Internships and Theses

If you would like to do a praktikum (project) or a diploma thesis at our lab, please take your time and read this page first. You will understand what we expect from you and what we can offer in return.

Goals of SecLab Internships ("Praktika") and Theses

1. Impact
2. Security publication at an international conference
3. Fun, fame and profit :-)

What We Can Offer You

We are a small, distributed lab that is interested in state-of-the-art practical security research. We are constantly publishing the results of our research in top, high-impact international security conferences such as the IEEE Security and Privacy, USENIX Security Symposium, and the World Wide Web Conference. We have good contacts to well-known security labs around the world. We are also working closely with Symantec Research Europe.

As a student, you will be involved in state-of-the art security research and will work on finding solutions to important security problems. You will learn how to write a technical paper and will get a chance to present the results of your work on an international conference once your paper has been accepted (of course, we will send you to the conference no matter where it is).

If you are master's student, we will provide you with hardware of your choice and you will get a place in the lab. Once you start delivering good results, we can also start paying you from our projects.

The kind of work you do with us is ideal if you would like to work in a research lab or do a Ph.D. later on.

Becoming a Lab Member

Just like the challenges in InetSec / SecProg 1 and InetSec / SecProg 2, becoming a member of the lab is a sort of a challenge. We have certain requirements for candidates who would like to carry out security research with us:

1. We expect you to be motivated and ready to learn new things.
2. We work on interesting, but open problems. Thus, we expect you to also contribute to the research and come up with ideas and solutions.
3. We expect excellent programming knowledge. Furthermore, you should not only be a Java "softie", but should also feel confident with lower-level languages such as C and C++. Linux is not necessarily a major requirement, but if you are solely a Windows user, chances are not good that you will fit in well into our security group. We also do a lot of Windows security research (e.g., spyware), but we prefer our members to be OS- independent. Typically, business informatics students struggle because they do not always have the necessary technical background.
4. If you would like to do a praktikum / project, you should have done the Internet Security or Secure Programming 1 course offered by us. A grade of 1 (sometimes, a close 2) impresses us. Anything else makes us think "He/she wasn't interested enough". If you do not have a good grade in Internet Security or Secure Programming, you do not fit well into the group so there is only a very slim chance that your application for a praktikum or a master's theses will be accepted.
5. If you wish to do a master's thesis, it is useful if you have done InetSec / SecProg 2. This course will give you a chance to personally get to know us and our interests. Note that if you do not get a good grade in this course, we are not impressed. Getting a good grade is not impossible, it just requires you to take the course seriously and spend some time on it. If you do not have done InetSec / SecProg 2, then you need to explain why you think you are good enough to be a member of the lab.

If you do not fulfill any of these requirements, you are still welcome to contact us. We do make exceptions sometimes... however, there have to be justified reasons.

If you think you are fit for the job, then please contact us. We would be very happy to meet you and see you become a member of our lab!

Open Topics for Internships / Theses

We usually work on new security research topics that are waiting to be solved by motivated students. Even though we provide a short list of possible topics below, there are few limits to possible research topics. Thus, if you are interested in security research, do not hesitate to contact us for further ideas. Also, students who propose their own research ideas are particularily welcome.

Internet Security Challenge development

Developing and implementing challenges for University-level security courses like Inetsec and Advanced Inetsec is a demanding task. Endless possibilities exist to provide interesting and fiddly challenges to more or less advanced students. Still, the main goal is to get students to think about security and have fun solving challenges.

The main tasks will be to implement new challenges for Internet Security / Advanced Internet Security. For deployment we provide our SecEnv framework introduced in WS 2012. All challenges are implemented as virtual machines, providing virtually every environment thinkable. Suitable for Prakita, Bachelor- or even Master's Theses.

Contact: Christian Platzer

Extensions / Improvements of our analysis system Anubis

Anubis is our system for analyzing unknown, possibly malicious binaries. As the malware currently found in the wild changes, our analysis system has to adapt to new trends, act upon new ways of detecting/circumenting the system, or improve other properties of the system.

The main tasks vary from project to project, ranging from low-level improvents to the system emulator to rather high-level changes in the web-interface.

Contact: Martina Lindorfer / Matthias Neugschwandtner

Extensions / Improvements of our analysis system Andrubis

Just like Anubis itself, which deals with Windows binaries, Andrubis is an extension that can handle unknown Android apps, executes them in a sandbox and produces a detailed report on their activity.

Here too, the main tasks vary from project to project, ranging from low-level improvents to the system emulator to rather high-level changes in the web-interface.

Contact: Christian Platzer / Martina Lindorfer / Matthias Neugschwandtner

Hardware Security

Security is not all about Software. Most targeted attacks are directed to a lower level, sometimes directly to the Chip itself. Due to the lack of lectures and teaching activities in this direction, we provide Bachelor / Masters Theses on this topic.

Tasks vary from protocol analysis, low level device infiltration to reverse engineering and injection attacks on the hardware layer. For ideas and possibilities don't hesitate and contact one of our Lab members.

Contact: Markus Kammerstetter / Christian Platzer