SSRG Honours Thesis Projects
The thesis topics listed here are available to strong undergraduate students. They are mostly associated with research projects and generally quite challenging; many topics have the potential to lead to a publication, and in average we get about one paper a year from the work of one (or more) undergraduate thesis students. Students who are not aiming for excellence are in the wrong place here.
Note that the below list is constantly updated, new topics are added as we identify them as work on various research projects proceeds. Topics marked are recent additions.
UNSW students can access all of our recent student theses.
Undergraduate Thesis Topics in Software Engineering
- topics supervised by Liming Zhu
- topics supervised by Paul Bannerman
- topics supervised by Ingo Weber
- How to apply
- info for postgraduate students
Undergraduate Thesis Topics in Operating Systems and Formal Methods
We are generally looking for honours candidates, or students with outstanding performance in operating systems. Specifically we guarantee a thesis topic to any student who has obtained a HD grade in UNSW's Operating Systems or Advanced Operating Systems course, no matter what their other grades are!
- topics supervised by Gernot Heiser
- topics supervised by Ihor Kuz
- topics supervised by Gerwin Klein
- topics supervised by Kevin Elphinstone
- topics supervised by Leonid Ryzhyk
- How to apply
- info for postgraduate students
Present topics supervised by Gernot Heiser (official list)
- 3344: Virtualized Windows on seL4
seL4 is routinely used as a hypervisor to run Linux. Its use could be more widespread if it supported running unmodified Windows binaries. However, Windows shows it's DOIS heritage in its boot process, starting off in 16-bit mode. Most hypervisors supporting WIndows therefore contain a big and ugly x86 emulator, which dramatically bloats the trusted computing base.
The aIm of this project is to virtualise Windows without emulation of legacy hardware modes. This can be achieved by booting a Windows system on hardware and taking a dump. On the seL4 system, the virtual-machine monitor then initialises the hardware to get it into the state expected by the a just-booted Windows system. At this stage it should be possible to undump the Windows system and get it running with minimal emulation code in the hypervisor.
Novelty and Contribution: First full virtualization of an unmodified Windows binary without emulating legacy hardware modes. If done well, this should be easily publishable.
- 3343: Preventing cache-based covert channels without flushing
Caches, like other shared hardware, present a potentially high-bandwidth covert timing channel. The normal approach to preventing this channel is to flush all caches on every context switch. As context switches are frequent in microkernel-based systems, this mitigation strategy has a desastrous performance impact.
This project is to explore an alternative approach to flushing, namely preventing sharing of the cache. This is made possible by a unique aspect of the design of seL4, which separates kernel data similarly to user data, and has almost not shared kernel data structures (a covert channel analysis of those shared kernel data structures is subject to a different project).
Specifically, page colouring can be used to partition the L2 cache between two security compartments so that they never use the same cache line. Cache pinning can be used to achieve the same for the L1 D-cache, both are straightforward. Sharing of I-cache lines can be prevented by replicating the kernel code, so that each partition executes its own copy of kernel instructions, and using cache pinning to keep them separate. This part requires careful design to get right (e.g. how do you boot?)
Novelty and Contribution: novel, low-overhead scheme to prevent cache-based covert channels.
- 3342: Port Google Go to seL4
Google Go is a small but managed programming language. It is type- and memory-safe, has a syntax based on C but is aims to support concurrent programming and as such has constructs similar to Ada. These features make it suitable for programming high-assurance systems, particularly in combination with a high-assurance operating system and run-time environment.
This opportunity exists with the formally-verified seL4 microkernel, which provides a rock-solid foundation for software, Porting Go, particularly its lightweight "native" run-time, to seL4 is the first step towards making this a reality. It may enable verification of the small run-time, and thus provide a programming environment of unprecedented dependability.
Novelty and Contribution: First type- and memory-safe programming environment on a verified OS kernel, and potential to verify the whole RTE.
- 3297: OS for a space
UNSW has successfully bid for participation in the EU QB50 project project, building a QubeSat satellite for a launch in 2014.
This project is to design and implement a ciruit board for a flight computer, and build an seL4-based faut-tolerant operating system on top, able to support critical attitude-control software running side-by-side with less critical DVB-S2 encoding of data for transmission to the ground.
This is a project for two students, one designing and building the hardware, and the other designing and implementing the OS. The first student must have experience in PCB design, the second one solid knowledge in OS internals (having done COMP9242 is strongly recommended). This is a collaboration with the Australian Centre for Space Engineering Research (ACSER).
Novelty and Contribution: First ARM-based flight computer. First multi-criticality system in space. First Australian-designed and -built OS in space.
Prerequisites: OS part requires extensive OS internals experience, should have taken COMP9242. Hardware part requires experience in PCB design
- 3211: Secure Browser OS
A secure web browser with a minimum trusted computing base has been propagated as a way to protect against browser exploits, for example IBOS. Such an approach is a big improvement over present practice, but is still at the mercy of an underlying OS which isn't trustworthy.
