Supervision

This page lists projects I currently supervise. Students that finished their projects and graduated are listed on the page of supervised theses. A LaTeX template for OU theses has been kindly provided by Annet Vink and Katleen de Nil (based on the work by Niels Tielenburg).

PhD projects

• Future-proofing recovery of deleted files
  Vincent van der Meer, PhD thesis, OU & Zuyd University of Applied Sciences.
  Co-supervised with Jeroen van den Bos (NFI).
  Publications: WIFS'19, DFRWS-APAC'20, WSDF@ARES'21, WSDF@ARES'23.
  Related MSc projects: 1, 2.
  Related BSc projects: 1, 2, 3, 4, 5.

  Crime has more and more ties to the digital world. The domain of digital forensics focuses on investigating and preserving digital evidence. However, three trends combine to make this very hard in the future: (i) data carriers are increasing in size, meaning there is orders of magnitude more data to sift through; (ii) more and more items are becoming data carriers, meaning many different items may need to be investigateed; (iii) the ever-increasing diversity in apps means that there is an ever-increasing diversity in file formats where evidence may be stored.

  This project focuses on improving and generalising techniques for recovering deleted files, in order to preserve this important line of digital forensics for future cases.

• Scrapology: scraping-based understanding and improving of online security and privacy
  Benjamin Krumnow, PhD thesis, OU & TH Köln.
  Publications: ESORICS'19, MADWeb'20, SecWeb'20, J. CoSe'21, IMC'21, CoNEXT'22, MADWeb'23.
  Related MSc projects: 1, 2, 3, 4.
  Related internship projects: 1.
  Related BSc projects: 1, 2.

  Data on the web is often volatile: prices you see in a webshop today might have changed tomorrow. In this project, we investigate various aspects of online tracking and build tools to help users track websites themselves.

  The project focuses on using scraping technology to investigate security and privacy on the web. Examples of such investigations include investigating price differentiation and website login security.

Master and bachelor theses projects

• Measuring in-app behavioural advertising in children's apps, master project (OU).
  Eric van der Helm.
  

  Many apps created specifically for children are free. They generate income for their creators by displaying advertisements. There are strict rules for advertising to children (Children's Online Privacy Protection Act in the USA, Digital Services Act in EU). Both of these prohibit tracking children online. This should rule out behavioural advertising. The core idea of this project is to use real-world devices, and automate interaction (e.g., using the method developed by Meesters in his thesis) to check why advertisements in children's apps are shown.

• Carving strategies, bachelor project (OU).
  Nick Huijsmans, Bart Kuijsten.
  

  Most file carvers do not account for fragmented files. Moreover, out-of-order fragmented files have, to date, not been accounted for in any file carver. The goal of this project is to design and compare strategies for searching a candidate next block of a file, given the data available from the WildFrag database on fragmentation, and accounting for out-of-order fragmentation.

• Injecting choices to gauge compliance, bachelor project (OU).
  Dirk Donkers.

  Cookie dialogs have become rampant, but whether they are compliant with privacy regulations is questionable. Various mechanisms have been used to study this question. One promising method, initially explored by Lendering, is to create the consent-cookie instead of manipulating the cookie dialog. This allows for testing abnormal conditions (allowing all purposes but no vendors, etc.). The goal of this project is to find a way to apply this method at significant scale, so as to enable testing various aspects of cookie compliance automatically.

• Historical analysis of cookie dialog dark patterns, bachelor project (RU).
  Violeta Sizonenko

  In their thesis on detecting cookie dialog dark patterns, Koen and Maarten found that within the EU, French websites (that is, .fr websites) offer significantly more often a `reject all' option than other countries. They hypothesized it could be due to the French DPA imposing harsh fines for lack of this button in early 2022. The goal of this project is to look at historical data available from the Web Archive to investigate the origins of this difference.

• Hardening passport authentication against quantum computing, master project (OU).
  Siebren Lepstra

  Passports and other international identification papers have become partially digitized. Modern versions allow for various forms of digital interaction with an embedded chip. The goal of this project is to evaluate the various authentication flows for susceptibility to attacks by quantum computers, and to propose strengthened protocol designs where necessary.

• Investigating password rules in the wild, master project (OU).
  Coen van Driel

  Passwords are by far the most widespread means of authentication in the digital world. However, weak passwords constitute a security risk. Therefore, apps and websites can enforce rules to make sure users use strong(er) passwords. The goal of this project is to investigate what types of rules are enforced in the wild, and whether the enforcement happens on the client-side only, or on both client- and server-side.

• Measuring effect of obfuscation on smart contracts, master project (OU).
  Martin Broers

  Smart contracts are, by nature, publicly available. Obfuscation have been used (e.g., by CryptoKitties) to prevent others from easily reverse-engineering the smart contract. There are various obfuscation techniques that may be applied to smart contracts. It is not clear whether all of these increase the costs of execution in any given situation -- it is even possible that in some cases, obfuscation may help reduce execution costs. The goal of this project is to implement several obfuscation techniques, apply them to a large set of smart contracts and measure the effects of obfuscation (in terms of execution costs as well as code size and other relevant metrics).

• Detecting Dark Patterns in Cookie Dialogs, bachelor project (OU).
  Robin Jansz

  So-called "dark patterns" are tricks in the user interface, to nudge users towards or away from options. This project will investigate the use of dark patterns in online cookie dialogs. The goal is to build a dark pattern detector and test it on websites within the EU.