BSc/MSc Theses
This is a (non-exclusive) list of thesis topics currently offered at PLAI. Additionally, other related topics may be available.
Please contact the mentioned person with a transcript of record and highlight all relevant experience related to the topic you are interested in for a BSc or MSc thesis. Also, please take note of the languages the person speaks.
Open
-
Motivation
The Rust compiler exposes internal APIs that allow researchers and tool developers to build analyses directly on top of the compiler's intermediate representations. A growing ecosystem of academic and industrial tools depends on these APIs: linters, static analyzers, verification frameworks, and custom compiler passes.
There is a catch: rustc's internal API is explicitly unstable and changes frequently, often with every release. A tool that compiles and runs correctly today may be broken six weeks later. For research tools in particular, which are likely not maintained anymore after publication, this means many tools quietly become unusable within months, and reproducing published results becomes increasingly difficult over time.
Research Direction
I am interested in building a tool that is able to do most of the work required to port rustc plugins to the newest compiler version. Concrete steps might include surveying existing work on API compatibility and automated migration (e.g., API diff tools, library migration studies), developing a taxonomy of the kinds of breaking changes rustc actually makes, and building a tool that detects and applies these changes to plugin codebases.
Prerequisites
- No fear to tackle topics that are yet-to-be-solved
- Really good coding skills: most topics will build upon large and complex software like rustc, LLVM, ...
- Preferably being fluent in both C/C++ and Rust
- Preferably already some basic knowledge about static analysis aka how to reason about code semantics without executing it (through courses like Program Analysis for Security or other compiler courses; SoSy lab courses might also be beneficial)
-
Motivation
Memory-safety vulnerabilities — buffer overflows, use-after-free, dangling pointers — are among the most exploited bug classes in software security, enabling attacks that compromise critical infrastructure, expose personal data, and power state-level espionage tools. The root cause is well-understood: most of the world's foundational software (operating systems, browsers, cryptographic libraries) is written in C or C++, languages that prioritize performance over safety and predate the modern threat landscape.
Rust was designed to close this gap. Its type system and borrow checker statically rule out entire classes of memory-safety bugs — without a garbage collector. One promising path forward is automatic C-to-Rust translation, which could retire decades of unsafe legacy code without requiring a complete rewrite by hand.
The Problem: Translation Is Harder Than It Looks
Safe Rust is strictly less expressive than C: the set of memory-safe programs is a strict subset of all programs expressible in C, and the set of programs expressible in safe Rust is a strict subset of memory-safe programs. This means translating C to safe Rust is not merely a syntactic transformation: it requires inferring properties and constraitns the original C code never made explicit. Since memory-safety of arbitrary programs is undecidable, fully automatic translation is too.
Recent work combines classical program analysis with LLMs to make progress on this problem, exploiting LLMs' strength at code-level pattern recognition. But this raises new challenges:
- Correctness: The LLM might have changed the semantics of the code during translation.
- Cost scales poorly. Current LLM-based approaches can spend hundreds of dollars translating even modest programs.
Research Direction
This thesis explores how to make C-to-Rust translation more practical and trustworthy. Two directions are of particular interest: improving the translation quality of locally-deployable LLMs, e.g., through constrained decoding, and developing testing strategies that can assess translation correctness in the absence of a ground truth.
Prerequisites
- No fear to tackle topics that are yet-to-be-solved
- Really good coding skills: most topics will build upon large and complex software like rustc, LLVM, ...
- Preferably being fluent in both C/C++ and Rust
- Preferably already some basic knowledge about static analysis aka how to reason about code semantics without executing it (through courses like Program Analysis for Security or other compiler courses; SoSy lab courses might also be beneficial)
-
BSc/MScPrivilege Pirates – LLM-Guided Automatic Exploitation of Message-Passing Vulnerabilities
This topic is of high interest to me!
Motivation
Browser extensions rely heavily on message passing to coordinate actions between background scripts, content scripts, and web pages. When extensions do not properly validate incoming messages, an attacker-controlled website can trigger privileged actions, access sensitive data, or escalate its privileges through the extension. These vulnerabilities are severe, yet many extensions still expose dangerous message handlers without proper security checks.
While previous work has focused on detecting message-passing vulnerabilities, much less attention has been given to exploiting them. Modern LLMs, combined with browser automation frameworks such as Selenium, Playwright, or Puppeteer, now enable a new class of tooling: one that not only identifies risky message handlers but also crafts real exploitation payloads, drives the browser, and verifies whether privilege escalation is possible.
