MScThesis

Teaching

• A Watchtower for Discovering the Nostr Ecosystem | Teaching

  Notes and Other Stuff Transmitted by Relays (Nostr) is a decentralized communication system built on open protocols, enabling censorship-resistant and permissionless information exchange. Its development is driven by Nostr Improvement Proposals (NIPs), which define modular features that developers implement selectively, leading to an intentionally highly flexible and diverse ecosystem. This project aims to analyze Nostr from both a data-driven and software-engineering perspective, examining its usage patterns, architectural variations, and the broader implications of its decentralized design and development paradigm.

• An Investigation Of Location Privacy In Mobile Applications | Teaching

  Context

  Recently, several news articles showed that many mobile applications collect location data from their users without their consent. This is a severe violation of privacy, as the location data can be used to track the user’s movements and habits. Therefore, it is essential to investigate the location privacy of mobile applications to understand the extent of the problem.

• Automated Test Selection for Simulation-based Testing of UAVs | Teaching

  Context

  Unmanned aerial vehicles (UAVs), also known as drones, are acquiring increasing autonomy. With their commercial adoption, the problem of testing their safety requirements has become a critical concern. Simulation-based testing represents a fundamental practice for cost-effective testing of UAVs.

• CBOM Evaluation and Benchmarking for Cryptographic Inventory Management | Teaching

  Assessing CBOM standards and tools, developing benchmarking and evaluation strategies for cryptographic inventory management.

  Context

  A Cryptographic Bill of Materials (CBOM) aims to systematically track and document cryptographic components in IT systems. While various CBOM generation tools and standards exist, their real-world effectiveness, efficiency, and comparability requires further research. This project aims to bridge this gap by establishing unified benchmarks for baseline comparisons and unbiased evaluations.

• CI/CD-Enhanced Conflict Resolution: Feasibility and Potential for Smarter Merging | Teaching

  Context

  Concurrent editing in cooperative software development often results in merge conflicts. Human effort is needed to resolve such merge conflicts. Studying merge conflicts and how to (semi-)automatically resolve them is an active research area.

• Creating A Graph Dataset For The Android Framework | Teaching

  Context

  Static- and Dynamic Taint Analysis is a technique to track the flow of information in software. However, the analysis of the Android Framework is challenging because of the complexity of the framework. Therefore, it is essential to create a graph dataset of the Android Framework to analyze the flow of sensitive information in the framework. Currently, there is no dataset available that represents the Android Framework as a graph. Aim of this project is to create a graph dataset of the Android Framework that represents the code in a structure that can effectively be queried for taint analysis.

• Detecting Third-Party Libraries in Android Applications at Runtime | Teaching

  Context

  Nowadays, we built software that includes third-party libraries to speed up the development process. However, these libraries can introduce security vulnerabilities into the software. Therefore, it is essential to detect the third-party libraries in the software to analyze their security implications.

• Developing A Testing Framework for Android Content-Providers | Teaching

  Context

  There exists several tools to automate the testing of open-source Android applications over the User Interface. However, there is a general lack of tools that can automatically test closed-source Android applications and other main components of an app, such as context-providers. In this project, we want to develop an testing framework that can automatically test closed-source Android applications. The focus will be on implementing testing tools for content providers.

• Empirical Study on Merge Conflict Dynamics: The Role of Personas in Merge Resolutions | Teaching

  Context

  Merge conflicts are a common challenge in collaborative software development, requiring developers to manually resolve inconsistencies between different code versions. Prior research has explored automated approaches to merge conflict resolution, but the impact of developer behavior and personas on the merge process remains not fully investigated [1].

• Evaluating Refactoring-Aware Merging: An Experimental Study | Teaching

  Context

  Traditional merge tools (e.g., Git merge) often treat refactorings as conflicting changes, leading to unnecessary conflicts. On the contrary, a refactoring-aware approach may recognize and account for refactorings, preventing false positives in conflict detection.

• Investigating best Deep Learning architectures for merge conflict resolution data | Teaching

  Context

  Merge conflict resolution is a critical challenge in software development, particularly in large, collaborative projects that use version control systems like Git. When multiple developers modify the same part of a codebase, conflicts arise that require manual intervention. Existing automated resolution strategies often rely on rule-based approaches or traditional machine learning models, which struggle with complex and ambiguous cases. Deep Learning has the potential to improve conflict resolution by learning patterns from historical merge conflicts and predicting optimal resolution strategies. However, identifying the most effective Deep Learning architecture for this task remains an open question.

• Persistent Risks in GitHub Actions: How Developers Address, Prioritize, or Neglect Security Vulnerabilities in CI/CD Pipelines | Teaching

  Context

  The increasing adoption of continuous integration and continuous deployment (CI/CD) practices has transformed software development, with GitHub Actions playing a key role in automating workflows. Many projects rely on third-party GitHub Actions, which streamline deployment but also introduce security vulnerabilities due to outdated dependencies, excessive permissions, or lack of maintenance.

  Despite the availability of security mechanisms such as Dependabot alerts and the GitHub Advisory Database, vulnerabilities often remain unpatched for long periods, leaving repositories exposed to supply chain attacks. Understanding how developers address, prioritize, or neglect these vulnerabilities is key to improving security practices in CI/CD environments.

• Reducing Simulation Overhead in UAV/Drone Test Generation Using Surrogate Models | Teaching

  Context

  Unmanned aerial vehicles (UAVs), also known as drones, are acquiring increasing autonomy. With their commercial adoption, the problem of testing their safety requirements has become a critical concern. Simulation-based testing represents a fundamental practice, but the testing scenarios considered in software-in-the-loop testing may be different from the actual scenarios experienced in the field.

• Understanding the Bitcoin Ecosystem: A Graph-Based Exploration of BIPs | Teaching

  Bitcoin Improvement Proposals (BIPs) are essential to the evolution of the Bitcoin protocol, characterized by both their individual attributes (e.g., status, categories) and interrelationships (e.g., dependencies, succession). This project aims to mine and structure BIP data, archiving it in a browsable format that captures both these characteristics and connections. Through graph-based visualizations and analysis, we seek to enable a more interactive exploration of the BIP landscape, enhancing both understanding and insight into the proposals and their roles within the ecosystem.