BSc

The IoT is exposed to ongoing malicious attacks. The large set of diverse hardware and software combined with the neglection of security best practices, such as the use of the same default credentials on all devices, the often non-existent update policies, and the lack of software hardening techniques render IoT and IIoT devices an ideal target for attackers.

Idea Can we check with a static analyzer if a source code or a binary is prone to fault injection (e.g. voltage FI)? Can we patch the source code / binary (https://research.

Modern research on reverse engineering and binary analysis requires large datasets, e.g. for developing machine learning algorithms, and the corresponding ground truth. These datasets are usually generated by collecting open source repositories and compiling them with the needed compiler settings.

The Nyx fuzzer is a fuzzing project built around current top-research the field of fuzzing. A sub-project, Nyx-Net, provides a full-VM snapshot fuzzer for complex network-based targets. An interesting direction of research is how one could take Nyx-Net and extend it to work with embedded systems protocols, e.

A lot of published research relies on proprietary tools, like IDA, to generate the ground truth for the methods they implement. In addition, certain tasks, e.g. during binary analysis, might be very common, but not supported by the tool itself or with plugins only existing for proprietary tools.