During the third semester our students apply their knowledge in a project based on real-world problems faced in business and industry. As many of our students are already in employment, they are invited to work on topics drawn from the workplace. It is also possible to link the content of the project to the Master’s thesis. Students who do not submit ideas for a project take part in ICT research projects carried out at the Institute of Internet Technologies and Applications.
The electric control units of modern cars contain tens of thousands of code lines, and every car has a central ECU which is a fully functional computer. These components have long been developed with functionality in mind rather than security. Cars therefore have many vulnerabilities which pose a substantial threat to both IT and physical security.
AVL List GmbH is launching a series of research projects with a focus on automotive security. This requires a so-called automotive cybersecurity toolkit in order to identify potential entry points, to assess security levels and perform cybersecurity tests on different types of automotive systems. The main objective of the project is to identify, assess and categorise existing software and hardware tools used in the field of automotive security so as to provide a database for further research at AVL List GmbH.
The first step is to compile a list of automotive interfaces used for cybersecurity tests in modern vehicles. Each interface is then assessed in terms of robustness, security mechanisms and access problems. The practical part consists of a case study, which involves testing a Mazda 3 retrofitted with an in-vehicle infotainment system running on Android 7.1. The final step is to compile a matrix which contains important information such as costs, licence model, documentation and targeted interface for each tool.
The emergence of big data means that the protection of personal data and privacy is gaining importance. Many countries and associations have issued data protection provisions to keep pace with technological progress.
The power of sophisticated machine learning algorithms provides the necessary insight into the large volume of information available. The combination of big data and machine learning for example has led to numerous success stories, which brought substantial improvements in many areas such as health care and customer service.
This project addresses the resulting conflict between two opposing poles: On the one hand, there is the promising scientific field of artificial intelligence for which data are essential as training materials, while on the other hand, there are legal data protection restrictions and the justified concerns people have about the privacy of their sensitive information. This leads to the key consideration whether it is possible to devise high-performance machine learning models in compliance with data protection regulations.
The “SME goes mobile” project supports small and medium-sized enterprises in building up their technological expertise by providing consulting services and helping adapt mobile IT infrastructures. SMEs can draw on “SME goes mobile” expertise to create secure and mobile applications, from design and implementation through to testing. This enables modern and innovative e-business models to be implemented for mobile clients and staff.
By using mobile applications and optimised processes, “SME goes mobile” increases the strategic and economic advantages enjoyed by small and medium-sized enterprises. At an early stage the partners in the project obtain access to a competence centre which provides web-based access to test results, concepts, prototypes, demo-applications, source codes as well as communication with the project community.
The Institute of Internet Technologies and Applications offers small and medium-sized enterprises a free service, analysing a firm’s vulnerability to hackers on the internet. They receive a report on the results indicating which systems can be identified by attackers and whether these already have detected gaps in their security. Many attacks can be prevented very easily. Using this service, well-protected systems can be checked in about 30 seconds.