This is changed with the availability of the formally-verified a seL4 microkernel, which can present a truly trustworthy basis for a secure browser. This thesis is to design and implement such a secure browser OS on seL4.
Novelty and Contribution: First truly trustworthy web browser.
- 3210: Evolvable Trustworthy System
The Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG) and implemented on many PC platforms supports a secure boot and remote attestation (where an external agent can ascertain that the system is in a particular software configuration). However, the TCG approach has been a considered a failure for end-user devices, as it does nothing to ensure that the “trusted” software is trustworthy and does not support upgrading it when it has found to be vulnerable.
The formally-verified seL4 microkernel presents an opportunity to make TPMs useful: seL4 is truly trustworthy, so attesting that it is running provides real assurance of trustworthiness. seL4 itself can then be used to instantiate a trusted software stack, and protect it from untrusted components, and it can be used to upgrade the trusted software securely.
This thesis is to build a demonstrator of an seL4-based, evolvable trustworthy system. This will require implementing TPM-facilitated secure boot of seL4 and some trusted base which can be remotely attested. If time allows, demonstrate secure software evolution.
Novelty and Contribution: Such an approach to a practical TPM_based trusted system has not been demonstrated, and will constitute publishable research.
I will not take on students who have not shown a convincing performance in COMP3231 ``Operating Systems''. I normally expect students to have done COMP9242 ``Advanced Operating Systems'', although I make exceptions in special cases.
Most topics can lead to publications.
Present topics supervised by Ihor Kuz (official list)
3287: Secure terminal on seL4
seL4 is a formally verified microkernel for building secure systems. A key element of such systems is secure access to terminal I/O (i.e. the screen, keyboard, and mouse), which means that different applications can get user input and output without worrying that other malicious applications (such as a key logger) can interfere. Nitpicker is a secure display architecture developed at Technical University of Dresden. In this project implement a version of Nitpicker for seL4, and use it as the basis for building a secure windowed terminal. Evaluate the resulting system by analysing its functionality, performance, and security.
3288: seL4 AUTOSAR
seL4 has been developed to be the basis for building secure systems, however, it can also be used as the basis for safety-critical systems, such as those used in cars. With seL4 in such systems, it becomes possible to provide guarantees about memory isolation properties, which is crucial for safety-critical systems. Besides memory isolation, seL4 also has known timing properties, making it possible to give timing guarantees, which is important for real-time systems such as those found in cars. The goal of this project is to investigate the role that seL4 can play in such systems by implementing the AUTOSAR automotive framework to use seL4 as the underlying OS.
3289: Qubes on seL4
Qubes is a new operating system architecture for developing secure desktop systems. It is based on isolation, running each application in a separate virtual machine so that they cannot maliciously interfere with each other. However, Qubes is based on Xen, which is a relatively heavyweight, and unsecure, hypervisor. Qubes would be much better if it ran on, and relied on, seL4 for its isolation. In this project you will implement a version of Qubes on seL4, and evaluate it by running various applications to analyse the security benefits that seL4 provides.
1268: Shared resources in an microkernel-based OS
One of the key services that an OS provides is a managing access to shared resources. For example, a file system manages access to shared disk space, a network stack manages access to a network device, a window system manages access to the display, etc. In a modular, microkernel-based OS, these shared resources are managed by user-level services. In this project you will investigate ways of modelling such shared resource managers within the CAmkES component framework on seL4 and develop a suitable model for building such services in a componentised environment. You will assess the suitability of this model by designing, implementing, and evaluating one or more such services (e.g., a file system, a network stack, etc.).
IK10: Click Modular Router on L4
Related topics supervised by Gerwin Klein (official list)
GWK01: Formal Model of an ARM Processor in
Develop a specification of an ARM processor (e.g. Xscale) suitable for use in formal verification of programs. A similar such model for an MMU-less ARM6 core has been developed by Anthony Fox at Cambridge in the HOL4 system. This should be examined for its usability, and for what is missing with respect to a full model of an Xscale processor. If time allows, an instruction-set level simulator should be generated from the model. This project is an integral part of the formal verification of the L4 micro kernel at NICTA. It connects cutting edge OS research with real-world large-scale system verification. You will work with the developers of L4 and Isabelle in an international team of PhD students and researchers in NICTA's SSRG group.
GWK02: Verifying the core of standard C library in Isabelle/HOL
You will work with a state-of-the-art interactive theorem prover (Isabelle/HOL) to formally verify the functional behaviour of a small number of basic C functions like memcpy, memset, etc. The verification of these functions is at the basis of any undertaking that wants to provide guarantees about programs implemented in C. This project is an integral and important part of the formal verification of the L4 micro kernel at NICTA. You will work with the developers of L4 and Isabelle in an international team of PhD students and researchers in NICTA's SSRG group.
