SNE Master Research Projects Web Page


Home Previous years


This page reports the list of student projects with the type (long or short), the contact person for each project ("@" is replaced by "=>"), the status (available or assigned) the warning level (low, medium or high; where high means that is strongly suggested to submit the project proposal head of time to not incur in delays). New projects will be added at the end. All other information related with the projects are available on the course pages on Canvas.

Number and Type Title and Abstract Supervisor Status Warning
1 - short
Security impact of DNS over TLS (DoT) and DNS over HTTPS (DoH)

DNS resolution is a critical and sensitive service. By default, DNS queries and responses are sent in plaintext. There are mainly two recently developed protocols, DNS over TLS (DoT) and DNS over HTTPS (DoH), which are of growing importance aiming to protect DNS privacy. Such encrypted protocols are cleary of benefit by protecting integrity and confidentiality of DNS traffic. However, they can effectively disrupt security controls and network monitoring solutions. The goal of this research is to analyse the security impact of DoT and DoH in order to securely implement encrypted DNS without compromising network security.
Silke Knossen <silke.knossen=>kpn.com> unavailable
low
2 - short
Topic: TR-369 research

TR-69 is a commonly used protocol for remote management of modems/routers/gateways, which has been around for 15 years. Until now, this is how most consumer modems are remotely managed at KPN. A new protocol has been developed by the Broadband Forum, which is called TR-369. It is intended to replace TR-69. It offers a new architecture where multiple "controllers" (providers, vendors, or end users) can interact with endpoint devices (modems/routers, wifi controllers, iot etc). It supports multiple transport protocols, including websockets/COAP/MQTT/etc. KPN REDteam recently did a time boxed test on a test setup for a new modem which is controlled through TR369 (in this case, over MQTT), and we found some security issues.

Goals:
* Review TR369/transport protocol "suite" with regards to security.
* Create tooling/pentesting a modem with TR369 backend infrastructure.

References:
https://www.avsystem.com/blog/TR-369/
https://www.broadband-forum.org/download/TR-369.pdf

Notes:
Project available only for a group of two students
Anand Groenewegen <anand.groenewegen=>kpn.com> and Stef van Dop <stef.vandop=>kpn.com>
Selected, but open for a second student in case. medium
3 - short
Privacy and Robustness in DP-based (Differential Private based) Federated Learning

Federated learning is a collaborative learning infrastructure in which the data owners do not need to share raw data with one another or rely on a single trusted entity. Instead, the data owners jointly train a Machine Learning model through executing the model locally on their own data and only share the model parameters with the aggregator. While the participants only share the updated parameters, still some private information about underlying data can
be revealed from the shared parameters. To address this issue, Differential Privacy has been used as effective tool to protect information leakage over shared parameters in Federated Learning, say DP-FED. However, it has not yet been investigated whether (and to what extent) the DP-FED is resistant against attacks.

This project aims to evaluate the resistance of DP-FED against different attacks and to explore the possibilities of reducing the success rate of these attacks. To conduct this research, at least three datasets, three different DP-FED techniques, and three different privacy threat models should be selected. Then, a comparison of DP-FED and FED (without DP) should be performed to evaluate how much embedding Differential Privacy in Federated Learning
algorithms makes them robuster.

The following papers are suggested to be studied for this work:
1. Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro; Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy, CoRR, 2020.
 
2. Lingjuan Lyu, Han Yu, Xingjun Ma, Lichao Sun, Jun Zhao, Qiang Yan, Philip S. Yu, Privacy and Robustness in Federated Learning: Attacks and Defenses, arXiv, 2022.

3. Ahmed El Ouadrhiri, Ahmad Abdelhadi, Differential Privacy for Deep and Federated Learning: A Survey, IEEE Access, 2022.

4. Malhar Jere, Tyler Farnan, and Farinaz Koushanfar; A Taxonomy of Attacks on Federated Learning, IEEE Security & Privacy, 2021.

5. Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong, Data Poisoning Attacks to Local Differential Privacy Protocols, CoRR, 2019.

6. Minghong Fang, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong; Local Model Poisoning Attacks to Byzantine- Robust Federated Learning, the 29th Usenix Security Symposium, 2020.
Mina Sheikhalishahi <mina.sheikhalishahi=>ou.nl> available medium
4 - short
Private GAN for Machine Learning

Generative Adversarial Network (GAN) provide a promising direction in research studies where data availability is limited. One common issue in GANs is that due to the high model complexity of deep networks, they are vulnerable in revealing information about training samples. This issue has been addressed in several studies by designing Differentially Private GAN (DPGAN) models, in which DP is adopted in training GANs. While DPGANs serve as effective tools in this regard, still a comprehensive understanding of the utility of this new generated data, with the purpose of being used as the source data of Machine Learning algorithms, is missing. Also, it is not clear how much each DPGAN technique is resistant against privacy threats compared to other DPGAN methodologies.

In this project, we select several DPGAN techniques, several datasets (with different properties), several ML algorithms, and two/three privacy attacks. We first train DPGAN techniques on selected datasets. We next evaluate the utility of data by employing ML algorithms on generated data. We compare the utility of generated data based on ML model accuracy. Also, we analyze how the dataset properties and the ML technique properties affect the effectiveness of data. We then employ privacy attacks on DPGANs and compare the results with GANs to evaluate and compare the robustness of different DPGANs.

The following studies are recommended:

1. Liyue Fan, A Survey of Differentially Private Generative Adversarial Networks, 2021.

2. Liyang Xie, Kaixiang Lin, Shu Wang, Fei Wang, Jiayu Zhou, Differentially Private Generative Adversarial Network, 2018.

3. Chugui Xu, Ju Ren, Deyu Zhang, Yaoxue Zhang, Senior , Zhan Qin, Kui Ren, GANobfuscator: Mitigating Information Leakage Under GAN via Differential Privacy, IEEE Transaction on Information Forensics and Security, 2018.
Mina Sheikhalishahi <mina.sheikhalishahi=>ou.nl> available medium
5 - Long
Comparison of state-of-the-art endpoint defence solutions to (partially) open-source endpoint defence

Endpoint defence evolved a lot in the last decade and the old anti-malware / anti-virus software a small sub-section of the state-of-the-art endpoint defence solutions. Instead of anti-malware / anti-virus, we are now talking about Endpoint Defense and Repsonse (EDR), Data Loss Protection (DLP), File Integrity Monitoring (FIM) and other fancy words that suppliers have the creativity to come up with. The biggest suppliers on the market are busy expanding their software with new features. This project will allow the students to get access to some vendor trial licences (1 or more) and compare the functionality of the products with free and open-source product offerings. Depending on student ability the project can result in the development of new features into open-source products. A minimum expected deliverable of the project is a comparison report and proposed development path to improve the open-source or proprietary products.

This long project is divided in the following way:

*) Phase 1: building on the RP of Dennis from 2021, further develop an open criteria of assessing and quantifying the effectiveness of a modern EDR (qualitative theoretical study)
*) Phase 2: put this theory into practice by putting several state of the art tools to test, possibly in a specific context (Office IT or possibly SCADA) depending on availability of opportunities
Peter Prjevara <peter=>securitymindset.eu> unavailable low
6 - Short
Comparison of architectures supporting high integrity and secure data pipelines

Tennet TSO is a leading European grid operator committed providing secure and reliable supply of electricity 24 hours a day 365 days a year, while helping to drive the energy tranisition. As a first cross-border Transmission System Operator (TSO), we design, build maintain and operate 23,900 km of high-voltage electricity grid in the Netherlands and large parts of Germany and facilitate the European energy market, through 16 interconnectors to neighboring countries. As part of this effort some of our teams are committed to deliver a private cloud infrastructure that house the data pipelines we use to interface between our internal departments and with our external partners. In these data pipelines data integrity and security is of high importance, so we must use modern technologies and data architectures that support this data integrity and security. However we also have legacy requirements, which must integrate securely with the modern technologies. Modern technologies we use include k8s and Apahce Kafka and MinIO, while some of the legacy requirements we have is the need for SQL based querying methods, or file based data transfers (SCP / SFTP).We would like to offer a project to SNE students where they explore the possibilities of architecting data pipelines combining these technologies - or even newer / better ones. Some of the questions that can form a basis for research questions are as follows:

- How are these technologies can be best combined to offer maximum data integrity?
- How can the technologies be best used to create long term, highly integer data archiving?
- What are the limits of this integration (on the available hardware to the students)?
- What are the advantages / disadvantages of implementing the architecture as a service-mesh instead of traditional architectures?