This project aims to build the first prototype of an LLM-driven exploitation engine for browser extensions.
Your Part
- Build a pipeline that ingests an extension's source code and uses an LLM to:
- identify suspicious message handlers,
- infer expected message formats,
- generate candidate exploit payloads.
- Use automated browser instrumentation (Selenium, Playwright, or Puppeteer) to:
- load the target extension,
- simulate attacker websites,
- send LLM-generated exploit messages,
- observe whether privileged actions are triggered.
- Develop a feedback loop where runtime results refine LLM-generated payloads.
- Evaluate the system on known vulnerable extensions and measure:
- exploitation success rate,
- precision of LLM-generated payloads,
- false positives / false negatives.
- (Optional) Extend analysis to multiple browsers (Chrome, Edge, Firefox).
Prerequisites
- Strong JavaScript and HTML skills.
- Good understanding of browser extension architecture.
- Basic experience with Python or Node.js.
- Interest in security, reverse engineering, or automated exploitation.
- (Optional) Prior exposure to LLM APIs, prompt engineering, and browser automation frameworks such as Selenium/Playwright/Puppeteer.
Related Work
-
BSc/MScBrowser Sentinel - Behavioral Profiling of Browser Extensions Using LLMs
I intend to get a publication out of this!
Motivation
Browser extensions enhance user experience but can also introduce significant security and privacy risks. They have access to sensitive data, powerful APIs, and system resources, making them a potential vector for malicious behavior. Current behavioral analysis approaches rely on permissions, API usage, or manually annotated characteristics. These methods are limited in capturing semantic intent — what the extension actually does. Large Language Models (LLMs) are capable of understanding both code and natural language, allowing them to generate semantic descriptions of extension behavior. By comparing such descriptions across versions, we can detect anomalies, suspicious behavior, or subtle changes in functionality that might indicate vulnerabilities or malicious activity.
Your Part
- Dataset Creation Collect multiple versions of Chrome extensions, including known benign and malicious updates.
- LLM Behavior Descriptions Use an LLM to generate semantic behavioral summaries for each extension version (e.g., “tracks user activity,” “injects ads,” “scrapes form data”).
- Semantic Signatures Transform LLM-generated descriptions into machine-readable vectors (embeddings).
- Change Detection Compare semantic signatures across versions to identify:
- Unexpected new capabilities
- Stealthy malicious behavior
- Shifts in privacy posture
- Evaluation Validate against known malicious extensions, or use case studies from large-scale datasets to assess detection accuracy and utility.
Prerequisites
- Strong JavaScript and HTML knowledge
- Familiarity with LLM APIs and prompting
- Basic understanding of embeddings / representation learning
- Interest in security analysis of browser extensions
Product
- A fully automated method to generate semantic fingerprints of browser extensions.
- Ability to detect behavioral changes over time, improving security and privacy monitoring.
- Potential publication combining LLM reasoning, security analysis, and behavioral profiling.
Related Work
-
I intend to get a publication out of this!
Motivation
Fuzzing has long been established as state-of-the-art in dynamic software analysis but still faces significant challenges when it comes to fuzzing programs that consume highly structured input. Grammars have been proposed as one solution to the underlying problem, enabling the bulk generation of structured input data. Unfortunately, even a perfectly specified grammar offers little benefit if the input generator lacks when it comes to producing effective and deep-reaching seeds. Hence, we need input generators that can generate output that maximizes grammar coverage and structural depth based while adhering to the grammar to increase exploration of deep program states when fuzzing.
Your Part - Conduct a systematic analysis of state-of-the-art grammar-based fuzzing approaches, with a particular focus on the design and capabilities of their input generators - Identify the strengths and limitations of existing generators with respect to coverage depth, structural diversity, and seed effectiveness - Design and implement a unified input generation framework that integrates complementary features from multiple grammar-based fuzzers - Perform an ablation to show the impact of features of your generator on a set of relevant real-world targets using Fuzzbench. Measure improvements in code coverage and seed quality over other approaches. - Provide a detailed discussion of design trade-offs and practical recommendations for future grammar-based input generators.
Prerequisites
- Solid programming skills in Python and experience with reading and understanding source code in both C and C++
- Basic understanding of fuzzers and rule-based grammars such as context-free grammars (CFGs)
- Interest in dynamic software analysis, finding vulnerabilities and possibly writing a workshop paper.
Related Work
-
I intend to get a publication out of this!