GWK03: Formal Model of L4 IPC and/or Threads in Isabelle/HOL
Develop a specification of a subsystem of the L4 microkernel in the theorem prover Isabelle/HOL. L4 provides three basic abstractions - address spaces, threads and IPC. An abstract model has been developed for address spaces and the virtual memory subsystem, the aim of this project is to provide a similar model for one or both of the remaining abstractions. In addition, an investigation into high-level properties of this model will be undertaken, together with the development of proofs that the models satisfy these properties. If time allows, the model will be refined towards the L4Ka::Pistachio implementation on ARM. This project is an integral part of the formal verification of the L4 micro kernel at NICTA. It connects cutting edge OS research with real-world large-scale system verification. You will work with the developers of L4 and Isabelle in an international team of PhD students and researchers in NICTA's SSRG group.
Related topics supervised by Kevin Elphinstone (official list)
- 2981: Secure microkernel-based web server using Linux instances
Our research group has developed a formally verified secure microkernel that supports virtualisation. We have a version of Linux that runs on top of this kernel. The goal of this project is to develop a secure web server platform consisting of a instance of Linux running in the DMZ and an instance of Linux running on the trusted network - all actually running on the same machine using the secure microkernel to separate them. This project has the chance to be deployed as a demonstrator for our groups web site.
KJE15: A Secure Bootstrapper for the seL4
The seL4 microkernel is a high assurance microkernel capable of acting as a seperation kernel when it and the encompassing system is instantiated correctly. The goal of this thesis is to develop a simple component model that can specific an initial system state - i.e. the servers and applications that will run on the microkernel. THe component model is then used to generate the boot strapping code to instantiate the system with the specified seperation guarantees. The project may involve evaluating the existing CAMKES framework for the component model, and looking at formal models and guarantees for both the component model, and the generation of the boot strapper.
KJE16: Linux as a component.
NICTA has various versions of Linux that run para-virtualised on various versions of micro-kernels developed here at NICTA. However, the connection between Linux and the platform is rather ad-hoc, which makes is difficult bring Linux into the principled componet framework (CAMKES) developed here at NICTA. This project would involve examining the interface between the micro-kernel and the support infrastructure to allow Linux to be just another component in the CAMKES framework.
KJE17: ARTEMIS robotic clarinet player
NICTA is entering the ARTEMIS intrument playing robot competition. This project involves developing the system software side of the robot, with an eye to making it general enough to use it for future entries. It involves low-level embedded controller programming, Linux kernel programming, and application programming. A familiarity with music is also helpful.
Present topics supervised by Leonid Ryzhyk (official list)
- 3221: Design and implementation of an algorithm for automatic device driver synthesis
Device-driver development is a notoriously difficult and error-prone task. An alternative approach to manually writing device drivers is to automatically synthesize them from a formal specification of the device and a specification of the interface between the driver and the OS. In this thesis project you will design, implement, and evaluate an algorithm for automatic driver synthesis. The main challenge involved in this project is dealing with state explosion that occurs when analysing realistic device specifications. In order to overcome this problem you will explore techniques such as compositional synthesis and abstraction refinement. This work will be carried out in close collaboration with other NICTA students and researchers working on driver synthesis.
- 3222:Modelling of I/O devices for automatic device-driver synthesis
Device-driver development is a notoriously difficult and error-prone task. An alternative approach to manually writing device drivers is to automatically synthesize them from a formal specification of the device and a specification of the interface between the driver and the OS. In this project you will develop specifications of several I/O devices for use in driver synthesis. Such a specification constitutes a model of device operation written in a high-level hardware description language (HDL) such as SystemVerilog or DML. You will then use these specifications to synthesise working drivers for the selected devices. In the course of this work you will identify limitations in the synthesis tool and will work with other students and researchers on improving the tool and the underlying algorithms.
- 3071:Reliable Device Driver Framework for Linux
As part of an effort to put an end to the numerous software failures caused by buggy device drivers, our research group is developing a new device driver architecture for Linux. This architecture eliminates certain types of bugs by design and makes writing correct drivers easier. In addition it facilitates automatic detection of driver bugs by model checking tools. In this project, you will develop Linux kernel components as part of our driver development framework and will implement and one or more drivers using this framework. You will also come up with a formal specification of the interface between the driver and the OS and will use a model checker to verify the your drivers comply with this protocol. The outcome of this work will be published in one of the top OS conferences and will be proposed for inclusion in the Linux kernel.
Contact the relevant supervisor.
Note for OS/FM related topics: We promise a thesis topic to every interested student who has obtained a HD grade in COMP3231/COMP9201 Operating Systems or COMP9242 Advanced Operating Systems. If necessary we will define additional topics to match demand.
We will not turn down any students doing exceptionally well in OS courses. However, this does not mean that an HD in OS or Advanced OS is a prerequisite for doing a thesis with me. Interested students with lower OS marks are welcome to talk to me if they feel they can convince me that they will be able to perform well in an OS thesis.
Keep in mind that these topics are all research issues and generally at the level of Honours Theses. They are not suitable for marginal students or students with a weak understanding of operating systems. We expect you to know your OS before you start.
Past thesis reports and DiSy thesis rules (internal access only)
Undergraduate thesis topics are also suitable for coursework Master's projects. Same conditions apply: You must have a pretty good track record in OS courses for OS and FM related topics.