As the students will require to build their own test environment, this project is suitable for 2 candidates. Tennet will facilitate engineering support where students will gain insight into what problems the engineers and architects find important during the design of such architectures, and how the Agile teams in Tennet work together to deliver similar systems and architectures.
Peter Prjevara <peter=>securitymindset.eu> available low
7 - Short
Parser differentials in micro services

Environments that use micro services often have a wide variety of programming languages and frameworks. Therefore, we suspect that parser differentials vulnerabilities are common in micro service architectures. For example how two libraries parse (malformed) JSON, HTTP requests etc. This could lead to interesting vulnerabilities that are hard to find. The goal of this project would be to find such parser differentials in commonly used libraries and see if this could lead to real vulnerabilities.
Daan Keuper <dkeuper=>computest.nl>
unavailable  medium
8 - Short
Race conditions in web applications

In local applications race conditions are well understood and we have tons of examples that were affected by this vulnerability class. However, in web applications research on this topic seems to be scarce. We’ve found some real life vulnerabilities abusing race conditions (for example, claiming a coupon code more than once), but we suspect that more of such cases could be found. The goal of this project is to find more examples of race conditions  in web applications in real life applications.
Daan Keuper <dkeuper=>computest.nl>
unavailable  medium
9 - Short
Purple teaming for telecom operators

During the last 5-10 years, a large number of organisations have adopted RED and BLUE teams. A new trend can be seen where these offensive and defensive teams work in harmony. Recent whitepapers affirm this trend[1] and outline the benefits[2]. As the largest telecom operator in The Netherlands, KPN is continuously strengthening the ties between its BLUE- and REDteam. By working together (purple teaming), we increase knowledge and effectiveness on both sides. This research is divided into a theoretical part, what does literature state regarding purple teaming best practices, and a case study by designing/building a purple team CTF combining the studied literature with a telco perspective.

Goals
* Literature study on purple team
* Design a purple team capture the flag

References:
[1] https://danielmiessler.com/study/red-blue-purple-teams/
[2] https://www.redscan.com/news/purple-teaming-can-strengthen-cyber-security/

Notes:
Project available only for a group of two students
Anand Groenewegen <anand.groenewegen=>kpn.com> and Stef van Dop <stef.vandop=>kpn.com> unavailable medium
10 - Long
XDP-based DNS hot cache

The eBPF and specifically XDP paradigms enable for processing of packets in the Linux kernel without touching the full network stack and user space.  While the flexibility of, and resources available to such XDP programs are limited, simple programs can reduce system load significantly. In DNS for example, if we can determine we can not or will not answer a DNS query at such a very early stage, we do not need to bother the software running in user space with it.

For this project, the goal is to design, develop and assess a BPF/XDP program that serves as a DNS Hot Cache, serving answers to often asked queries from kernel space.

# Part 1: design and development

In the first part of the project, the students familiarize themselves with the BPF/XDP paradigm and tool chain. At NLnet Labs, we have experience with using XDP for DNS, so we will be up to speed quickly. The final program will need to store DNS answers coming from user space, and re-use them to answer subsequent queries from kernel space directly. In preparation for part 2, we deploy the program at an actual nameserver/resolver, gathering measurements for assessment and the final report.

# Part 2: assessment of measurement results, reporting

At this stage, the developed XDP program has been running for several months, generating data such as log entries and measurements. Based on the collected insights, the students assess if and to what extent the program has affected the performance of the DNS service. (A possible outcome could be an advice on which parameters require fine-tuning for certain use-cases or networks.)

Luuk Hendriks <luuk=>nlnetlabs.nl> and Willem Toorop <willem=>nlnetlabs.nl>
available  low
11 - Short
What are the practical implementation limits of eBPF (programs)?

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

eBPF sounds like the holy grail for developing 'user space'-like applications inside kernel space in a safe manner, but what can and can't you achieve as a developer of eBPF programs?

- What categories of applications can and cannot be implemented in eBPF?
- What are technical limitations that are preventing the developer of creating an application of such a category?
- What can be done to remove this limitation?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl>
unavailable  low
12 - Short
What is the current security posture of eBPF and implied risk of using eBPF programs?

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

- What is the current security posture?
- What are the current risks of running eBPF programs?
- What are the attack surfaces?
- What is the impact upon compromise?
- How can these programs be protected?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> Unavailable.
low
13 - Short
The security state of Kubernetes

Kubernetes is becoming more and more the 'universal controle plane' for (cloud) computing. Inherent to significant growth in a technology domain is the decision of not degrading security when migrating workloads to new technology.

- What is the current security posture of Kubernetes with regards to container runtime e.g. selinux, seccomp, etc in contrast to usability?
- What can be improved?
- How can this be improved?
- What is the impact of these improvements on the usability of Kubernetes?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> available  low
14 - Short
eBPF based Malware

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

- What types of malware can be developed inside an eBPF program?
- How can eBPF based malware be detected?
- How can a system be hardened against eBPF based malware?
- What persistency capabilities does eBPF facilitate for malware?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> unavailable  medium
15 - Long
EPI - Enabling Personalized Interventions

We propose the EPI* Framework to enable secure data sharing within the healthcare context. The framework addresses multiple concerns across different levels; namely: policy level, data level, application level, and network level. Within this project proposal, we mainly focus on the last network level. To abide by security requirements at the low level of packets, we instantiate and provision Virtualised Network Functionalities (VNF) on the fly. Moreover, we containerise said VNF for higher efficiency and easier deployment. As a result, we bridge any existing security gap between the end nodes of the data-sharing session via containerised VNF or Bridging Functions (BF’s).

The framework utilises Kubernetes to orchestrate and schedule resources to run microservices across distributed clusters of proxy nodes. The goal of this project is to evaluate the framework setup via a specific threat model, and define the best practices/ mitigations in terms of security configurations. Moreover, we aim to investigate that by simulating a number of attacks to confirm the evaluation further experimentally.

Potential questions to investigate:
1- There are a number of available threat modelling methods like: STRIDE, LINDDUN, CVSS, etc. Threat models can be software centric, attacker centric, and asset centric depending on what level of security you are investigating. With the goal of evaluating the framework in mind, how to choose the appropriate methodology to use?
2-  Based on that, what threat model to use to create a system abstraction, identify security requirements, potential vulnerabilities, and mitigations while running network-based microservices with Kubernetes? Example: key management, worker node authentication, etc.

*EPI - Enabling Personalized Interventions: https://delaat.net/epi/index.html

BF chaining and proxy implementation: https://github.com/onnovalkering/socksx
Jamila Alsayed Kassem <j.alsayedkassem=>uva.nl> available  low
16 - Long
Side-channel analysis using on-line statistics

Side-channel analysis is the art of cracking cryptographic implementations by observing unintended signals such as the algorithm’s execution time or the power consumption of a device
[https://youtu.be/OlX-p4AGhWs]

Industrial-level side-channel analysis requires lengthy signal measurements over multiple days. Acquiring and processing such a large datasets is a very demanding computational task that must be carried out within specific time constraints.