Motivation
Fuzzing has long been established as state of the art in dynamic software analysis but still faces significant challenges when it comes to programs that consume highly structured input. Grammars have been proposed as one solution, enabling the bulk generation of structured input data. To this day, the open-source community has handwritten and carefully crafted grammars for a wide variety of file formats in several different grammar formats such as JSON, ANTLR4, and even Python. Unfortunately, grammar-fuzzers usually only consume one or a subset of these formats. Translating grammars from one format into another would allow broader application of grammars across different fuzzers and thereby more diverse fuzzing campaigns with a wider variety of inputs.
Your Part
- Gather a large set of ANTLR4 and JSON grammars and craft a dataset. Label them and analyze the features they encode or fail to encode.
- Determine which formats are underrepresented in your dataset. Give an indication of whether this reflects specific challenges when writing grammars, and outline them clearly.
- Design and implement a grammar translation engine that transforms grammars between formats and use them for fuzzing.
- Carefully take into account that there might be a semantic gap between grammars and come up with a way of handling it.
- Evaluate the seed generation capabilities of your newly translated grammars and compare the seeds based on reachability, generation depth, and validity.
Prerequisites
- Programming skills in Python and familiarity with reading Rust or C++ code.
- Understanding of, or willingness to learn, how rule-based grammars such as context-free grammars (CFGs) work.
- Interest in fuzzing and possibly writing a workshop paper.
Related Work
-
This topic is of high interest to me!
Motivation
Browser extensions often rely on message passing to communicate between privileged and unprivileged components, such as background scripts and content scripts. This mechanism, if not properly validated, can introduce severe vulnerabilities that enable privilege escalation, unauthorized access, or data leakage. Understanding and detecting these message-passing flaws is essential to ensure the security of the browser ecosystem.
Existing research tools such as DoubleX and CoCo have proven effective in identifying message-passing vulnerabilities in Chrome extensions. However, their applicability to other ecosystems like Microsoft Edge and Mozilla Firefox remains underexplored. By adapting and evaluating these tools across multiple browsers, we can gain broader insights into cross-platform security issues and assess whether similar vulnerability patterns persist.
Your Part
- Apply DoubleX and CoCo to extensions from the Edge Add-ons Store and the Firefox Add-ons Store.
- Conduct a manual analysis of detected vulnerabilities to identify common patterns and unique findings.
- Optionally, design and evaluate an LLM-based approach to assist or automate vulnerability classification and explanation.
- Document and compare the effectiveness of DoubleX and CoCo across different browser environments.
Prerequisites
- Strong JavaScript and HTML knowledge is required for this topic.
- Understanding of browser extensions functionality.
- Familiarity with static analysis techniques.
Related Work
-
Motivation Modern software systems often rely on complex and highly customized build configurations. These configurations define compilation steps, dependencies, flags, and environment-specific behavior. However, in many real-world scenarios—such as security analysis, legacy system maintenance, or binary analysis—the original build configuration is missing, incomplete, or unreliable. This makes it difficult to reproduce builds, analyze program behavior accurately, or apply static analysis tools effectively. Automatically reverse engineering build configurations from artifacts (i.e. binaries) would significantly improve reproducibility, security auditing, and program understanding.
Your Part In this thesis, you will investigate techniques to automatically infer build configurations from compiled artifacts and partial project information. The project is structured as follows:
-
Identification of Relevant Build Features Together, we will identify which aspects of a build configuration (e.g., dependency structure, compiler flags, module boundaries) are most critical for downstream tasks such as binary patching or vulnerability detection.
-
Design of Reverse Engineering Techniques You will design and implement methods to reconstruct these features from available data sources.
-
Optimization and Heuristics Since multiple build configurations can produce similar artifacts, you will explore heuristics and optimization strategies to infer the most likely configuration. This may include: Pattern-based inference Constraint solving Probabilistic ranking of candidate configurations
-
Evaluation You will evaluate your approach on open source projects, measuring: Accuracy of reconstructed configurations Impact on downstream analyses (e.g., binary patching precision/performance) Scalability to large codebases
Optionally, the project can be extended to explore more fundamental questions, such as whether certain build abstractions or modularization strategies make reverse engineering easier or harder.
