Supervision

This page lists projects I currently supervise. Students that finished their projects and graduated are listed on the page of supervised theses. A LaTeX template for OU theses has been kindly provided by Annet Vink and Katleen de Nil (based on the work by Niels Tielenburg).

PhD projects

• Future-proofing recovery of deleted files
  Vincent van der Meer, PhD thesis, OU & Zuyd University of Applied Sciences.
  Publications: WIFS'19, DFRWS-APAC'20.
  Related MSc projects: 1.
  Related BSc projects: 1, 2, 3, 4, 5.

  Crime has more and more ties to the digital world. The domain of digital forensics focuses on investigating and preserving digital evidence. However, three trends combine to make this very hard in the future: (i) data carriers are increasing in size, meaning there is orders of magnitude more data to sift through; (ii) more and more items are becoming data carriers, meaning many different items may need to be investigateed; (iii) the ever-increasing diversity in apps means that there is an ever-increasing diversity in file formats where evidence may be stored.

  This project focuses on improving and generalising techniques for recovering deleted files, in order to preserve this important line of digital forensics for future cases.

• Scrapology: scraping-based understanding and improving of online security and privacy
  Benjamin Krumnow, PhD thesis, OU & TH Köln.
  Publications: ESORICS'19, MADWeb'20, SecWeb'20, J. CoSe'21, IMC'21.
  Related MSc projects: 1, 2, 3.
  Related internship projects: 1.
  Related BSc projects: 1, 2.

  Data on the web is often volatile: prices you see in a webshop today might have changed tomorrow. In this project, we investigate various aspects of online tracking and build tools to help users track websites themselves.

  The project focuses on using scraping technology to investigate security and privacy on the web. Examples of such investigations include investigating price differentiation and website login security.

Master and bachelor theses projects

• Investigating password rules in the wild, master project (OU).
  Coen van Driel

  Passwords are by far the most widespread means of authentication in the digital world. However, weak passwords constitute a security risk. Therefore, apps and websites can enforce rules to make sure users use strong(er) passwords. The goal of this project is to investigate what types of rules are enforced in the wild, and whether the enforcement happens on the client-side only, or on both client- and server-side.

• A graph-based approach to detecting outliers in academic publishing, master project (RU).
  Wibren Wiersma

  Fraud in academic publishing typically caught in one of two ways: it is a type of fraud for which there exist detection tools, or no detection approach has been devised. Fraud in the latter category can only be uncovered by whistleblowers -- typically, at great personal expense. However, much of academic fraud has the same purpose: to improve one's standing in the academic community by manipulating measurements of academic standing.

  A previous project by Ewoud Westerbaan recognised that specific types of fraud impact the data in specific ways. Outliers for such ways can then be distinguished from regular academics. This project takes that concept one step further: it is possible to recognise the characteristics of such manipulated improvements in a graph representation of the data?

• Measuring effect of obfuscation on smart contracts, master project (OU).
  Martin Broers

  Smart contracts are, by nature, publicly available. Obfuscation have been used (e.g., by CryptoKitties) to prevent others from easily reverse-engineering the smart contract. There are various obfuscation techniques that may be applied to smart contracts. It is not clear whether all of these increase the costs of execution in any given situation -- it is even possible that in some cases, obfuscation may help reduce execution costs. The goal of this project is to implement several obfuscation techniques, apply them to a large set of smart contracts and measure the effects of obfuscation (in terms of execution costs as well as code size and other relevant metrics).

• Detecting Dark Patterns in Cookie Dialogs, bachelor project (OU).
  Koen Berkhout, Maarten Meyns, Robin Jansz So-called "dark patterns" are tricks in the user interface, to nudge users towards or away from options. This project will investigate the use of dark patterns in online cookie dialogs. The goal is to build a dark pattern detector and test it on websites within the EU.
• On-the-fly scriptless security scraping, master project (OU).
  Jeroen Hoebert

  TESTAR is a Java-based tool for GUI testing. It has recently been expanded to enable testing of websites (using Selenium + Webdriver). TESTAR does this in a random fashion: it does not follow a pre-programmed path over the site, but selects links at random to follow. It continues this process to establish a complete picture of a website. This allows for a more holistic view on the security of the site: does one part of the site adversely affect security of another part? The goal of this project is to incorporate scanning for various security aspects into a holistic security assessment tool using TESTAR, such as cookie security, HTTP headers, use of insecure connections, etc.

• Enabling seamless 2FA, master project (OU).
  Jan Ouwehand

  Smart phones are nowadays ubiquitous and can be used as a "what you have" factor in two factor authentication (2FA). The goal of this project is to enable such functionality to happen seamlessly, that is: presence of the phone is automatically detected. Depending on the use case, an "okay" button may need to be pressed on the phone, or the authentication automatically succeeds based on proximity of the phone.