In this project we will utilize efficient online statistical computations that can pinpoint the useful part of the signal in a very large dataset. To do so efficiently, we will “drill” for useful leakage information through reinforcement learning algorithms. Our final goal is to develop an efficient processing strategy that will maximize our ability to detect and perform side-channel attacks

Statistical formulas: [https://eprint.iacr.org/2015/207.pdf]

Matlab code for statistical formulas(also available in Python): [https://github.com/kostaspap88/statistics]


1st part: study and utilize online statistics
2nd part: adaptive “drilling” for leakage
Kostas Papagiannopoulos <k.papagiannopoulos=>uva.nl> available  low
17 - Short
Analysis of Hashicorp Vault Integrated storage (RAFT) back-end

Within (large) distributed environments storing, managing and provisioning your secrets securely can be difficult. There are several secret managers available in the wild that can help tackle life-cycle management of secrets in distributed environments. Vault is an opensource secrets manager created by Hashicorp. Since the 1.4 release of Vault the Integrated storage back-end that uses RAFT as a consensus algorithm for replicating data between Vault instances has been introduced. A secrets manager such as Vault becomes an interesting point of attack for malicious users. When using a tool such as Vault making sure that data stored in and exchanged via Vault is Secure is extremely important.

- How secure are secrets at REST when the Integrated Storage back-end is used?
- How secure is the exchange of secrets via the RAFT consensus algorithm?
- Are there any avenues of attack that can be exploited to retrieve information/secrets?
Maurice Mouw <Maurice.Mouw=>os3.nl> unavailable  Low
18 - Long
Formal verification of P4_16 for robust data plane programmability

The advent of programmable network switch ASICs and recent developments on other programmable devices (NPUs, FPGAs etc.,) drive the renewed interest in network data plane programmability. Data plane programmability refers to the capability of a network device to expose the low-level packet processing logic to the control plane through a standardized API, to be systematically, rapidly, and comprehensively reprogrammed. Domain specific programming languages such as P4 [1] have emerged, enabling to describe the entire packet processing in a protocol-independent way at a high abstraction level. P4 has gained strong community support, covering both industry and academia. Data plane programmability enables unprecedented network flexibility, but it may come at the cost of robustness. The shift from fixed function to programmable data planes increases the chance of introducing bugs due to incorrect protocol implementations. Such bugs can be easily transformed into vulnerabilities e.g., if exploited towards the violation of network security policies. There have been efforts to overcome this problem by checking if the network satisfies the intended properties use formal verification techniques (e.g., model checking or symbolic execution). For example, Kheradmand and Rosu [2] developed a complete operational semantics for P4 v14 in the K framework, enabling symbolic model checking and deductive verification. As another example, Liu et al. [3] developed a translational semantics from P4_14 to a Guarded Command Language for practical verification.

Within the course of this joint RP1-RP2 project the student will
1. Phase 1: Investigate the state of the art in the area, get familiarized with P4 DSL, analyze, and apply a chosen formal verification technique for P4_14, establish a suite of example programs and verified properties, and construct a migration plan from support P4_14 to P4_16.

2. Phase 2: Execute the migration plan and analyze the soundness, completeness and practicality of the resulting implementation.

Prerequisites:
-- Enrolled student in master’s program in computer science or related
-- General knowledge on computer networks
-- Affinity with programming language techniques such as compiler construction, formal verification and/or formal operational semantics
-- Some experience with declarative programming, e.g., logical programming (in Prolog) or functional programming (in Haskell)
-- Language skills: English

[1]. Bosshart P, Daly D, Gibb G, Izzard M, McKeown N, Rexford J, Schlesinger C, Talayco D, Vahdat A, Varghese G, Walker D. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review. 2014 Jul 28;44(3):87-95.
[2] Kheradmand A, Rosu G. P4K: A formal semantics of P4 and applications. arXiv preprint arXiv:1804.01468. 2018 Apr 4.
[3] Liu J., Hallahan W., Schlesinger C., Sharif M., Lee J., Soulé R., Wang H., Caşcaval C., McKeown N., and Foster N., P4v: practical verification for programmable data planes. ACM SIGCOMM '18, pp. 490– 503. https://doi.org/10.1145/3230543.3230582
Chrysa Papagianni <c.papagianni=>uva.nl> and Thomas van Binsbergen <l.t.vanbinsbergen=>uva.nl> available  low
19 - Short Identifying Ghost resources in (multi-cloud/hybrid) distributed environments.

Many companies are adopting cloud or multi-cloud environments containing distributed components that leverage different Cloud services. Over time more resources are accumulated that are not properly cleaned up. In cloud environments this can introduce additional significant cost over time.

Additionally 'ghost' resources can pose a significant security risks if those resources are not patched.
- Are there strategies/frameworks to detect or prevent the creation of ghost resources.
- What or how is a proper baseline determined for identifying if something is a ghost resource/asset?
- Are there tools that can help identify ghost resources (in multi-cloud environments)?
- How can we automate the detection of ghost resources (in a multi-cloud environment)?


Notes:
The project can be extended to a long project if the students want extend the research with building a prototype for detecting ghost resources
Maurice Mouw <Maurice.Mouw=>os3.nl>
unavailable  medium
20 - Short
GPU malware

Antivirus is monitoring memory continuously for malicious activity. One possible way to circumvent this, is by utilizing the memory allocated to the GPU. Using the GPU to perform either computationally intensive operations or to hide malware when no actions are required or even executing the malicious code from the GPU. Students are required to have at least some experience with coding in C and OpenCL or CUDA. The latter two programming languages are used in General Purpose Graphics Processing Units programming. The goal of the research would be to expand further upon existing research, as there is some information available, although limited. [1][2] Research questions can be defined at a later stage, an example would be: “What are the limitations of running malware entirely on the GPU?”

[1]: https://www3.cs.stonybrook.edu/~mikepo/papers/gpumalware.malware10.pdf
[2]: https://github.com/nwork/jellyfish
Robert Diepeveen <robert.diepeveen=>northwave.nl> and Thomas Ouddeken <thomas.ouddeken=>northwave.nl>
unavailable  medium
21 - Long
Software-defined networking (SDN) and Blockchain in a decentralized environment

During the past years, SDN and Blockchain technologies have demonstrated a great potential to enhance each other [1]. SDN can improve the network availability and performance of the P2P network in the Blockchain, and the Blockchain can also improve the trustworthiness of the SDN controllers. In our recent work, Blockchain has been used in the scientific computing community to share large digital objects and in the trustworthiness of a decentralized service market. Improving the performance of the blockchain P2P network using SDN becomes an urgent topic when such Blockchain is deployed in a large, distributed infrastructure across data centers. In this project, we will investigate a) how SDN can improve the efficiency of decentralized digital object sharing in a Cloud virtual research environment [2], and/or b) how Blockchain improves the trustworthiness of SDN controllers from multiple providers in a service marketplace [3].

The student will first make a literature study on the relevant topic and deliver a technical solution to the VRE framework.

