Search this site

EPFL/UPB Internship: Project Topics

The following information concerns UPB students interested in
  • pursuing a diploma project under joint UPB/EPFL supervision; and/or
  • an internship at EPFL
Candidates will be pre-selected by the UPB staff; if you are interested, please contact Prof. Valentin Cristea or Prof. George Candea. Subsequently, candidates will also be interviewed by EPFL staff.

Some diploma project ideas are listed below. For internships at EPFL, there exist additional topics, which require an initial period of developing hands-on in-person experience with our tools.


Linux Instrumentation Toolkit for S2E

S2E is a platform for a full system software analysis that enables developers to explore all potential behavior of their program, by automatically identifying and exercising every possible execution path. The S2E platform was successfully applied by multiple research groups for a variety of tasks ranging from automatic device driver reverse engineering (RevEng) and testing (DDT), to multi-path performance profiling. These tools work by looking at the guest OS’s kernel and driver state in order to analyze their behavior, detect bugs, etc. Unfortunately, using S2E to perform any analysis that requires deep introspection or modification of system state is hard as the introspection API provided by S2E is very basic and low-level. The aim of this project is to provide a high-level introspection API for Linux targets in S2E (potentially based on the insight-vmi tool). Such API would significantly simplify the use of S2E for Linux software analysis and enable new applications, such as testing of multi-threaded software, performing security analysis, etc.

Prerequisites: C/C++ programming, low-level systems programming, OS architecture

Contacts: Volodymyr KuznetsovVitaly Chipounov


Web Dashboard for Managing Cloud9 Resources

Cloud9 is an automated software testing tool that parallelizes its analysis on many shared-nothing machines, thus tapping into the vast amount of computing resources available in today's clusters and cloud environments. While the testing process itself is automated, the work of setting up, monitoring, and extracting the results from the cluster is still a manual process, involving many scripts and low-level system administration.

The goal of this project is to write a unified web interface for controlling the launch of testing jobs (e.g., create testing experiments, set up priorities), the allocation of cluster nodes to jobs (add/remove nodes), and monitoring the performance of the cluster and its workload (show live updates of generated test cases, bugs found, etc.). The web application is aimed at cluster administrators or power users who use Cloud9 inside their organization.

Prerequisites: Web technologies, distributed application development.

Contact: Stefan Bucur


Web Interface for Device Driver Testing

Device drivers are the plague of modern software. Consumers have no idea whether the driver that comes with the latest gadget they bought is trustworthy or not. Worse, there is no independent service that would allow them to thoroughly check a driver's reliability. Your goal will be to create such a service by interfacing with DDT, our automated testing tool for binary closed-source device drivers. On the website, consumers should be able to upload their drivers and get a test report summarizing all the bugs found as well as the steps to reproduce them. The challenges include automating the upload process, generating understandable test results, scaling to many clients, and coming up with metrics for grading a driver's reliability.

Prerequisites: Web technologies.

Contacts: Vitaly ChipounovVolodymyr Kuznetsov.


Controlling Resource Contention in Software Routers

Software routers, such as Routebricks, run on modern commodity servers and enable the fast deployment of new, sophisticated kinds of packet processing applications without the need to buy and deploy expensive new equipment. Colocating multiple applications on the same hardware infrastructure results in contention for shared resources, such as last-level cache, interconnect buses, NICs, etc. This leads to inefficient usage of the hardware resources and, most importantly, lack of predictable performance and lack of any sort of performance guarantees. The aim of this project is to develop a cache partitioning system for the widely used Click modular router in order to  control the cache sharing.

Prerequisites: Linux kernel programming (C/C++), OS/computer architecture concepts. Experience with Click software router is a plus.

Contact: Mihai Dobrescu


Static Analysis of Self Modifying Code

Self modifying code is a popular method of malware authors to evade detection. It can be found in metamorphic viruses and shellcodes, but also in commercial protection engines. To date, no tool can deal with self modifying code without actually executing it (in an emulator, sandbox, ...). The goal of this project will be to extend our existing purely static analyzer Jakstab to reason about self modifying code. Jakstab explores the state space of binary programs by abstract interpretation, disassembling required instructions on the fly. Challenges will be to make Jakstab disassemble instructions directly from the abstract state space and to identify and support other possible requirements, such as a model of processor pipelines.

Prerequisites: Experience with large Java projects, x86 assembly, abstract interpretation.

Contact: Johannes Kinder


Bug Analytics

How can we leverage vast amounts of bug data to improve our software systems? The objective of this project is to (semi)automatically research the data available in bug-tracking systems (bugzilla, etc.) and gather insights about how this information can be better used to improve reliability. One objective is to obtain a taxonomy of software bugs and their impact.  Another objective is to reproduce some of these bugs and evaluate DSLab's existing tools against them. Finally, the ultimate objective is to propose better ways to collect bug information and identify ways to more deeply understand this data in an automated way, using "bug analytics". This project will give you a deep understanding of which software bugs are most relevant in the real world, and you will get to hack on our existing tools and platforms.

An advanced version of this project would also look at the difference between "real-world code" vs. "lab code" and how these differences influence the effectiveness of automated testing tools and constraint solvers. The goal is to obtain insights to build better testing tools.

Prerequisites: C/C++ programming, scripting, basic operating systems knowledge

Contact: Baris Kasikci