If you are interested in language processing, take a look at Forum Open Language Translation (FOLT). They are working on a translation support software on open source base called TMOSS (Translation Memory Open Source System). They are looking for participants and developers. You can download an expose of their ideas. .

The RUS offers very interesting research projects and sometimes hiwi jobs. Take a look at research projects and job offers.

. The research topics cover almost everything related to large scale computing like federated security, clustering etc.

1. Security Evaluation of XML Firewalls and Web Application firewall products o create market overview o description of current technologies o description of upcoming technologies Prepare decision which product is feasible for the company requirements. The company is a large, global enterprise. The thesis includes theoretical parts as well as an integration of WAF technology into the infrastructure. The company could probably create two thesis jobs from this one.

2. Modeling of large scale system architectures -definition of a generic "Dictionary of elementary functions" and creation of a guide how to define and model a functional model. This thesis should create the "role model" of functional modeling within a company. No specific operating system knowledge is required.

3. Modeling of a new client desktop environment based on Vista (using Sysml). We are talking environements with more than 40000 desktops and more than 1000 servers.

4. User-Analytics Investigate methods to track user behavior not only in web applications. This includes generation of attentional meta-data from behavior data (log-files, clicks etc.) and the analytical methods behind. Application instrumentation etc. is also a topic. Classic tools like webtrends are too narrow in this case. Search applications are one example but the results should be also applied to other application types. Read "programming collective intelligence" to get an idea of the machine learning methods useful for tracking users. Read "findability" to get an idea of its application for search engines.

5. Performance Analytics, Reporting and Monitoring in a global Enterprise This work deals with the problem of performance in distributed environments with multiple communication protocols and architectures. Goal is to create a monitoring system that allows tracking of complete business processes and the generation of high-level events from the combination of several low-level events (complex event processing). Applicants should be familiar with J2EE and perhaps other types of middleware and have an interest and broad problem spaces. Analytics and reporting are also involved.

Technical, legal and organizational aspects of e-voting in an university environment. Security analysis, policy etc. Evalutation of open source e-voting programs.

Use random access methods to uncover security problems in applications and system software.

Test peer-to-peer gaming frameworks for reliability and performance. Investigate bottlenecks and design issues with MMOGs.

Use the new language by OMG for system architecture modelling - together with some excellent simulators and generators from Ilogix.

Build a language to express GUI requirements - together with Xtronics, a leading car multi-media company.

Design and build a fancy portal for students, together with a publishing company in Munich.

(1) High-Availability Infrastructures, small and embedded systems (together with Stephan Rupp, Kontron) (2) Software-Technik Praktikum: compare concepts like OSGi with middleware for high-availability (with Stephan Rupp, Kontron).

Take Kevin Mitnicks book on "the art of deception" and create a classification of user errors which where exploited by Mitnick. Build a user conceptual model from those. Apply it to browser security. Does browser security work on the same semantic level? Is there a huge gap between resources the browser tries to protect and how people think and act? Speculate on better machine representations for user semantic models. This could be done together with a student from usability or information design faculties.

Develop new Fuzzing Tools and embed them into a new testing methodology.

Investigate security in Firefox. Javascript in the context of Web2.0: do we need new browser security models beyond "same origin"? Make Firefox Extensions and Plug-Ins remote: Architecture, Design, Prototype such an isolation approach. Do an investigation of Firefox security vulnerabilities - see any changes in type or frequency over time? Compare Firefox with the DARPA browser project by Combex.

Try ontology tools: IBM Integrated Ontology Development Toolkit An ontology toolkit for storage, manipulation, query, and inference of ontologies and corresponding instances. New version is a maintenance release.

Take the thesis from Mirko Bleyh on the modeling of operational aspects as a starting point to model security aspects.

One day the bandwidth to the internet may not be large enough for search engine companies - too many new pages join the web every day. How could we use the distributed computing power of edge machines for a better search index? What if we combine the distributed hash table technology with a seti@home like approach? Take a look at grub or YACY . And don't forget the tradingcenter project by Ron Kutschke and Markus Block which implements a distributed auction platform and which could be used as a start for a distributed search engine.