Reference:

[1] Majd Latah and Kubra Kalkan. 2022. When SDN and blockchain shake hands. Commun. ACM 65, 9 (September 2022), 68–78. https://doi.org/10.1145/3500920
[2] Zhao, Z., Koulouzis, S., Bianchi, R., Farshidi, S., Shi, Z., Xin, R., Wang, Y., Li, N., Shi, Y., Timmermans, J., Kissling, W.D.: Notebook-as-a-VRE (NaaVRE): From private notebooks to a collaborative cloud virtual research environment. Softw Pract Exp. spe.3098 (2022). https://doi.org/10.1002/spe.3098.
[3] Shi, Z., Ivankovic, V., Farshidi, S., Surbiryala, J., Zhou, H., Zhao, Z.: AWESOME: an auction and witness enhanced SLA model for decentralized cloud marketplaces. J Cloud Comp. 11, 27 (2022). https://doi.org/10.1186/s13677-022-00292-8

Notes:
Project for one or two students
Zhiming Zhao <z.zhao=>uva.nl> available  low
22 - Long
Assess the robustness of a P2P network using graph-based models


In peer-to-peer network (P2P) overlays, there are many problems that a malfunctioning peer can cause that can affect the performance, reliability, and availability of the entire network. While a P2P is generally meant to be set up with participants of equal importance, this is often not the case. More often than not there is an unequal distribution of responsibilities within a P2P network, for instance often a situation that a small percentage of peers answer the majority of queries occurs [1]. Furthermore, certain peers can also be favoured more over others in terms of routing, making some peers more important for the routing of the packages. This is for instance the case when a peer is the fastest gateway between two networks. When a peer in a P2P network malfunctions, it can have a massive impact on the total operability of the network, especially if the peer falls into the category described above. Clear problems that arise are the possibility of long reconfiguration times or partitions when these peers fall away. What is more, the rest of the network might suddenly need to distribute a large quantity of work. Besides, if one of these nodes becomes a bad actor, then it can inject malicious code into a lot of data.

In a perfect world, a P2P network would be perfectly flat, so where every peer has the approximately same responsibilities and importance, yet, that is already not always possible. In blockchain applications, the robustness of the underlying P2P network is crucial for synchronizing ledgers across nodes. If the network got partitioned, or more nodes became malicious (namely Byzantine nodes), nodes may take much longer than expected to achieve consensus on the states of ledgers. It is thus important to identify the potential risks of the P2P network and assess its robustness. So, it is important to be able to locate those peers that are of importance to the reliability, performance, and availability of the net work as a whole. With this information, we can then configure the network to have back-up routes or peers to not allow too much dependence on a small set of peers. It also offers insight into where new peers should be added when they want to join the network.

Currently, there is a lot of research on P2P networks, but not much on peer-based metrics. In this research project, we tackle the problem of creating a metric to be able to assess the ‘importance’ of a peer in a structured P2P network, where we have complete information on the topology of the underlying IP network and the P2P overlay network, the expected traffic over the network and the link capacities. This will be restricted to the most commonly used types of structured P2P networks, but we aim to lay the basis for generalising the metric to assess peer importance in any other given topology. As one of the main difficulties in detecting risks in P2P networks is that they are decentralised, it can also be interesting to look into how
accurate the metric is the information of just one peer or a group of peers working together.

References
[1] Dennis Trautwein et al. “Design and evaluation of IPFS: a storage layer for the decentralized web”. In: Proceedings of the ACM SIGCOMM 2022 Conference. 2022, pp. 739–752.
Zhiming Zhao <z.zhao=>uva.nl> unavailable  low
23 - Short
Unlocked popular password managers

Nowadays the use of password managers is ubiquitous and often encouraged by security providers. Password managers store the passwords (and other secrets such as MFA seeds or credit card information) of users in a secure, but reversible way. We know that an unlocked KeePass database [1] poses a threat for the user because it allows the key material to be extracted from memory. This raises the same question for other popular password managers (for instance LastPass, 1Password or Bitwarden) as well. How do they manage secrets in memory? Is it possible to extract the key material from memory for an unlocked database? What about browser extensions?

The student should be familiar with a bit of reverse engineering (language depends on the chosen password manager) as well as programming. The main goal of this research is to uncover what risks there are in leaving password managers unlocked, a cool extra effort would be a tool that extracts the right material from (browser) memory.

[1]: https://github.com/GhostPack/KeeThief
Robert Diepeveen <robert.diepeveen=>northwave.nl> and Bart Roos <bart.roos=>northwave.nl> unavailable  medium
24 - Short
Malware leveraging the TEE

Modern devices often include a Trusted Execution Environment (TEE) for handling security sensitive tasks and storing security sensitive assets. Malware, already in control of the Rich Execution Environment (REE), for example Linux, may also compromise the TEE.

You will be studying the current research on Malware leveraging the TEE of a device. The output of this project will be a Proof-of-Concept (PoC) on a real device with a Qualcomm TEE with known vulnerabilities (https://raelize.com/blog/qualcomm-ipq40xx-achieving-qsee-code-execution/). We will provide all the required tooling and targets for this project. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> unavailable  medium
25 - Short
Reproduce ESP32 glitch attacks using affordable tooling

We demonstrated multiple attacks on Espressif's ESP32 chip with lab-grade Fault Injection tooling (https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/).

You will be asked to perform a feasibility study to determine if it's possible to reproduce these attacks using affordable Fault Injection tooling. We will provide all the required tooling and targets for this project. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> available  low
26 - Short
Improve library identification

Binary firmware typically include many libraries. Determining the version of these libraries is not always trivial.

You will be studying the state-of-art of library identification tooling (e.g. https://github.com/Riscure/Library-Identification) in order to improve it. The output of this project should be a standalone tool or disassembler plugin for e.g. Ghidra (https://ghidra-sre.org/). You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> unavailable  low
27 - Short
Threat Modeling OpenBMC

Modern servers are often equipped with a Baseboard Management Controller (BMC) that is used for remote monitoring and management of the host system. An interesting development is the availability of OpenBMC, an open source initiative to create an open source BMC firmware.

You will be studying the functionality of OpenBMC in order to define its attack surface. You will be using the QEMU reference platform and/or an actual device running the OpenBMC firmware. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> available  medium
28 - Short
Would a flow based IDS using a neural network in kernel space improve performances over typical IDS?

Simplified versions of flow based IDS have been implemented in kernel space using eBPF and decision trees. This has shown a 20% improvement over similar tasks achieved in user space. However, this is achieved for a simplified IDS algorithms. As the complexity of the algorithm increases, using the specific data types of eBPF creates more overhead and complexity.

Goal:
- Will the performance advantage persist when using more complex algorithms and for example deep Neural Networks in the case of a kernel-based IDS ?

https://arxiv.org/pdf/2102.09980.pdf
Nathan Keyaerts <nathan.keyaerts=>sue.nl> and Serge van Namen <serge.van.namen=>sue.nl>
available  low
29 - Short
eBPF forensic tools

eBPF is a relatively recent technology that opens a new avenue of attacks and misusages of services. To counteract this, forensic tools are being developed to detect attacks and perform forensic investigations afterwards using Volatility.

Goal:
- Are these tools exhaustive, or are there still attacks that these tools cannot detect ? 
- Is it then possible to detect these attack ?

https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Fixing-A-Memory-Forensics-Blind-Spot-Linux-Kernel-Tracing-wp.pdf
Nathan Keyaerts <nathan.keyaerts=>sue.nl> and Serge van Namen <serge.van.namen=>sue.nl> unavailable  low
30 - Short
Quantum secure connection to your institution

eduVPN is open source VPN software that is offered by SURF as a service to organizations. Organizations using eduVPN mainly consist of universities and research institutions[1]. Using eduVPN, students and employees can access the organization's network without having to be physically present at the organization. eduVPN also offers a secure VPN connection which can be used to access the internet. Using this VPN connection will prevent people that are listening in on the network from seeing which websites one visits.

The cryptography used by eduVPN is not quantum resistant. When a quantum computer is built that is powerful enough to run Shor's algorithm, VPN traffic could be decrypted and the privacy of users violated.

