Bachelor | Master | PhD – Thesis Supervision


STUDENTS INTERESTED to do an INTERNSHIP or pursue a THESIS (B.Sc., DI, M.Sc., or Ph.D.) are advised to directly CONTACT OUR RESEARCHERS as listed below.

Security and Privacy in Machine Learning

Below is a list of topics related to security and privacy aspects of Machine Learning / Data Mining / Artificial Intelligence. If you are interested, please contact Rudolf Mayer

Adversarial Machine Learning:

A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”:  

Privacy-preserving Machine Learning / Data Mining

Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:

Watermarking / fingerprinting of datasets

  • Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks

Digital Sustainability

  • Understanding runtime system behaviour: How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?: Alexander Schatten
    • Literature research and interviews on status quo
    • Implementation of a model e.g.
      • Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
      • Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
    • These topics can also be split into several thesis
  • Understanding and Handling Complexity: Complexity and software systems: Alexander Schatten
    • Find indicators to quantify complexity in software systems and organisations
    • Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
    • Analyse typical software and architecture patterns with focus on complexity
    • Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).
  • Understanding and Handling Complexity: Mapping program language related complexity: Alexander Schatten
    • Find useful dimensions of comparison
    • intrinsic complicatedness
    • extrinsic complexity
  • Management and Organisational Dynamic: Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001: Alexander Schatten
    • find useful dimensions for comparison
    • outline overlaps and interfaces
    • describe conflicts and usage scenarios
  • Management and Organisational Dynamic: Analyse organisational hierarchies, setup and processes (cooperation of business partners required): Alexander Schatten
    • Interface between business and IT to derive factors that lead to success or failure
    • Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory

Security for Cyber Physical Production Systems

  • Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)? Edgar Weippl
  • Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed? Edgar Weippl
  • Secure Software Engineering Processes in CPPS. Edgar Weippl

Combinatorial Testing for Information Security



Fileformat Security

Internet of Things (IoT) Security and Privacy

  • Update mechanisms for constrained IoT systems
  • Secure embedded operating systems for IoT applications: Georg Merzdovnik
  • IoT network protocol security analysis
  • Privacy leaks and protections for IoT devices and protocols
  • Lightweight intrusion detection for IoT systems: Georg Merzdovnik
  • Efficient implementation of security and cryptography for IoT
  • Moving-target defenses in IoT environments
  • Resilient communication protocols for IoT

Internet of Things (IoT) – Constrained Networks

  • Integration of RIOT OS into SecureWSN
    – TinyIPFIX for Data Gathering
    – Aggregation Support
  • Implementation of security solutions
  • Optimization of system lifetime using energy harvesting mechanisms
  • Extention of visualization mechanisms
  • Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
  • Integration of “Trust-Check” for devices
  • Establishment of bidirectional communication (e.g., for updating purposes of intervals)

Topic description available under

Power Consumption and Power Grid

Attacks against cyber-physical systems

Mobile Security and Privacy

Network Security

Privacy Enhancing Technologies & Net Neutrality

Research in Information Security

  • Comparing military research and academic research – analysis of de-classified content: Edgar Weippl
  • Analysis of security in standardization processes: Johanna Ullrich

Software Security

System Security

Usable Security


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.