Theses

Open Theses

  • Bachelor Thesis, Master Thesis

    Quantum key distribution provides a means for cryptographic applications to exchange a symmetric key between different parties in a provably secure manner. The security of this method is based on the errors generated during information exchange by an eavesdropping attack – based on principles of quantum mechanics – which are noticeable by the involved parties. Therefore, it is important that the keys are post-processed before they are used. Post-processing consists of error correction of the key and subsequent privacy enhancement.

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisor: Anna-Katharina Wickert, M.Sc.

    Announcement as

  • Master Thesis

    Distributed Complex Event Processing (DCEP) systems analyze and process event streams from a variety of heterogeneous sources to extract relevant event patterns (e.g., detecting traffic jams from sensors in the street). Such systems are composed of event processing operators spread across different computing nodes, forming distributed operator networks. Fault tolerance and resilience is a major concern for modern distributed systems and DCEP are no exception.

    In the context of disaster management and emergency reaction, such systems must provide a high level of resilience and service guarantees. In terms of fault tolerance, for instance, temporary node failures should not lead to permanent loss of operator or system state. Additionally, the processed events and the resulting deductions by the system should be traceable and verifiable, and operators should be able to process and analyze both real-time and historical event stream data. These properties are particularly important in a disaster recovery scenario (e.g., an earthquake) where several nodes may be lost, and still processing real-time data from the disaster area might be crucial for the rescue operations. The goal of this thesis is to design a programming language for data-intensive computations that automatically ensures that the system is fault-tolerant and remains operational even when a major disruption occurs. The technical realization is based on the combination of the multitier language ScalaLoci [1] with the persistent event storage ChronicleDB [2] to enable the development of resilient DCEP operator networks. ScalaLoci is a domain specific language that allows developers to build distributed applications within a single code base. The ScalaLoci compiler splits the application accordingly into the distributed components, i.e. into the distributed operators of a DCEP network. ChronicleDB is a persistent event storage under development at the University of Marburg. It provides efficient event storage and querying capabilities for both real-time and historical event stream data.

    The candidate will integrate ChronicleDB into ScalaLoci in an efficient and performant way, e.g. by directly deploying a ChronicleDB instance with each operator, combined with in-language query support. The operators of a DCEP network built with ScalaLoci can then use ChronicleDB for efficient event stream processing, historical event logs for accountability, and fault tolerance through techniques such as e.g. Event Sourcing [3]. The work comprises the analysis of a suitable approach, the implementation of the solution, and potentially an evaluation to showcase the solution's applicability given the aforementioned requirements.

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisor: Nafise Eskandani, M.Sc.

  • Bachelor Thesis, Master Thesis

    Sofware based systems already play a major role in industrial production and this role will only grow in the context of Industrie 4.0. In order to solve new challenges that arise in this context, existing software has to be adapted in different directions, e.g. to enable the addition of new sensors or enable the creation of a digital twin. For this purpose, we want to uncover Software Product Line features and models, which are already present implicitly, and make them explicit. Therefore the development of corresponding analyses and automatic refactorings is necessary.

    Candidates would work on different topics that enable software reuse of industrial controllers written in C.

    These topics include (but are not limited to):

    • automatic identification and localization of features

    • automatic code slicing of identified features

    • adaption of analyses to the presence of C preprocessor macros

    • automatic module extraction

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisor: Patrick Müller, M.Sc.

  • Bachelor Thesis, Master Thesis

    Today, many applications use cryptographic components to provide a secure implementation. For a secure implementation, it is essential that a developer is aware of the correct and secure usage of cryptographic components. Recent studies have shown that developers struggle with this. Therefore, applications which are intended to be trustworthy, become insecure.

    Within our research project “Secure Integration of Cryptographic Software” of the SFB CROSSING, we want to support developers when they integrate cryptographic components in an application. To achieve this aim, we have developed an Eclipse plugin which can generate secure cryptographic code and a static analysis which identifies insecure usages. Currently, we have created all rules checked by the analyis by hand. One of our next steps is to determine how we can automatically generate rules for correct and secure usages.

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisor: Anna-Katharina Wickert, M.Sc.