The goal of the project is to research how to prevent VPN traffic that is stored now from being decrypted later when a quantum computer becomes available, and to build a Proof of Concept demonstrating a quantum-resistant eduVPN. We assume that there is currently no quantum computer that can break classical cryptography. Thus, an active Man in The Middle attack with a quantum computer is out of scope.

The proof of concept will focus on the connection between a user using the Android eduVPN application and the server while using WireGuard.

Because of limited time for the project, some tasks are out of scope:

* eduVPN clients exist for Android, iOS, Windows, macOS and Linux. We will only consider the Android client and leave the other clients out of scope.
* eduVPN support two VPN technologies: OpenVPN and WireGuard. For now, we will only consider WireGuard because OpenVPN support is planned to be removed in the future.
* eduVPN supports high availability deployments. These deployments use multiple servers that connect with each other. The communication between these servers are left out of scope. We will only consider a setup with one server.
* No new post-quantum cryptography will be designed and implemented. Existing post-quantum cryptography will be considered and used.

In case there is time left, the scope can be extended with one of the points above. For example, we could also look at OpenVPN or make sure the VPN connection is protected against an active MITM with a quantum computer.

At the end of the project, the following products will be delivered:

* The code of the modified server and modified Android app that can setup a VPN connection using WireGuard that protects against decryption by quantum computers.
* An explanation of the design and the design decisions.

[1]: See [status.eduvpn.org] (https://status.eduvpn.org/) for a list of organizations using eduVPN.
Rogier Spoor
<rogier.spoor=>surf.nl>
unavailable  low
31 - short
Placement of 'Security.txt' (RFC 9116) on network devices, by Digital Trust Centre (DTC)

The DTC has recently held a campagne to promote the usage of the new 'Security.txt' standard among its audience (small- and mid-sized enterprises (SMEs)) with great success. As a follow-up research the DTC would like to investigate the possibilities of placing 'Security.txt' on (minimal) internet-facing network devices, such as firewalls.

Questions that emerge during this research are:
- Is it possible to implement this on the devices of the three main brands used by SME companies; for this an analysis of the devices used by the SMEs need to be made that gives insight in which brands are most frequently used by these SMEs. These top three items will be the scope for this research
- (if not,) what are the limiting technical factors?
- (if not,) what technical changes should be made to enable the placement of 'Security.txt' on these devices?
- How can the DTC (government) use its position to force this change among these devices, using both their ability to create new (government) policy, and their communications towards the SMEs, to have these companies also actively demand this from the vendors.
Liesbeth Kruizinga <u.kruizinga2=>minezk.nl> and Erwin Hasenpflug unavailable
low
32 - short


Security of IaC

The adoption of IaC can help significantly reduce the administrative overhead for IT departments. Managing multiple environments in a multi-cloud setup, however, introduces complexity. Without properly securing and/or pipelining the creation of resources within your cloud environments, it is likely that changes will be made outside of the scope of the defined code. This can lead to (significant) security risks, additional costs, and depending on the tooling used breakage of existing IaC code or applications.

- How can we (effectively) detect configuration drift?

- What methods, tools, and/or frameworks are there for detecting and managing configuration drift?

- What are the caveats for drift detection?

- Can I detect drift outside of the stored state?

- Consider destroying vs detecting and remediating.
  - Note this is limited, e.g. if an object is changed that has dependencies to other objects this is not possible
  - e.g. think of a VPC that has subnets that contain VMs that cannot be destroyed.

Maurice Mouw <Maurice.Mouw=>os3.nl> unavailable
low
33 - short
Deanonymization of the Tox peer-to-peer communication protocol

During almost all ransomware incidents, the attackers wish to communicate with the victims, for example to negotiate prices. Often this communication happens trough a web portal in the Tor network, but sometimes attackers want to communicate through the Tox protocol [1]. Tox is a peer-to-peer (P2P), end-to-end encrypted chat protocol that tries to preserve the privacy of its users. Although the TokTok project states that its goals are to try to preserve privacy of its users, it also states the non-goal to preserve anonymity. Which is logical, considering it is a peer-to-peer protocol it should be possible to determine the IP address (and potentially other characteristics) of the partner engaged in communication. Tox is per design when connected to a peer not anonymous [2]. Connecting to a peer is done through a Distributed Hash Table (DHT), the table is distributed over a decentralized network of hosts named bootstrap nodes. The use of a DHT provides the Tox users the ability to find each other and connect in a more
private way.

Privacy and anonymity have different meanings and objectives as described above, within this study we clarify these as terms follows: Privacy is a state in which two peers are communicating and the communication is confidential, confidential being a state where the communication is kept secret and private. Privacy is provided by the Tox protocol [2]. In the context of this study we define the term anonymity in the context of two peers that have a friend relationship (found each other in the DHT) and can engage in communication over the Tox protocol. Even though the peers are connected, anonymity in Tox is present given in the sense that the peers do not know who is on the other side of the connection apart from the information required to establish the session (the Tox ID).

The goal of this study is to attempt to deanonymize the remote partner in a two-party communication using the Tox protocol. The scope of this study includes researching the associated privacy and anonymity components in Tox and an attempt to deanonymize Tox peer-to-peer participants in the identified scenarios of use. If the study indicates any feasible strategy to deanonymize Tox peer-to-peer participants the functional and technical requirements as well as the effectiveness will be considered in order to view a strategy as practically usable.

References:

 [1] https://tox.chat/about.html
 [2] https://toktok.ltd/spec#goals


Robert Diepeveen <robert.diepeveen=>northwave.nl>
unavailable
high
34 - short
Detection and propagation of invalid BGP routes in an environment where Route origin validation (ROV) is (partially) used.

ROV is a mechanism that detects when an AS starts to announces a prefix that it does not own itself. Neighboring BGP speakers can choose to not accept this prefix. Not all BGP speakers on the internet have ROV configured and/or enabled to drop invalid prefixes. Some BGP speakers only have ROV enabled to detect invalid routes, but choose to not drop invalid routes to ensure their networks keep working.

Because of the nature of the internet, it can happen that traffic that traverses through a BGP speaker that has ROV enabled and drops invalid routes still ends up at an invalid destination because somewhere along the path to the destination, a router chose to install an invalid route. This research aims to discover a way on how such routers can be discovered.

Goals of this research are:
- Detection of routers that installed invalid routes
- Understanding how these invalid routes propagate throughout the internet
- Measuring the influence of the placement of non-ROV enabled routers on a path
Willem Toorop <willem=>nlnetlabs.nl> and Koen van Hove <koen=>nlnetlabs.nl>



unavailable
low
35 - short
Investigation of FlexAlgo for User-driven Path Control

Flexible Algorithm (FlexAlgo) is an IGP extension that allows to create logical views or slices inside a single IGP domain. FlexAlgo describes a set of constraints on the topology that are to be used to compute the best paths.

We are interested in investigating capabilities and limitations of FlexAlgo and answer the following research questions:

- How can FlexAlgo be implemented in a single SRv6 domain?

- In particular, how can we assess the potential to create low delay paths and steer traffic via low utilization parts of the network?

These features are very important in order to achieve User-driven path control.


References:
1. https://www.ietf.org/archive/id/draft-ietf-lsr-flex-algo-26.txt
2. Hesselman, Cristian, et al. "A responsible internet to increase trust in the digital world." Journal of Network and Systems Management 28.4 (2020): 882-922.
Leonardo Boldrini <l.boldrini=>uva.nl> and Paola Grosso <P.Grosso=>uva.nl>
unavailable
low
36 - short
Development of a control framework to guaranty the security of a collaborative open-source project.

We're now living in an information society, and everyone is expecting to be able to find everything on the Web. IT developers make no exception and spend a large part of their working hours searching for and reusing part of codes found on Public Repositories (e.g. GitHub, Gitlab ) or web forums (e.g. StackOverflow).