Use the UIMA framework (see IBM alphaworks) to design a system where "higher" modules (e.g. a semantic module) can give hints back to "lower" modules like word recognizers or taggers.

Enterprise level security is far from easy. Architectures like J2EE and .NET try to hide the complexity but still allow all the flexibility needed. Code access security, JAAS, identities and run-as modes, delegation and tracking, backend-access and registries. And tons of APIs to encrpyt, create secure sessions, declare or program calls and so on. Add interoperability to this with GSS-API or the webservices interfaces and developers are facing quite some challenges. One of the best books on J2EE 1.3 security that I found yet is - surprise - a book on mainframe security. The z/OS WebSphere Application Server V5 and J2EE 1.3 Security Handbook with its additional material . It shows how requests flow from the DMZ through web and application servers to backend services and databases on mainframes. And it gives a good explanation of how the identities, roles and privileges change during such a flow, based on the capabilities of J2EE and its declarative or programmatic features.

And the additional material is also very interesting. Some people at IBM tried to verify all security related interfaces with example programs - called SWIPE. The code is available for this and my idea was to turn this code into a learning facility for secure programming. It could start as a software-technik-praktikum at HDM where a group of students could try to improve the demo application(s) and learn a lot on security APIs and infrastructure. GO AND PORT IT TO JBOSS!!

Dennis Pilipchuk in the meantime is exploring Webservices Security and available frameworks which could go into the demonstration software as well.

Anand Raman wrote a nice piece on how to Create an anonymous authentication module and manages to explain basic J2EE security principles at the same time time.

The result would be a much improved understand of security infrastructure and programming.

SVG is VERY HOT!! A top company is interested in a component which could render a small sub-set of SVG. It should be extensible through a simple plug-in interface. All SVG elements which are not recognized would be forwarded to the interface which could then be implemented by the user of the component. The whole thing would also work well as an open source project. How to proceed: The company would help to design the basic architecture of the viewer. The company would define the SVG subset - at this point in time without dynamic elements. The plug-in interface would be used to implement dynamic events - e.g. mouse over events. The following two screenshots show the number of elements:

More ideas for interesting projects. Like a wireless connection to HMD's, formal proof of firewall rule sets and an evaluation of multi-media archives.

E-Learning content (IMS CP) and questionaires/tests/examinations (IMS QTI) are frequently very heavy on the text side. But some content and questions are better presented in a more visual and interactive form like e.g. a puzzle. Today flash is a very popular choice for client development. But if a client want to upload results to the learning system a server side API is needed which accepts the results. Flash remoting is the keyword here. Also interesting is OpenAMF. Alternatively DVG 3.0 could be used instead of Flash.

With Eclipse 2.1 the container for plug-ins was re-written (Equinox) und with 3.0 Eclipse implements an OSGi-Container (Open Services Gateway Interface, open standard used in mobile and automotive industries). OSGi can dynamically load and unload plug-ins and has much better plug-in management features. OSGi contains an Http server. Goal: develop an EclipseServlet API, test the architecture for this purpose. Does it work? Multithreading issues? Security? Needs a good understanding of the Java/Container class-loading mechanism.

Extend a jxta based trader service with a reputation system. The idea is to extend the software project from last term with a reputation system that works without central servers. Take a look at e-bay and you will see that there is not really this much function and reliability behind their reputation system. Can we simulate it with p2p mechanisms? The next step would be to run p2p auctions once reputation is established.

Build portals for embedded control applications (automation, control etc.).

Automatic transformation of images (vector based) into formats for different display devices (PDA, 17", 19"). Treansformation of schema-drawings into technical descriptions and back.

Portals are still a hot topic for companies. They are now used on different levels ranging from Nanoportals to Macro and Enterprise Portals. What are possible technologies to be used under Linux? Perhaps take a look at Uportal , a JSR 168 compatible portal platform used by many universities and companies worldwide. Build applications on various portal platforms using the JSR 168 portlet API..

Eclipse is now freqently used as a standard platform both for development and runtime. How does it work for embedded Linux? Together with a well-known company in building automation you could investigate possible applications and perhpas build a prototype.

