Reach me here:

Projects

This is a list of possible available topis suitable for MSc, BSc, or simple semester projects.
Each project is adjustable according to the student skills. However, to ensure a fruitful interaction, and make your project really worthy, I strongly recommend you read the general prerequisite here below, and then the topic description. If any of the following idea attracts you, or something is unclear, do not hesitate to contact me at flavio.toffalini@rub.de. I am also open to projects spontaneously proposed by student as long as they adhere to my research area: software analysis, vulnerability analysis, mitigation, system security.

General Prerequisite

Every topic requires specific skills. However, for smooth collaboration, students must have a basic understanding of Linux OS, Git, and bash programming. I assume you have a good knowledge of Python, which is a fundamental Swiss Army knife for many tasks. Depending on the project, you may also be required to learn specific tools, skills, or technologies, such as C/C++, LLVM, reverse engineering, or fuzzing.

List of Topics

The following topics serve as an indication of my areas of interest. Many of them can be combined if we identify a feasible project. Think of this list as a menu; if you find something you're already familiar with, feel free to email me, and we can discuss it. As a rule of thumb, combining topics generally increases project difficulty.

  • Generic Fuzzzing, playing with AFL++ and libAFL. If you're eager to find bugs in a specific target, we can discuss it!
  • Interpreted Fuzzing, with a focus on Fuzzilli. We may extend Fuzzilli to new programming languages (e.g., Python).
  • Reverse Engineering. How hard would it be to translate assembly code to C++? ;)
  • Software Analysis, you will explore various static analysis techniques, possibly working on and extending SVF. This topic may evolve into a compiler pass to implement mitigation strategies. A strong background in LLVM is preferred.
  • Many minor and major projects on Trusted Execution Environment (TEE) involving SGX or TrustZone, but also spanning to Intel TDX or ARM MTE . This topic is very flexible and can be stretched to remote attestation or embedded security.
  • Microarchitectural issues are more of a hobby area in my research; feel free to approach me, and we can explore possible ideas together.