The use of open-source software has long been seen as a secure alternative as the code is available for review to everyone, and as a result, bugs and vulnerability should more easily be found and fixed. Multiple incidents related to the use of Open-source software (NPM, Gentoo, Homebrew) have shown that the greater security of open-source components turned out to be theoretical.

This research aims to highlight the root causes of major recent incidents related to open-source collaborative projects, as well as to propose a global open-source security framework that could address those issues.

References:

https://searchsecurity.techtarget.com/news/252453398/Compromised-NPM-package-highlights-open-source-trouble
https://nakedsecurity.sophos.com/2018/06/29/linux-distro-hacked-on-github-all-code-considered-compromised/
https://portswigger.net/daily-swig/homebrew-bug-allowed-researcher-full-access-to-github-repos

Huub van Wieren <vanWieren.Huub=>kpmg.nl>
unavailable
low
37 - short
TCP-Prague evaluation

Low Latency Low Loss Scalable Throughput (L4S) [1] is a technology intended to reduce queue delay problems, ensuring low latency to Internet Protocol flows with a high throughput performance. The Linux TCP-Prague [2] is the reference implementation for the upcoming L4S Internet service. Other congestion controls that support L4S, such as Nokia’s RT-Prague, Google’s BBRv2, Ericsson’s SCReAM or Apple’s Prague implementation for QUIC and TCP are already available or will be released soon. The task of this project is to compare the performance of TCP-Prague against (some of) these congestion control implementations on at least one of the following criteria: (i) for steady state: fairness, RTT (in)dependence and convergence speed, and for dynamic behavior: fairness, responsiveness, and stability. Further fine-tuning of selected implementation will be performed to line-up the behavior of the congestion controls.

[1] B. Briscoe et al. Low Latency, Low Loss, Scalable Throughput (L4S) Internet Service: Architecture. Internet-Draft draft-ietf-tsvwg-l4s-arch-09. Work in Progress. Internet Engineering Task Force, March 2022.
Chrysa Papagianni <c.papagianni=>uva.nl> unavailable
low
38 - short
Implementing Post-Quantum Cryptography in an open-source Certificate Authority

In this project, we will implement Post-Quantum Cryptography (PQC) in an open-source Certificate Authority (CA). The National Institute of Standards and Technology (NIST) in the United States has selected three final algorithms for the next generation of public-key encryption and digital signatures. Source code for these algorithms is readily available and implementing this in a certificate authority allows users to experiment with these algorithms in real-world applications.
Apostolos Fournaris <fournaris=>isi.gr> and Francesco Regazzoni <f.regazzoni=>uva.nl>
unavailable low
39 - short
Wi-Fi 7 (IEEE 802.11be): 4K QAM, MLO and OFDMA improvements

The next generation of Wi-Fi is the IEEE 802.11be standard, which is expected to have its final version by early 2024. The new standard, also called Wi-Fi 7, aims to bring improvements to achieve even higher throughput and lower latency than Wi-Fi 6/6E, such as the increase in the maximum modulation order to 4096-QAM (Quadrature Amplitude Modulation), MLO (Multi-Link Operation) and Enhanced OFDMA through preamble puncturing. In 2023 some pre-Wi-Fi 7 devices are already in the market. This project aims to evaluate the overall performance of some pre-Wi-Fi 7 access points supporting multiple radios using MLO and 4096-QAM. It will also contribute to create a framework for physical layer testing of IEEE 802.11be. The aim of the research project is to address the following questions:

1. Can we estimate and/or measure the necessary conditions to achieve 4k-QAM modulation (SNR, RSSI) and at what distance between the AP and client is 4k-QAM not achievable anymore?

2. How will MLO improve throughput and latency using different combinations (6+6 GHz, 6+5 GHz etc)?

3. Will preamble puncturing be able to sustain higher rates even when some RUs are affected by interference?For example, when a 160 MHz is impacted by interference on one of its 20 MHz channels, will it puncture those RUs only?

The research activities can be performed in the RF shielded room in Schiphol-Rijk. We have pre-Wi-Fi 7 access points, 10 GE clients, MATLAB licenses and a R&S Spectrum Analyzer capable to support 160 MHz
Vegt, Arjan van der <avdvegt=>libertyglobal.com>
unavailable low
40 - short
Advantages of having Sysmon enabled for incident response and forensics

Windows Event logs, enabled by default, may be the most important source of security data on Windows host for incident response. It has its limitations, such as missing events, events not containing important information, or the way it filters these events. This is where Sysmon comes in. Considered an add-on to Windows Event logs, it ensures more detailed information on process creation, network connections, and registry tampering, among others.

 

KPN is interested in the actual advantage of having Sysmon, and which events present themselves, during incident response and forensic investigations. Sysmon can result in death by data, because of the sheer amount being generated while using a non-tuned Sysmon configuration (an example of a tuned configuration is SwiftOnSecurity's sysmon-config). Besides this, detection rules (sigma) in SIEMs can be tailor-made to Sysmon events. Yamato Security states "you can only use around 10-20% of sigma detection rules with the default Windows audit settings.", while also stating Sysmon can add an additional 24% coverage.

 

Goals

*Literature study on how Sysmon complements Windows Event logs

*Hands-on reviewing Sysmon versus Windows Event Logs during forensic use cases

*If time allows, an advisory on a KPN sysmon-config
Anand Groenewegen <anand.groenewegen=>kpn.com>
unavailable medium
41 - short
Building an evil phone charging station.

In April 2023, multiple news articles got published stating, quote, "the FBI warns consumers not to use public phone charging stations". This lead to quite some interesting discussion online. With experts divided on the risks involved.
We would like to investigate the actual risks to modern phones in 2023. Some time can be spent on HID (mouse/keyboard) emulation and the impact of USB-Ethernet adapters and such with regards to phone security. However, the focus of this research proposal revolves around the feature that some smartphones have to mirror their display over HDMI.
Goals:
* perform research on what kind of peripherals are supported on android and ios devices.
* build a setup that charges phones while mirroring the phone screen over HDMI (as discreetly as possible), making video captures in the process.
* Build an image recognition system that extracts the phone PIN and other passwords being entered along with as much other OSINT data as possible.
https://o.mg.lol/
https://www.researchgate.net/profile/Weizhi-Meng/publication/274641298_Charging_Me_and_I_Know_Your_Secrets_Towards_Juice_Filming_Attacks_on_Smartphones/links/55ceb27c08ae6a881384a0eb/Charging-Me-and-I-Know-Your-Secrets-Towards-Juice-Filming-Attacks-on-Smartphones.pdf?origin=publication_detail
Stef Vandop <stef.vandop=>kpn.com> and William Horne <william.horner=>kpn.com>
available medium
42 - short
Detecting DDoS attacks and reducing attack sizes incoming by applying effective traffic management using XDP, eBPF, iptables

In the complex world of cloud-native environments, organizations are increasingly facing threats from DDoS attacks, which can significantly impact their services and resources. Ensuring the resilience and stability of cloud-based infrastructure in the face of these attacks is critical. This research project aims to investigate the development of a cloud-oriented, open-source DDoS mitigation tool using XDP, eBPF, or iptables that can effectively detect and manage attack traffic in cloud-based infrastructure. The focus of the research will be on understanding the potential of technologies such as XDP, eBPF, and iptables in creating a solution capable of efficiently detecting TCP/UDP-based attacks and applying rate limiting or traffic shaping to mitigate their impact. The project will also explore strategies for accurately detecting incoming attacks while minimizing false positives and negatives, and ensuring compatibility with common
cloud technologies like VirtIO drivers.

By examining these aspects, the research can be a stepping stone for a new open-source project: development of a robust, cloud-focused DDoS mitigation tool that can be seamlessly integrated with various cloud environments, ensuring the protection and resilience of cloud-based infrastructure against DDoS attacks.