The goal would be to understand the concepts of meta-modelling (Markus Voelters paper is a starting point) and to develop an editor for the ecore model and meta-model used in Eclipse. Get the book on the eclipse modelling framework if you are interested in this topic.

Not only universities live from establishing a network of partners, friends and ex-members. Joint projects, sponsoring etc. all need dependable data about contacts, interests and other information. The goal of this project would be to build an information base that is able to not only keep simple informations about persons but can store the relations between partners. Topic Maps could be one approach here. The frontend should be web based. Access control should allow some of the information to be public and other parts (strategic) to be available only to qualified persons. Students could use this base to find business partners for thesis works. University personnel can use it to raise funds or plan events.

The idea is about using smartphones, generic UI devices and wireless headsets in helmets to provide groups of motorbikers with a cheap group communication feature based on bluetooth wireless networks. A more detailed description can be found here .

Investigate the technological and social mechanisms behind the new darknets - cryptographically closed environments for content swapping etc.

About 5 years ago - obsessed with XML and its use - I painted a diagram of an information interconnection architecture for a large private bank. I called it the XML Info bus and I have seen similiar diagrams in the following years at many places. Luckily I was never forced to live up to this proposal and pretty much forgot about it. Now it seems it will return under the name Enterprise Service Bus and it is supposedly better than sliced bread. That is if you believe the webservices portal . But taking a closer look would not hurt and it would serve as a nice topic for a study or thesis work.

Motion capture nowadays needs head mounted display (HMD) technology to create a virtual reality for the person in the capture suit. A cable running from a computer to the HMD is a real handicap for that person. So how could a wireless solution work? Electricity is not such a problem - I checked that a little backpack with batteries is possible. What is a real problem is the bandwidth needed between the computer and the HDM. We are talking regular broadcast signal which runs at around 50 Mbits. Therefore we need to compress the signal and decompress it in realtime at the HMD. Interested? I bet you are. C't magazine runs an article on HMD technology in the end of January issue. I'd like to start this at the beginning of the summer term.

Turns out lately that most streaming media solutions are a bit weak on the archive side. But an archive is an indispensable quality of every solution here. What makes a good archive? What is the necessary storage quality for a media archive etc.?

A larger set of rules in an iptables firewall script is quite hard to make right. What if you would like to have a proof that your rules really do what you wanted? A verification strategy must include something your rules could be verified against - shall we call it FWML (Firewall markup language)? Anyway - if you are interested in formal verification this would be a good topic to spend some time on. And I'd be more than happy to test your solution (;-)

Linux as a central media station in residential zones. Setup and run an embedded linux station as the central media server for a household. Connect divx players, capture TV from satellites etc.

Here come some ideas from Ansgar Gerlicher, our specialist for wireless and mobile computing

Please contact Ansgar for company contacts and further informationd.

When I met my friend Arthur Neudeck from Giniality we quickly got into a discussion of interesting java projects. BTW: Arthur is the inventor of "travelling objects" - a framework for mobile agents developed at the FH Furtwangen. Arthur suggested the following topics:

For every technical question we could probably build a business case easily if needed.

Currently most of the software used to perfrom examinations runs on windows. The OLAT project with the Universtiy of Zurich provides a chance to offer the same functionality - free of charge - on unix/linux platforms. As I've recently mentioned here I am looking for ways to provide an academic linux certificate. One requirement from an organizational point of view is to have automated test procedures in place. My friend Andreas Kapp is working on OLAT which includes such a facility. A thesis or lab project should investigate how OLAT could be used at HDM (functionality, security, maintenance). The idea would be to take e.g. the LPI materials (or something similiar) and create automated tests for them. Tests would be performed in-house only to make the security worries smaller.

Multimedia networking systems like MOST (Media Oriented System Transport) will transfer cars into entertainment and information centers. If you are interested in embedded control technology (virtual machines, interfaces, wireless etc.) and you won't mind some exposure to C or C++ besides Java I know a company that does this kind of high-tec, e.g. implementing a scripting system for embedded control. Other interesting challenges could be to develop a security concept for native interfaces connecting virtual machines securely too lower level hardware. Send me mail if you are interested.