  • Bachelor Thesis, Master Thesis

    Software-Defined Networks (SDNs) provide a new way to configure computer networks. Special-purpose network devices with tightly coupled data and control planes are replaced by programmable switches managed by a logically centralized controller. The communication between the controller and these programmable switches is carried out using well-defined APIs (e.g., OpenFlow). Instead of configuring devices individually, network policies are implemented on top of the controller and then used by the controller to instruct individual network switches.However, SDN APIs like OpenFlow closely resemble the features provided by the hardware. OpenFlow uses a set of prioritized match-action rules as abstraction, which makes it difficult to write sophisticated network applications. For example, an application supporting multiple tasks at the same time must merge the switch-level rules required by each of the tasks into a single set of rules that can be installed on the switches. To overcome these limitations, different programming languages for SDNs have been proposed, that provide higher language abstractions on top of OpenFlow, including abstractions for querying the network state, basic service composition or language support for network verification.Developing new SDN language features requires a comparison with already existing languages, usually, in order to show that they increase the expressivity of the language while providing at least the same performance at runtime. However, currently it is quite cumbersome to compare different SDN languages, since they are implemented on top of different host languages, like Python, OCaml, Java and they usually provide only a small set of simple example application that are not directly comparable with each other.The goal of this thesis is to develop an extensible testbed for SDN applications that allows to compare SDN programming languages with respect to expressivity as well as performance and to provide a set of small- to medium-sized example applications that can be used for benchmarking and comparing the available language abstractions. Based on the results of the experiments, the next step will be to propose new language features that address the limitations of current solutions.

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisor: Matthias Eichholz, M.Sc.

  • Bachelor Thesis, Master Thesis

    Reactive languages provide dedicated language-level abstractions for the development of reactive applications, such as event streams and signals. Thanks to this programming technique, reactive applications can be developed in a declarative way, specifying the relation that exists among reactive entities. In contrast to traditional programming paradigms, which require manual updates, with reactive programming, changes are propagated automatically: dependent components (e.g., the GUI) are updated by the runtime when the entities they depend on change (e.g., the data in the model).

    Because of the declarative flavor of reactive programming, traditional debugging tools based on step-by step execution and memory inspection, are hardly effective in this context. For example, in a declarative setting, it is not clear how to “step-over” statements or what “setting a breakpoint” would even mean.

    Supervisor: Prof. Dr.-Ing. Mira Mezini

  • Bachelor Thesis, Master Thesis

    Complex Event Processing (CEP) is about performing queries over time-changing streams of data. This technology is used to correlate low-level events and generate higher-level events when a certain pattern occurs. Applications include trading software, elaboration from environmental sensors, and intrusion detection through network packets analysis. For example, a CEP system can receive a stream of data from the trading market and perform the following query: “For the five most recent trading days starting today, select all stocks that closed higher than the company X on a given day. Keep the query standing for 20 trading days”. CEP engines, however are usually not integrated in the programming language and simply accept SQL-like queries in the form of strings. In the last few years, parallel line of research investigated event-based languages, that provide ah-hoc support for events. For example C# allows one to define events beside fields and methods in class interfaces. However, this class of languages often simply provides syntactic support for the Observer pattern and does not reach the expressivity of CEP. The goal of the thesis is to achieve high expressivity and integration with the existing abstractions in the same language.

    Supervisor: Prof. Dr.-Ing. Mira Mezini

  • Bachelor Thesis, Master Thesis

    There is preliminary evidence that RP do improve program comprehension in controlled experiments that compare developers using RP against a control group using traditional techniques. However, little is known about why this is the case and which reasoning processes developers adopt when facing a program in the RP style.

    Supervisor: Prof. Dr.-Ing. Mira Mezini

  • Bachelor Thesis, Master Thesis

    OPAL is a comprehensive library for static analyses that is developed in Scala to facilitate the writing of a wide range of different kinds of analyses. OPAL supports the development of analyses ranging from bug/bug pattern detection up to full-scale data-flow analyses.

    In the context of this project we are always searching for students who are interested in static analysis and want to implement them using Scala. Topics of interest are, e.g., to develop needed base static analyses such as Call Graph Algorithm, analyses to find security issues or to visualize software.

    If you are interested in OPAL, do not hesitate to contact Dominik Helm. For further information, you can also go to The OPAL Project

    Examiner: Prof. Dr.-Ing. Mira Mezini

    Supervisors: Dominik Helm, M.Sc., Tobias Roth, M.Sc.