for usability, the goal of this project is to conduct a performance evaluation for different applications launched natively and wrapped with Gramine.

State-machine replication (SMR) is a fault-tolerance concept where multiple servers (replicas) execute the same requests. Replicas are then able to replace each other in case of faulty servers. BFT-SMaRt is a popular framework to implement SMR. One of its drawbacks is that clients and replicas need the same set of configuration files. This projects is supposed to "liberate" replicas and clients mostly from these files. The configuration should be expressed by Java objects (BFT-SMaRt internally already does something like this). Further, these objects should be handed out by our commander application that is already able to initialise a group of replicas – currently by copying configuration files. This copy operation should be replaced by object passing. The student has to identify all accesses to configuration files and update the software accordingly. For clients there should be the choice of using configuration files or a serialised configuration object that could be retrieved from the commander app.

The Trusted Platform Module (TPM) is a standardized cryptographic co-processor which provides a specific set cryptographic functionality comprising encryption, digital signatures, and hash functions among other features. TPM 2.0 modules come in five different implementations, which offer different security levels ranging from the discrete implementations which provide the highest level of security, down to software TPMs which are unsafe for production environments and are intended for the development purposes only. BLS signatures are a signature scheme based on elliptic curves and pairing-based cryptography for verification. Their mathematical construction provides useful isomorphisms which allow to create multi- and threshold signatures. BLS signatures are currently not included in the TPM specification and can therefore not be generated by TPMs by default. There is however a recent publication which describes how BLS signatures can be generated by leveraging cryptographic primitives for Schnorr signatures that are specified in the TPM standard. The goal of this project is to dive into to the TPM technology stack and build a prototype implementation of the BLS signature scheme proposed in the research paper.

The Vehicular Reference Misbehavior (VeReMi) dataset is a dataset is a dataset for evaluationg of misbehavior detection mechanisms for V2X networks. The dataset consists of message logs generated from a simulation environment. The dataset contains malicious messages which the single misbehavior detectors of a misbehavior detection system (MBD) intend to detect. The VeReMi dataset serves as a baseline to compare different MBDs. However, the existing VeReMi dataset lacks some information, so that not all existing misbehavior detectors of an MBD system receive the necessary information to work accordingly. In this project, the existing VeReMi dataset should be extended with the necessary information so that further misbehavior detectors receive the necessary information to work accordingly.

This project will focus on improving the trustworthiness of generated information through the fine-tuning of the Llama 3 8b model using the Unsloth training performance optimization library. The primary goal is to enhance the reliability and accuracy of AI-generated content by leveraging advanced training techniques. The research will involve evaluating the performance of the Llama 3 8b model before and after fine-tuning, analyzing improvements in trustworthiness metrics, and developing new methodologies to further optimize the model’s performance.

The task of this project is to develop a web-based application that can be used as part of the operating systems lecture for educational purposes. The application should encompass a graphical emulation of basic computer hardware components such as a simple processor with a narrow instruction set or a memory management unit. The goal is to have an educational tool for students to help them develop intuition for concepts like instruction processing or virtual memory management.

Concurrent data structures allow for concurrent access reading and/or modifying a data structure. Persistent data structures keep track of changes by allowing access to previous versions of the data structure. This work should explore approaches to build concurrent and persistent data structures that represent evolving graphs. Approaches should be implemented both for the Java and the Go programming language, taking into account specifics of both languages. The approaches should then be evaluated as part of an ongoing research project at the Institute in which multiple smaller graphs need to be concurrently processed in memory with a focus on performance and scalability.

The Institute is currently developing a system that is assessing the trustworthiness of entities based on different trust sources. For this we use trust models that are essentially graphs of different entities and their trust relationships. The system is event-driven, so whenever new evidence becomes available, the trust model associated with the target entity is updated and trustworthiness is recalculated. Trust models can be dynamic both in terms of changes to the topologies (e.g., new entities) and values (e.g., updates in existing trust relationships). This work should explore different approaches to visually represent evolving trust models so that users can explore the latest state of trust model, but also to navigate and understand its history. In addition to this conceptual part of the work, also a prototype should be implemented and evaluated using modern, state-of-the-art web technologies.

This project will investigate the performance differences between Kolmogorov-Arnold Networks (KANs) and Multi-Layer Perceptrons (MLPs) in the context of image classification tasks. Kolmogorov-Arnold Networks offer a novel approach to neural network architecture based on mathematical foundations that differ from traditional MLPs. The primary goal of this research is to empirically compare these two types of neural networks to evaluate their classification accuracy. The outcome of this research may provide insights into the potential advantages of KANs over conventional MLPs in practical applications.

Service Function Chaining (SFC) is a technice to steer traffic through specific network services. To proof that the traffic was actually forwarded through the specified services, a Proof Of Transit (PoT) is used. In this project, different PoT approaches are compared and the most promising solution implemented in a HTTPS-based SFC environment.

Since Google introduced their BeyondCorp project, Zero Trust (ZT) is one of the most popular buzzwords in the area of network security. In a ZT network, Policy Enforcement Point (PEP) and Policy Decision Point (PDP) are responsible for central authentication and authorization (Auth*). Both mentioned components and conventional security functions such as firewalls work largely independently of each other when it comes to processing packets. This leads to inefficient scenarios in which all packets are processed by time- consuming security functions. By coupling the conventional security functions to the PEP/PDP, higher efficiency in security-relevant packet processing can be achieved. This can be achieved by leveraging the Service Function Chaining (SFC) approach. SFC allows the dynamic chaining of conventional network service functions such as HTTP header enricher or firewalls. For each network flow can be decided what service function should be applied to all the flow's packets. The PEP/PDP in a ZT network acts then as the orchestrator, decides about the functions that should be chained together. By doing this, it can be efficiently decided which function should be applied. The goal of the project is to implement one of the thus orchestrated security service functions namely a Multi Factor Authenticator (MFA) that is embedded in a already existing Zero Trust SFC prototype. The MFA must be HTTP based and written in Go. Requirements: Good knowledge of Go and security protocols).