How can technologies such as XDP, eBPF, or iptables be utilized to create a cloud-oriented, open-source DDoS mitigation tool that efficiently detects TCP/UDP-based attacks and applies rate limiting or traffic shaping to mitigate their impact?

What strategies can be employed to accurately detect incoming attacks in cloud environments, while minimizing false positives and negatives?

How can this DDoS impact prevention tool be designed to be compatible with VirtIO drivers, commonly used in cloud providers, when and if employing XDP and/or eBPF technologies?

What challenges and limitations must be addressed when designing and implementing such a cloud-focused tool, and how can its performance be optimized
for various network environments and attack scenarios?
Diederik De Zee <diederik.de.zee=>sue.nl>
available low
43 - short
Impact of latency on stateful databases replication

Geographical separation between availability zones introduces latency, which can significantly impact the performance and consistency of stateful database replication, such as (My/MariaDB/Galera, Percona, Postgre, TiDB)SQL Server replication. This research project aims to explore the effects of latency on stateful database replication across availability zones and identify ways that can be used to mitigate the impact of latency whilst also maintaining high availability standards, ensuring data consistency and optimal performance.

How does geographical separation and the resulting latency affect SQL Server replication performance and consistency in a multi-availability zone (geographical separated datacenters) deployment?
How can we mitigate the impact of latency on stateful database replication and ensure data consistency across availability zones?
Diederik De Zee <diederik.de.zee=>sue.nl> available low
44 - short
Satellite constellation modelling for cyber security

Satellite constellations are becoming increasingly important since they can carry out missions that are not possible for single entities. The majority of the time, the entities communicate among themselves autonomously, due to lack of ground control stations in a specific area. Also, information can be sent through another member of the constellation to an available ground control station. This approach poses large cyber security risks which are not fully understood. Envision a scenario in which one satellite is compromised and starts to send out falsified data. How can the rest of the constellation know whether the entity is compromised? What actions need to be undertaken by the satellite constellation to not also compromise the mission goal?

For this assignment, agent-based modelling/simulation of satellite constellations is assessed in order to gain insight in satellite constellation operations affected by cyber events.

- Risk analysis of satellite constellations
- Insights into how to model cybersecurity in satellite constellations using agent-based modelling and similar approaches
- (optional) Development of a simulation environment which can be used to develop constellation infection detection algoritms 

Loeve, Wouter <Wouter.Loeve@nlr.nl> and Lie, Sonny <Sonny.Lie=>nlr.nl> available low
45 - short
Secureboot for satellites

The number of small satellites in space have increased drastically over the past few years. Small satellites can range from 50-200 kilograms, but even smaller, so called nanosatellites, with a mass of 1 to 10 kilograms have made their way into the space industry. CubeSats are a special type of nanosatellites and follow a standardized dimensions of 10 cm x 10 cm x 10 cm (1U). Typical sizes range from 1U to 12U.
Many of these nanosatellites are used in LEO missions. Commercial of the shelf (COTS) products such as processors and memory have become more popular in these nanosatellites, as it reduces cost and development time of the satellite.
This could lead to security vulnerabilities which are also present in (conventional) computer systems.

With cyber threats becoming more relevant in the space domain, more research is needed into how to secure the firmware of these devices. With recent advances and implementation of (hardware) root-of-trust methods like secureboot, the question arises whether this is development also should carry over to the satellite domain. Wolfboot is an open source secure bootloader which provides secure boot functionality. We would like to find out the benefits and vulnerabilities of this mechanism and how to make its implementation resistant to future developments in (post-quantum) cryptography.

The objective of the assignment is analyse firmware security on small satellites and develop a strategy on how to implement existing secureboot implementation in the space-domain. We consider the following results from this research project:
- Risk assessment of firmware security of small satellites
- Strategy or isnights into implementation of secure boot functionality on satellites
- (optional) Testbed with wolfboot

references:
- https://github.com/wolfSSL/wolfBoot
 
Loeve, Wouter <Wouter.Loeve@nlr.nl> and Lie, Sonny <Sonny.Lie=>nlr.nl>
available low
46 - short
Payload isolation in satellites


The number of small satellites in space have increased drastically over the past few years. Small satellites can range from 50-200 kilograms, but even smaller, so called nanosatellites, with a mass of 1 to 10 kilograms have made their way into the space industry. CubeSats are a special type of nanosatellites and follow a standardized dimensions of 10 cm x 10 cm x 10 cm (1U). Typical sizes range from 1U to 12U.
Many of these nanosatellites are used in Low Earth Orbit (LEO) missions. Commercial of the shelf (COTS) products such as processors and memory have become more popular in these nanosatellites, as it reduces cost and development time of the satellite.
This could lead to security vulnerabilities which are also present in (conventional) computer systems.

Payload isolation is a critical aspect of satellite design and operation that aims to prevent interference between different payloads and ensure their reliable and secure operation. With the introduction of satellites-as-a-service architectures, in which a single satelite may host multiple payloads, payload isolation is becoming increasingly important. ESA's OPS-sat is a research satellite project which also can be emulated. It has already been shown that it is possible to hack the payload and put malicious files on the satellites' on-board computer. In this project, we would like to investigate payload isolation techniques on the OPS-sat platform and prevent the previously mentioned attacks.


references:
https://nanosat-mo-framework.github.io/

Loeve, Wouter <Wouter.Loeve@nlr.nl> and Lie, Sonny <Sonny.Lie=>nlr.nl> unavailable low
47 - short
Efficacy of cloud-native sandboxing technologies in containing security threats

With the increasing reliance on cloud-native technologies, the efficacy of sandboxing solutions like gVisor, Kata Containers, and Nabla Containers in containing security threats and isolating resources has become critical. This research topic will explore the effectiveness of these cloud-native sandboxing technologies and analyze the trade-offs between performance, reliability, and security when using different sandboxing solutions in cloud-native environments.
Questions:
How effective are cloud-native sandboxing technologies such as gVisor, Kata Containers, and Nabla Containers in containing security threats and isolating
resources?
What are the performance, reliability and security trade-offs when using different sandboxing technologies in a cloud-native environment?
Nathan Keyaerts <nathan.keyaerts=>sue.nl> available low
48 - short
Enhancing OS performance through Machine Learning-based resource allocation and task scheduling

Operating systems play a critical role in managing computer resources and facilitating the execution of tasks. Effective resource allocation and task scheduling are key factors in achieving optimal system performance. Traditional methods of resource allocation and task scheduling often rely on fixed algorithms, which may not adapt well to varying workloads and system requirements. Machine learning algorithms have the potential to improve these aspects by learning from system usage patterns and adapting their behaviour accordingly, potentially leading to enhanced system performance.

This project aims to investigate the integration of machine learning algorithms into operating systems for improved resource allocation and task scheduling. The focus will be on exploring various machine learning models, such as reinforcement learning, to determine their suitability for this application. The project will also evaluate the effectiveness of these algorithms in improving system performance under different workloads and system configurations.
Bart van Dongen <bart.van.dongen=>sue.nl> available low
49 - short
Streamlining Kubernetes operators development and implementation for a simplified deployment/management of stateful applications and distributed systems

Kubernetes has become the de facto standard for container orchestration, providing a powerful platform for managing containerized applications. However, deploying, managing, and maintaining stateful applications and complex distributed systems within Kubernetes clusters can be challenging. Kubernetes Operators offer a solution to this problem by extending the Kubernetes API and automating operational tasks.