More and more content management or publishing systems switch internally to an XML representation of content. A sore spot for those systems is usually the user interface. How much XML will e.g. publishers see? Can a system hide the fact of XML structured authoring from business users? Or does this compromise the whole advantage of using XML in the first place? MS-Office 2003 in its enterprise edition supports a wysiwyg editing mode and maps the presentation oriented view to XML structures. A lot of XSLT processing is done behind the scenes and the question is: how does it work exactly? Are all XML models possible? Will users accept the interface? And perhaps finally: how could a good editing interface for end-users look if we want to keep the advantages of XML?

Based on a real application the student should investigate the possibilities of automatic testing - both externally by automated GUI tests (scripts, test languages etc.) and internally by defining unit tests on the development level. The study should cover functional testing (does the application what we want?) and non-functional testing (are performance, security OK?). In the second half of the thesis the student should use the results to implement those tests (e.g. by using a test toolkit/language etc.) How can we show that automated testing really makes a difference in production quality?

Will a large application profit from generative methods? Which ones should be used? The thesis would only research generative methods, their implementation and results - not the question of WHERE to use this technology in a given application. Dealing with the WHERE usually requires very good domain knowledge and a carefully applied domain analysis.

For this thesis the student should perform a domain analysis with the goal of finding commonalities and variations within a certain domain. An existing application from this business domain should then be analysed for existing (or missing hot spots) and the results combined with the results of the domain analysis. How could a software production line in this business domain look like? What other types of applications in this domain would then be possible?

SVG is a way to use client side cycles for the presentation of vector graphics which are generated on the server side. Is SVG a feasible solution today? What tools and applications exist that understand SVG? (Needs more thought...)

I've noticed that quite a number of my students work with generative tools during their thesis. They either create GUIs automatically from meta-data, build EJB components with facades etc. from templates and sometimes even write generative plug-ins for eclipse. Template technology is also very common in other frameworks like Apache Struts. It is time to take a closer look at the template technology as used in Open Source Frame Processor and see how this could be used e.g. within a model driven architecture approach. This is actually an idea of my frriend Thomas Neumann.

If you are not familiar with the concept of a wiki take a look at the mother of all wikis . A wiki is a lightweight collaborative content management system that I have used especially to support software development teams. It allows everybody to edit pages and create new ones. Formatting is extremely simple. Most wikis are backed up by something like CVS. The wikis I know (e.g. twiki, a very feature rich version written in Perl) does not really allow concurrent modification. It used to warn you if somebody was editing a page already. This could be improved by using Webdav (web distributed authoring and versioning . Webdav is getting extremely popular because it is supported by MS operating systems and many servers.

Another thing that could be improved is to add xml capabilities to wikies. I e.g. use docbook to write all my documents and I would love to use it for wiki pages as well. Of course - this could prove difficult with others being not familiar with it. A docbook enabled wiki would need to provide a special docbook aware editor that prevents mistakes.

I did a little analysis of a network of sites using 0190-dialers to rip off the unsuspecting. The truth behind "alkoholikerinnen.de" . I noticed that the GUI designs tries everything to obscure the fact that those sites want you to download and use 0190-dialers without noticing it. In many cases price information is either missing or printed in silver, which is especially prone to being overlooked. Then I ran across an excellent article on user interaction design and security issues by Ka-Ping Yee User Interaction Design for Secure Systems and found lots of good ideas there.

Yee lists 10 principles of sound interaction design:

The others are:

Visibility

Revocability

Path of Least Resistance

Expected Ability

Appropriate Boundaries

Expressiveness

Clarity

Identifiability

Trusted path (or why an NT login requires ctrl-alt-del to be pushed

Some examples that come to my mind: the typical dialog for establishing a SSL session does not convey the most important point: that SSL does NOT guarantee that the receiver is really who you THINK it is and that it is YOUR job to verify the identity. If you don't understand this point,go and read Eric Rescorlas wonderful book on SSL and TLS, designing secure systems or have a look at my lecture on web application security.

You could try to come up with a better dialog e.g.