Student Thesis Topics (2021/2022)

Below is a collection of ideas for student projects. Some are half-backed, some are not even written down. In fact, I am mostly writing down topic clusters I am interested in as I strongly prefer to have multiple students working on related topics within a topic cluster.

If you are interested in systems-oriented computer science and computer security, talk to me in person. In general I expect that students have a solid understanding of operating systems and computer networks and that they are able to handle programming tasks well and that they can work independently.

ORC Improvements

ORC (OpenWrt RestConf) is an open source implementation of the RESTCONF protocol (RFC 8040) for OpenWrt, an embedded Linux system. It was originally written by Malte Granderath in 2020 as part of his BSc thesis.

A number of improvements can be made to the ORC:

  • ORC support for NMDA (RFC 8342, RFC 8527)

  • ORC support for NACM (RFC 8341)

  • ORC support for basic standard data models

  • ORC client tools (rust?)

  • ORC support for Linux container



  • Excellent C programming skills

  • Interest to write code for embedded devices with limited resources

  • Interest to develop, test, and evaluate standards-compliant code

  • Familiarity with system-level programming and development techniques

Control Flow Integrity

Security attacks often try to change the control flow of applications. A common problems are overwrites of function return addresses. Several techniques have been proposed to enforce control flow integrity. We are interested in evaluating them.

  • What are existing solutions that can be implemented by a compiler without specific support by the CPU's instruction sets? How do they impact performance?

  • What are existing solutions adopted by CPU designers to make control flow attacks more difficult or impossible?

  • The RISC-V community is starting to discuss which solution RISC-V should adopt to maintain control flow integrity.



  • Understanding of program execution at the instruction set level

  • Understanding of program transformations at the compiler level

  • Interest to learn about RISC-V CPUs

  • Interest to learn about security work related to RISC-V

Reinforcement Learning to Discover Control Flow Graphs

Active malware analysis is executing programs in emulated environments and the challenge is to learn user inputs that quickly discover significant portions of the control flow graph of the program under test. This is mainly done for Android applications. Questions related to this work are:

  • Can techniques be applied to other pieces of software? How specific are things to the Android environment?

  • What is the testing/fuzzying community doing to generate inputs for fuzzying purposes?


  • TBD


  • Interest to learn about reinforcement learning techniques

  • Background in machine learning

  • Understanding of program execution at the system call or C library level

Fingerprint Recognition on Cortex-M Processors

A fingerprint matching algorithm has been implemented in the security world on a Cortex-M processor in 2021. The idea is to build on this work and to extend it in several directions:

  • Implementation of the missing feature extraction stages to realize a complete prototype

  • Improvements of the matching algorithm, both in terms of the accuracy but also its resource usage

  • Investigating of other processors that provide a similar separation of a trusted secure world from an untrusted world


  • TBD


  • Software development skills for embedded systems

  • Competence to work close to the hardware level

  • Algorithmic competence and interest to make code efficient

Embedded Operating Systems using Rust and RISC-V

There are quite a few projects out there where people implement embedded operating systems written entirely in Rust. Furthermore, RISC-V is coming up strong on embedded processors. The goal here is to dive into these developments and to dig out niches where a contribution can be made. It is also possible to focus on prototyping some demonstrators, like the firefly synchronization demonstrator we built years ago on TinyOS. If there are students good at VHDL, we may dive also into RISC-V instruction set extensions, following working in the RISC-V community.



  • System-level programming skills

  • Time and energy to learn Rust

  • Interest to learn about RISC-V details

Academic Conference CO2 Calculators

Academic conferences and technical events are expensive in terms of their CO2 footprint. The ACM SIGPLAN has created a conference CO2 calculator, which seems to not have been updated for a while. The goal of this project is to investigate relevant CO2 calculation models and to prototype an implementation that can be used to calculate past and future CO2 footprints of academic events or technical events (such as standardization meetings).