Prerequisites Solid programming skills (language-agnostic; experience with systems-level concepts is a plus) Basic knowledge of compilers, program analysis, or reverse engineering is beneficial Interest in software analysis, tooling, or systems research
-
-
BSc/MScAutomatic Modularization of Software Projects for LLM-based Transpilation
Application: Please write an email describing your relevant experiences and attach a CV, you transcript of records (incl. bachelor grades), and a writing sample
Motivation
- With the help of LLMs more tools are developed for transpiling software from old programming languages to new languages, e.g. C to Rust transpilation
- However, most of the LLM-based research prototypes only operate on Code Snippets, because their context size is too small
Your Part
- Given an arbitrary context size limitation of an LLM ($n$ number of characters), implement an algorithm to split up the code base into small chunks of transpilable code snippets, e.g. by calculating a call graph and identifying strongly connected components between the functions in the program.
- Challenge: How to split up the code base arbitrarly small chunks but ensure that each chunk is still compilable.
Prerequisites
- Basic principles of Software Engineering
- Experience with the C programming language
- Lecture "Program Analysis for Security" or "Compiler-Design"
-
We are looking for a student to help develop a continuous integration (CI) pipeline for a binary patching tool. The project involves automating the build, test, and deployment processes to ensure reliability and efficiency.
Prerequisites
Strong Python skills, Comfortable with Bash scripting on Linux
-
Application: Please write an email describing your relevant experiences and attach a CV, you transcript of records (incl. bachelor grades), and a writing sample
Motivation
- Rust is a modern programming language which shows strong performance with improved security. However re-writing existing code bases is too expensive.
- To make widespread reuse existing Rust libraries, we want to build an index of Rust libraries from https://crates.io/ can act as replacements for widespread C libraries, e.g. the image library as replacement for libpng
- This way, all C applications that depend on libpng might be made a little bit safer by swapping out libpng for Rusts "image" library
Your Part
- Use a combination of LLMs and deterministic methods to implement a search for potential Rust replacements for a given C library.
- By iterating this search over multiple popular C libraries, build an index of potential Rust Replacements
- If possible, not only search for functionally equivalent Rust libraries but also assess other properties that would simplify the developers' work in the replacing process, e.g. potential API compatibility, build system compatibility, risk of including unstable 3rd party dependencies (see: https://tweedegolf.nl/en/blog/119/sudo-rs-depencencies-when-less-is-better)
- As a case study, take an example C application and one of its libraries with an adequate Rust replacement and evaluate the results for equivalence and performance.
-
BSc/MScLLM-Based Detection of Message-Passing Vulnerabilities in Browser Extensions
This topic is of high interest to me!
Motivation
Browser extensions often rely on message passing to communicate between privileged and unprivileged components, such as background scripts and content scripts. This mechanism, if not properly validated, can introduce severe vulnerabilities that enable privilege escalation, unauthorized access, or data leakage. Understanding and detecting these message-passing flaws is essential to ensure the security of the browser ecosystem.
Large Language Models (LLMs) can analyze source code with contextual understanding, enabling them to identify complex security flaws that traditional static analysis may miss. By reasoning about message flows and privilege boundaries, LLMs can detect message-passing vulnerabilities that depend on subtle logic or inconsistent validation. This approach offers a promising new direction for automated vulnerability detection in browser extensions, combining semantic insight with scalability.
Your Part
- Identify browser extensions that use message-passing APIs and/or sensitive APIs.
- Prepare the source code for LLM-based analysis by structuring relevant files and metadata.
- Design LLM prompts for detecting message-passing vulnerabilities, inspired by DoubleX and CoCo.
- Run the LLM analysis on selected extensions and collect results.
- Validate the findings through manual inspection or comparison with existing tools.
Prerequisites
- Strong JavaScript and HTML knowledge is required for this topic.
- Understanding of browser extensions functionality.
- Interest in applying Large Language Models for code understanding.
Related Work
-
BSc/MScTrust Me, Bro - An LLM-Guided Study of Data Collection in the Chrome Web Store
I intend to get a publication out of this!
Motivation
Browser extensions enhance user experience by adding functionality to web browsers, but they also present significant security risks. With access to sensitive data and system resources, extensions can become vectors for malicious activities, such as data theft, privacy invasion, and unauthorized actions. In recent years, the security of browser extensions has become a growing concern due to their increasing prevalence and capability.
The paper
Detection of Inconsistencies in Privacy Practices of Browser Extensionsinvestigates how browser extensions handle user data and whether their behaviors align with their stated privacy policies. The authors develop an analysis framework to compare declared permissions, privacy policies, and actual data access patterns, uncovering discrepancies that indicate potential privacy violations. Their findings reveal that many extensions request excessive permissions or secretly leak user data, emphasizing the need for stricter enforcement of privacy policies in extension stores.Your Part
Using the paper as inspiration, we want to study the collection of data types that were not covered in recent research. To list a few examples,
- Personal Identifiable Information
- Health Information
- Financial & Payment Information
- Authentication Information
- Personal Communications
Your experiments will be done in the current state of the Chrome Web Store.
