Theses proposals

For fast information you can contact Matteo Zoia (nome.cognome@unimi.it), Andrea Monzani (nome.cognome@unimi.it), Davide Rusconi (nome.cognome@unimi.it), Mirco Picca (nome.cognome@unimi.it) via Email.

• Embedded Systems and IoT SecurityNew
  Possible topics include reverse engineering in embedded devices, implementing real-world attacks and studying security mechanisms for IoT chips. The research will involve analyzing vulnerabilities, developing exploits and exploring countermeasures for secure IoT deployments.
  Advisor: prof. Danilo Bruschi, Andrea Monzani, Matteo Zoia
  Prerequisites:
  • Good knowledge of C/C++
  • Experience with hardware debugging tools (optional)
• Testing Trusted Execution EnvironmentsNew
  This thesis explores Trusted Execution Environments such as ARM TrustZone, Intel SGX, AMD SEV and the new ARM CCA architecture. The goal is to evaluate their security guarantees and executing various test scenarios, secure enclave testing, comparison and practical attack implementations.
  Advisor: prof. Danilo Bruschi, Andrea Monzani, Matteo Zoia
  Prerequisites:
  • Good knowledge of C
  • QEMU, Hypervisor (optional)
• Autonomous Network for CTF and Cybersecurity ResearchNew
  This set of thesis involves designing and developing an autonomous network for security research. The system will facilitate the automatic deployment of attacks and the testing of defense mechanisms. Additional objectives include creating cybersecurity challenges and developing the necessary infrastructure for automated assessment.
  Advisor: prof. Danilo Bruschi, Andrea Monzani, Matteo Zoia
  Prerequisites:
  • Basic knowledge of Docker and networking fundamentals
  • Familiarity with attack techniques (if implementing offensive security scenarios)
• Smart contract vulnerability
  This thesis proposes a methodology for smart contract vulnerability finding that combines symbolic execution and emulation. Smart contracts are self-executing programs that run on blockchain platforms, and they are becoming increasingly popular for implementing decentralized applications. However, smart contracts are also prone to vulnerabilities that can lead to severe financial losses or other adverse consequences.
  Advisor: prof. Andrea Lanzi, Matteo Zoia
  Prerequisites:
  • Good knowledge of smbolic execution with angr
• Smart contract fuzzingNew
  This thesis explores smart contract fuzzing by comparing the effectiveness, performance, and coverage of various state-of-the-art smart contract fuzzers. The study aims to identify strengths, weaknesses, and optimal use cases for each tool in enhancing smart contract security.
  Advisor: prof. Andrea Lanzi, Mirco Picca
  Prerequisites:
  • Basic knowledge of fuzzing techniques
  • Familiarity with linux to be able to inistall and run fuzzers
• Privacy and Web Tracking AnalysisNew
  This thesis focuses on developing privacy-enhancing technologies to study large-scale web tracking mechanisms, such as cookies and fingerprinting and their impact on online marketing. The project may involve building automated tools for data collection and analysis, as well as evaluating privacy-preserving countermeasures.
  Advisor: prof. Danilo Bruschi, Andrea Monzani, Matteo Zoia
  Prerequisites:
  • Knowledge of web security concepts
  • Basic programming skills for web scraping and data analysis
• Security Applications of LLMsNew
  If you have an innovative idea related to security applications of LLMs, it will be evaluated for potential thesis work. The research should focus on novel AI-based security challenge. Advisor: prof. Danilo Bruschi, Andrea Monzani, Matteo Zoia