Thesis Requests

In this section, we will provide rules that HAVE TO be followed in order to smoothly do your thesis with us. Overlooking these rules may jeopardize your thesis. The ONLY WAY to ask a thesis to us is by writing an email to the mailing list: netsecresearch [at] Emailing single components of the group or asking in person will not be considered an official request of thesis. You should ask for a thesis only if you are on time with the exams or have less then two exams left.

In your request email you need to specify:

  1. if bachelor or master thesis;
  2. number of CFUs of the thesis. Note: 3 CFUs theses are STRONGLY SUGGESTED as compilative theses;
  3. number of missing exams;
  4. date of expected graduation;
  5. the topic (e.g.: P4).

After accepting your thesis, we will assign you a github repository with a template that must be completed as specified in the README.

Mandatory Rules

First of all, we want you to communicate with us: for this reason, it is mandatory to send an email EVERY TWO WEEKS to report your progress. The periodical email can report either news regarding the thesis or an update on your situation (for example if you are studying for exams). Each email has to be sent to the mailing list: netsecresearch [at], so each component of our research group is updated. After 3 UNRECEIVED PERIODICAL EMAILS (6 weeks) your thesis title will be allotted to a new student.

Note on Compilative Theses

The compilative theses are meant to be low effort for you and us. You are supposed to be responsible to develop your thesis and we will correct you final draft. However, MANDATORY RULES still apply (remember to send periodical emails). The maximum length should be around 10000 words, without counting the title page, the abstract, the index, and the bibliography.

For UniBo students: if you choose to do a compilative thesis, you should expect a 0 + rounding additional points.

Note on Theses with Internship

Read carefully the instructions at the course page. The information you need in order to complete the self-application procedure are the following (in italian):

  1. Tutor: prof. Marco Prandini
  2. Indirizzo sede/lab: UlisseLab
  3. Data inizio/fine tirocinio: you are free to decide but the internship end date should be at least two weeks prior to the internship final assessment/exam.
  4. Orario: 8-18.
  5. Oggetto dell’offerta: title of the internship project.
  6. Obiettivi in termini di capacità e conoscenze da acquisire durante il tirocinio ed attività previste per raggiungerli: simple abstract of the internship project.
  7. Attività previste: list all the activities you foresee carrying out.

It is mandatory to register the internship before the graduation requirements end date.

Available Theses


Type Description References
Research Trying out new emulation P4 targets. This thesis wants to analyse virtualised tools to containerize the P4 control and data plane by trying out P4Runtime in a state-of-the-art networking production product: stratum. The thesis aims on installing the solution in a real-world networking device that supports stratum. Stratum github


Type Description References
Compilative Cyber-Physical Systems (CPS) and threats: CPS introduce a new level on the threat landscape, with their strict correlation with the physical environment. The study aims to find new threats that CPS introduce and their relative solutions proposed in the literature. CPS Security, Threats, and Solutions
Compilative IEC-62443 for dummies. IEC 62443 is an international series of standards that address cybersecurity for operational technology in industrial control systems. The goal of the thesis is to analyze and then to sum up the main points of the standard in a way that is understandable by everyone. On request
Compilative Control injection attacks against Programmable Logic Controllers (PLC): this thesis aims to analyze the different types of control injection attacks and the state-of-the-art countermeasures to detect them. Overshadow PLC, Review
Research Application of the MulVAL Attack Graph generator over CPS: attack graph are a key security tool for the assessment of vulnerable host inside a network. MulVAL is a generator capable of creating graph, with Datalog language as input that describe the topology of the network. This thesis proposes to experiment the tool over Cyber-Physical Systems, enhancing and adapting the engine of the tool for the particular context. Mulval paper, Mulval github, Example of Mulval extension
Research Creation of a virtualized CPS topology using Kathara by adding a P4 switch that acts as "special edge node". The goal is to leverage the P4 language in order to perform monitoring security strategies (e.g. detection of attacks over the OT network). Kathara, bmv2
Research Creation with Kathara of a virtualized CPS topology which contains multiple PLCs and implementation of attacks against virtualized PLCs (e.g. remote injection attacks or Ladder Logic Bombs). Kathara, Ladder Logic Bombs
Research Analysis and research of dataset for CPS/ICS security (like the one provided as reference) with the goal of implementing an anomaly detection algorithm (e.g. exploiting machine learning techniques) using the datasets. HAI (HIL-based Augmented ICS) Security Dataset
Compilative Study of Intrusion Detection Systems Rules in Suricata. Which expressiveness can we reach? Suricata Official Doc. Page
Research Advanced research and Implementation of Intrusion Detection Systems Rules in Suricata. Which expressiveness can we reach? Suricata Official Doc. Page
Compilative Study of the security of industrial protocol Modbus. Modbus Official Page
Research Advanced Lab of Intrusion Detection System Rules for Modbus, with Suricata. Suricata Official Doc. Page
Compilative Study of the security of industrial protocol XXX. List Of Industrial Protocols
Research Advanced Lab of Intrusion Detection System Rules for XXX, with Suricata. Suricata Official Doc. Page
Compilative Study of Virtualization Technologies for Industrial Device/Components, e.g. PLC. Github Example
Research Advanced Lab of Virtualized Component for Industrial OT Network. On Request


Type Description References
Compilative Blockchain applications in Industry 4.0. This thesis aims to review state-of-the-art applications of Blockchain in the context of Industry 4.0 and Industrial IoT, with a particular focus given to security applications. Blockchain for Industry 4.0
Compilative Blockchain as CA. This thesis aims to review state-of-the-art applications of Blockchain for the implementation of a PKI, in which the blockchain is used as a Certification Authority. Part of the thesis must also focus on such aplications in the context of Industrial IoT. Blockchain PKI for IoT
Compilative Smart Contracts in Industry 4.0. This thesis aims to review state-of-the-art applications of Smart Contracts in the domain of Industry 4.0. Smart Contracts for Industry 4.0


Type Description References
Compilative Social engineering techniques: study of the definition of "Human Vulnerabilities" and their correlation with social engineering attacks techniques. The thesis should propose an overview to understand the human factors and behavior that open the door to attacks. Social Engineering-Based Cyberattacks
Compilative Social engineering countermeasure: What are the current countermeasures taken to counteract social engineering attacks? This study should dive into current principal methods to solve this problem and how they are implemented. Social Engineering Training and Awareness Programs
Compilative Security and Trust in the 6G Era. The goal of the thesis is to analyze the first steps and the main research challenges found in the academic literature regarding the roles of trust, security and privacy in the upcoming 6G era. 6G White Paper
Research Docker MITM Simulation Lab for and Intrusion Detection System. Docker
Compilative State-of-the-art of Choreographic Languages for Distributed Network System/SDN. Choreographic Languages


Type Description References
Research Instantiate an UNMANNED UNDERWATER AUTONOMOUS VEHICLES simulator that it is able to perform easy task. In the literature there are several open source projects, the most promising one is DAVE Project Link. Goal of this thesis is to deploy a version of a simulator. Other reference
Compilative Analysis of the state of the art of current research activities into the UNMANNED UNDERWATER AUTONOMOUS VEHICLES World. Main outcome it would be: Major venue, research group, main research topics. Research Symposium Reference