The goal of this project is to look into techniques for expediting the development and deployment of Kubernetes Operators in order to make the process of deploying, administering, and maintaining stateful applications and complex distributed systems within Kubernetes clusters easier. The emphasis will be on identifying best practises, tools, and frameworks that can aid in the creation and deployment of Operators, as well as on exploring novel approaches to automating operational chores and controlling application lifecycle.
Bart van Dongen <bart.van.dongen=>sue.nl> available low
50 - short
Leveraging advances in containerization and virtualization technologies for efficient and secure operating systems

Technologies like virtualization and containerization have revolutionized how software is created, delivered, and managed. These technologies make it possible to separate and encapsulate applications from the underlying infrastructure, increasing productivity, scalability, and security. Exploring how improvements in containerization and virtualization might aid in the creation of thin and secure operating systems is becoming more and more popular as the need for such systems grows.

The goal of this project is to look into how advancements in containerization and virtualization technologies affect the design and development of more efficient, lightweight, and secure operating systems. The emphasis will be on identifying major advantages of virtualisation techniques in these areas and assessing their potential for improving OS performance, resource utilisation, and security features. Furthermore, the project will investigate novel approaches to incorporating containerization and virtualization technologies into operating system design.
Bart van Dongen <bart.van.dongen=>sue.nl> available low
51 - short
Evading techniques for eBPF malware

eBPF has the potential to rewrite network packets, as well as attach to kernel space (kprobe) and userspace (uprobe) functions, and write to (writeable) userspace memory. Given these powers, eBPF may in theory be used to make certain files appear non-existent, or make network packets disappear. It can also detect attempts to perform certain actions and log them.

Therefore, it is able to hook on the very specific calls that are used to detect the presence of the eBPF code and change the returned information to hide its presence. This means that the malware can easily evade detection.
Which techniques can be effectively used to achieve this invisibility in diverse scenarios ?
And how can we circumvent these techniques to still be able to detect its presence ?
 Greg Charitonos <greg.charitonos=>sue.nl> available high
52 - short
Post-Mortem detection of eBPF attacks

Previous RP1 research (#29 - eBPF forensic tools) has shown that it is possible to detect the presence of eBPF code as it runs in the kernel. However, the limitation is that the code has to still be present to be detectable. Would it be possible to expand this detection period and achieve a detection in a post-mortem situation, through artefacts left on the system ?
Greg Charitonos <greg.charitonos=>sue.nl> available low
53 - short
eBPF Matrix

eBPF has the potential to rewrite network packets, as well as attach to kernel space (kprobe) and userspace (uprobe) functions, and write to (writeable) userspace memory. Given these powers, eBPF may in theory be used to sandbox a userspace application. E.g. by modifying syscalls to make certain files appear non-existent, or network packets to simulate responses. It can also detect attempts to perform certain actions and log them. This can be useful for defence scenarios (sandboxing), incident response, and reverse engineering (malware analysis). Investigate the use of eBPF for creating a "Matrix" environment that could thwart malicious executables. Compare that against existing defence and reverse engineering techniques. Does eBPF provide a solid benefit in any of these scenarios? How does it compare to other hooking techniques (ptrace, Frida, etc)?
Starting point:
https://docs.google.com/presentation/d/139RpLb6pUIufp7t8_h7YaA_bLp9k_UJNSRK6XoWTz18/edit#slide=id.p
Greg Charitonos <greg.charitonos=>sue.nl> available low
54 - short
Securing serverless applications in a multi-cloud environment

As serverless architectures gain traction in cloud-native environments, ensuring the security of serverless applications has become crucial. The research project aims to investigate the unique security challenges posed by serverless applications in multi-cloud environments and explore strategies and best practices for securing these applications.

Questions:
What are the unique security challenges associated with serverless applications in a multi-cloud environment, and how can organizations address them?
How can technologies, such as Secure Serverless Framework, be used to secure serverless applications in a multi-cloud environment?
What strategies can be employed to ensure the security of serverless applications in a multi-cloud environment?
How can organizations continuously monitor and assess the security posture of their serverless applications in a multi-cloud environment, and what are the
challenges in adopting these practices?
What is a proper framework or testing mechanism for security scanning and/or pen testing serverless deployments?
Diederik De Zee <diederik.de.zee=>sue.nl> available low
55 - short
Collaborative Edge-Cloud Computing for Efficient Resource Utilization

Edge computing reduces latency and increases data privacy by bringing computation closer to the data source. In contrast to cloud servers, edge devices frequently have constrained resource availability. The effectiveness and performance of applications can be greatly enhanced by balancing the resource use between edge and cloud computing. Achieving this balance depends on knowing how edge and cloud computing resources may work together to serve varied application requirements. The goal of this project is to investigate a cooperative edge-cloud computing system that meets application requirements while effectively utilizing resources. The proposed architecture would use Kubernetes to offload workloads between edge and cloud environments while taking into account variables like computing requirements, existing edge workloads, and other pertinent criteria. To reduce latency, reduce energy use, and ensure application performance, the main goal is to balance edge and cloud computing optimally.
Nathan Keyaerts <nathan.keyaerts=>sue.nl> available low
56 - short
Leveraging eBPF for Building Advanced and Effective Honeypots

Honeypots have long been a crucial tool in cybersecurity research and defense, providing insightful data regarding the actions and strategies of attackers. However, conventional honeypots may lose their ability to trick attackers as those become more skilled. A feature of the Linux kernel called eBPF enables flexible and effective packet filtering as well as improved kernel-level observability. The goal is to investigate how eBPF might be used to create sophisticated honeypots that are better at attracting and capturing attackers. This research is inspired by the finding of a previous OS3 research project. (#14 - eBPF based Malware)
Greg Charitonos <greg.charitonos=>sue.nl> available medium
57 - short
Identify and prevent lateral movement Kubernetes environments running in the public cloud

After acquiring initial access, cyberattackers can travel laterally to explore a network in search of useful information or to try to infiltrate further systems. Due to their complexity and dynamic nature, Kubernetes environments, particularly those running in public clouds, are vulnerable to such attacks. To reduce the effect of cyber threats, such as ransomware attacks, and safeguard sensitive data and systems, it is essential to recognize and stop lateral movement. In the public cloud-based Kubernetes environments, this project will attempt to create a method for detecting and inhibiting lateral movement through network segmentation, access control rules, and real-time alerting systems.
Nathan Keyaerts <nathan.keyaerts=>sue.nl> available low
58 - short
Proactive incident detection in Kubernetes clusters

Due to its scalability, flexibility, and robustness, Kubernetes has emerged as a popular platform for orchestrating containerized applications. However, it can be difficult to identify and diagnose issues before they lead to performance degradation or system failures. This is due to the complexity of Kubernetes environments and the dynamic nature of containerized applications. In these contexts, traditional monitoring systems would not be able to foresee or detect problems in real time.

This study aims to investigate proactive problem detection techniques in Kubernetes clusters, with a particular emphasis on approaches that can spot possible problems before they develop into serious failures or performance bottlenecks. The project intends to develop solutions that improve the resilience and dependability of Kubernetes-based systems, assuring smooth and effective operation, by examining cutting-edge monitoring, analytics, and machine learning technologies.
Nathan Keyaerts <nathan.keyaerts=>sue.nl> available low
59 - short
Research into operational AI/ML models for the SURF network

SURF is investigating the possibility of leveraging AI and ML algorithms in the operations of its network. As part of this work we are attempting to create a realistic model of a node on the network, but also of the network as a whole. As part of an RP the student should investigate how SURF can create a model of the network. During this research the Student could start with a PCA or T-SNE of all metrics that describe the network. From the results of that analysis the student could start building the layers of the model. Furthermore the results would help us understand what inputs can be used to best describe the behaviour of our network.
Peter Boers <peter.boers=>surf.nl> available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low
XX - short
Title

Abstract
Supervisor available low