The way you address this problem is up to you.
- Leverage LLMs for natural language analysis of privacy policies
- Perform static analysis with the CodeQL framework
- Trigger behaviors with libraries for dynamic analysis, such as Selenium
Prerequisites
- Strong JavaScript and HTML knowledge is required for this topic.
- Understanding of browser extensions functionality.
- Interest in privacy.
Related Work
Detection of Inconsistencies in Privacy Practices of Browser Extensions
-
Motivation
Memory-safety vulnerabilities — buffer overflows, use-after-free, dangling pointers — are among the most exploited bug classes in software security, enabling attacks that compromise critical infrastructure, expose personal data, and power state-level espionage tools. The root cause is well-understood: most of the world's foundational software (operating systems, browsers, cryptographic libraries) is written in C or C++, languages that prioritize performance over safety and predate the modern threat landscape.
Rust was designed to close this gap. Its type system and borrow checker statically rule out entire classes of memory-safety bugs without requiring a runtime garbage collector. Organizations like Google, Microsoft, the Linux kernel project, and various government bodies are actively migrating security-critical code to Rust.
Migrating incrementally means Rust code routinely calls into existing C libraries via the Foreign Function Interface (FFI). Because the Rust compiler cannot reason about C code, all FFI calls are inherently
unsafe. The standard practice is to write a safe wrapper: a Rust API that encapsulates the raw FFI calls and enforces the invariants the C library silently assumes.If this encapsulation is wrong, the wrapper is unsound: it exposes safe Rust code to undefined behavior without any
unsafeblock in sight. The Rust community treats soundness bugs as security vulnerabilities and tracks them in the RustSec advisory database.Research Direction
I am interested in the automatic detection of soundness violations and bugs in Rust FFI wrappers using static analysis. This topic is closely related to my own research and open topics change frequently based on my own progress. If you are interested, I can send you the currently available topics.
Prerequisites
- No fear to tackle topics that are yet-to-be-solved
- Really good coding skills: most topics will build upon large and complex software like rustc, LLVM, ...
- Preferably being fluent in both C/C++ and Rust
- Preferably already some basic knowledge about static analysis aka how to reason about code semantics without executing it (through courses like Program Analysis for Security or other compiler courses; SoSy lab courses might also be beneficial)
-
BSc/MScExtension Blueprint - LLM-Driven Reverse Engineering of Browser Extensions
I intend to get a publication out of this!
Motivation
Browser extensions are powerful but risky: with access to browsing data, cookies, network APIs, and storage, they can easily introduce security, privacy, and integrity issues. Recent advances in Large Language Models (LLMs) enable fully automated analysis of complex JavaScript codebases. There has been work already demonstrating that LLMs can reverse engineer real extensions, such as Honey, uncovering structural, behavioral, and security-sensitive features. This project extends that work to build a systematic, scalable, and reproducible analysis pipeline.
Your Part
- Extend the existing LLM-based analysis workflow to handle full-source reverse engineering of browser extensions.
- Design improved prompts, schemas, and automation for extracting structural, behavioral, and security-relevant information.
- Evaluate the system on multiple real extensions from the Chrome Web Store.
- Compare LLM-generated reports against manual inspection or ground truth to measure accuracy and limitations.
- (Optional) Explore techniques to detect suspicious patterns such as hidden monetization, data flows, or affiliate mechanisms.
Prerequisites
- Strong JavaScript and HTML knowledge.
- Basic understanding of browser extension architecture.
- Interest in security, program analysis, or reverse engineering.
- Willingness to work with LLM APIs, prompt engineering, and automation scripts.
- (Optional) Familiarity with static analysis tools or code summarization methods.
Related Work
- Exposing the Honey Influencer Scam
- Contact me for more related work!
-
Motivation Taint analysis is a fundamental dataflow problem that can be used to identify security vulnerabilities such as SQL injections, XSS, insecure deserialization and many others. To be useful and not overwhelm the user with too many false positives, the state-of-the-art uses precise heap abstractions such as access graphs or access paths. You can think of an access path as a variable in the code and a chain of field references with a maximum length of
k. These heap abstractions are additionally enriched with type information and other metadata.
