In my research, I mostly deal with embedded systems firmware.
My main research revolves around the following question: How can we analyze the security of a firmware image, independent from the hardware environment which it normally runs in?
We open-sourced Fuzzware – our generic firmware fuzzing emulator – here: Fuzzware.
Are you interested in diving deep into applied Security Competitions? Check out our university CTF team FluxFingers!
Thesis Topic Overview
First, it is worth mentioning that in case you are interested in one of the general topics outlined here, or have an idea about a thesis topic which falls into my research area, then feel free to reach out so we can find a topic to work on or brainstorm about your idea.
General Thesis Topic Categories
- Fuzzing: Making firmware fuzzing more effective / efficient
- Emulation: Allowing emulators to run more diverse firmware (architectures, functionality types), allowing firmware to be run faster, or with less manual configuration effort
- Code Analysis Techniques: Using code analysis techniques to gather information about firmware images to improve firmware emulation efficiency / applicability
- Specialized Security Analysis: Analyzing the security of a specific firmware-related target
- Human-in-the-loop: Building tools that make humans more productive when fuzzing a (new) target
Currently Available Thesis Topics
- Master’s Thesis: Extending Binary Analysis Tooling to Aid a Human in Exploring Fuzzing Results
- Bachelor’s / Master’s Thesis: Large-Scale Firmware Fuzzing
Master's Thesis: Extending Binary Analysis Tooling to Aid a Human in Exploring Fuzzing Results
- Interest in development in Rust and possibly Python
- Comfortability with or interest in learning about binary code / reverse engineering
- Previous experience with or interest in working with embedded systems firmware
Bachelor's / Master's Thesis: Large-Scale Firmware Fuzzing
- Comfortability with native build systems
- Previous experience with or interest in learning about embedded systems firmware
- Previous experience with or interest in learning about fuzz testing