One algorithm to solve these dataflow problems is IFDS. Especially the ability to solve two dependent problems in cooperation, i.e. resolving aliases on-demand for the taint analysis, allows IFDS-based taint analysis to discover non-trivial dataflows while still being reasonable precise. However, IFDS has a worst-time complexity ofO(|E| |D|^3)withDbeing the domain and the access path domain can grow quite large, making it impossible to analyze complex applications in a reasonable timeframe.
IDE is a generalization of IFDS, originally developed to solve map domains such as constant propagation (Var -> Value), and allows to split up a powerset domain into a dataflow domain and a value domain. The time complexity of IDE is the same as for IFDS.
A recent paper (Oct 2024) shows that it is possible to split up the access path heap model into a dataflow domain of local variables and a value domain of field (de-)references, leading to speedups of average 200x(!) compared to the equivalent IFDS formulation. Besides them basing their work on an artefact from 2016 and not publishing their code, they also consider alias analysis orthogonal to the taint analysis problem and use a previously published alias analysis still operating on an expensive access graph domain to resolve the aliases.Your Part First, we want to reproduce the work based on an up-to-date version of Soot and FlowDroid, because we are highly interested in open-sourcing the more scalable analysis. Second, we have the idea of a cooperative alias analysis in IDE. IDE's phase 1 is basically IFDS, so we do think it is possible to exchange dataflow facts in phase 1. Also, FlowDroid's call site matching during the path building stage has already proven that you can solve a context-free language across different analysis directions. Thus, the research question is whether it is possible to extend the CFL grammar aka the value domain to also solve aliases on-demand and asynchronously with multiple IDE solvers as it is done with IFDS. To the best of our knowledge, there isn't yet any paper that uses multiple IDE solvers in cooperation, so this is actually something completly new to work on!
Prerequisites
- You will be implementing the solution on top of a large Java codebase, so proficiency in Java is benefical.
- Furthermore, this topic requires you to design a complex static analysis that is supposed to analyze real-world Java applications, which requires good knowledge about the Java language semantics.
- Knowledge about static analysis and context-free languages obtained from courses like Principles of Compiler Design or Program Analysis for Security is also beneficial.
Related Work
- Boosting the Performance of Alias-Aware IFDS Analysis with CFL-Based Environment Transformers
- IFDS-based taint analysis: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps, GitHub
- Independent Alias Analysis used by the paper: Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java, GitHub
-
BSc/MScTruth in Code - Using LLMs to Verify the Consistency of GitHub Commits
I intend to get a publication out of this!
Motivation
Commit messages are essential for understanding the intent behind code changes and are a key part of software development history. They help collaborators and future developers grasp the reasoning behind a change without reading the entire diff. High-quality, accurate messages improve maintainability, support debugging, and enhance code review processes.
Large Language Models (LLMs) can understand both natural language and source code, making them a promising tool for assessing whether commit messages align with the corresponding code changes. By comparing the semantics of the message and the diff, LLMs can flag misleading or suspicious commits. This could support both security (e.g., catching stealthy malicious code) and developer productivity (e.g., catching mismatches or errors in intent).
Your Part
Build a dataset of commits with messages and diffs, labeled as matching or not. Prompt LLMs (or fine-tune) to classify these pairs or generate explanations. Evaluation could include accuracy metrics and case studies of real-world suspicious commits from public repositories.
Prerequisites
- Familiarity with Git and GitHub
- Basic knowledge of NLP or deep learning
- Experience with LLM APIs or related frameworks
Related Work
In Progress
-
BSc/MScDeferring Flow-Sensitivity of Alias-Aware IFDS Problems to the Path Reconstruction Phase
-
BScSecurity ShowCase: Designing, Attacking, and Defending an RFID-Based Smart Lock
-
MScGeneralizing Code Representations for Binary Code Similarity Detection Using Function Name
-
MScLLM Automated black-box adversarial prompting for large language models
-
MScAutomated black-box adversarial prompting for large language models for Code
-
BScAnalyzing the Migration from Manifest V2 to V3 in Chrome Extensions: Impacts, Challenges, and Automation
-
MScComparison of Explainability Methods for Deep Learning-Based Binary Code Models
-
MScYou're not Firmware! You're just a child! An Analysis of Firmware Transplantation Approaches
-
BScI Know What You Compared Last Night: A Contemporary Analysis of the Timing Side Channel in `memcmp()`
Last update 06.05.2026
