Title: Measurement study on hardware IP vulnerability management 

Supervisor: Dr. Sven Bugiel

Internship Location: Saarbrücken

Project Identifier: SB_hwipvulnstudy

Description: The research project aims at developing a taxonomy of vulnerability management in hardware intellectual property (IP) cores. Utilizing primarily desk research, the intern will gather information about disclosed vulnerabilities in IP cores from publicly available sources. The intern will develop criteria among they will categorize the discovered vulnerabilities in discussion with the research group. Finally, the intern will analyze the categorized vulnerabilities to discover trends, patterns, and other insights from the collected data. 

Prerequisite: Basic understanding of vulnerability classification systems (e.g., CVE, CWE, …), basic understanding of vulnerability management and basics of cybersecurity

Title: Privacy-Preserving Contact Discovery Protocols

Supervisor: Sajin Sasy, Ph.D.

Internship Location: St. Ingbert

Project Identifier: SS_PPCDP

Description: Private contact discovery protocols enable messengers to identify the intersection of its users and a new user's contacts, without revealing the messengers' user base or the new user's contact list. Recently, the Signal messenger deployed the first real-world instance of such a private contact discovery protocol. Currently, such contact discovery protocols are based on Oblivious Random Access Memory (ORAM) protocols in Trusted Execution Environments (TEE). Consequently, they have limitations in terms of performance and parallelizability. We will design and evaluate new constructions towards realizing efficient TEE-aided privacy-preserving contact discovery protocols.

Prerequisites: Prior background in Security/Cryptography. Experience in C/C++

Duration: 12 Weeks.

Title: Data-Flow Analysis for Reactive Program Synthesis

Supervisor: Dr. Rayna Dimitrova

Internship Location: St. Ingbert

Project Identifier: RD_DataFlowReactSynth

Description: Two-player graph games have found numerous applications, most notably in the synthesis of reactive systems from temporal specifications but also in verification. The relevance of infinite-state systems in these areas has led to significant attention towards developing techniques for solving infinite-state games. In [1], we proposed novel symbolic methods for solving infinite-state games with temporal winning conditions. In follow-up work [2], we enhanced these methods with techniques that identify smaller and simpler sub-problems and exploit the respective results for the given game-solving task. The goal of this project is to investigate data-flow analysis techniques similar to those used for program analysis [3] in the context of reactive program synthesis [1]. The purpose of the developed techniques is to improve the efficiency of the subsequent application of program synthesis methods.

Prerequisites: Logic and Semantics of Programming Languages, Formal Languages and Automata

Duration: 8 to 12 Weeks.

Title: Privacy-friendly systems that solve real-world problems

Supervisor: Dr. Wouter Lueks

Internship Location: Saarbrücken

Project Identifier: WL_PFS

Description: We focus on designing end-to-end privacy-friendly systems that solve real-world problems, e.g. work with the humanitarian sector and investigative journalists (check out some of our recent publications). Our research covers three broad areas: applied cryptography, system’s building blocks, and evaluation of (privacy-friendly) systems. We are looking for a motivated and passionate intern to help us with either designing, implementing, evaluating privacy-preserving solutions. We have several project ideas, and would be happy to discuss these. 

Prerequisites: The ideal candidate has a strong background in mathematics, and, depending on the project, a solid foundation in least one of cryptography, networking and software engineering. Our research can be cross-disciplinary so being able to see a problem from different perspectives is a plus.

Duration: 8 to 12 Weeks.

Title: User Perceptions and Understanding of QR Codes

Supervisor: Dr. Katharina Krombholz

Internship Location: St. Ingbert

Project Identifier: KK_QRPerceptions

Description: This research project investigates user perceptions and understanding of quick-response (QR) codes in non-technical populations. It aims to understand how user's interactions with systems that use QR codes as a fundamental part of their interface are shaped by their perception of the technology. Previous work has shown that users fail to use systems based on QR codes effectively but has yet to investigate QR codes specifically. By conducting a user study, this project can help to gain further insight into this widely used technology.

Prerequisites: 
- Successful completion of courses related to HCI, security, and statistics or equivalent demonstrated working experience. 
- Highly motivated, organized, and independent individual. 

Duration: 8 to 12 Weeks.

Title: Evaluating Anti-Stalking Features of Bluetooth Location Trackers with Marginalized Populations

Supervisor: Dr. Katharina Krombholz

Internship Location: St. Ingbert

Project Identifier: KK_AntiStalking

Description: This research project evaluates the effectiveness and usability of anti-stalking features implemented in Bluetooth location trackers such as Apple AirTags. These trackers have warning notifications and audible alerts to make misuse more difficult. Previous work has shown that not all user groups are equally protected by such anti-stalking features, especially populations such as persons with hearing or visual impairments. Through user studies, this project can identify shortcomings of the features for these populations and help find better solutions for everybody.

Prerequisites: 
- Successful completion of courses related to HCI, security, and statistics or equivalent demonstrated working experience. 
- Highly motivated, organized, and independent individual. 

Duration: 8 to 12 Weeks.

Title: Mental Models on Data Deletion among Young Adults

Supervisor: Dr. Katharina Krombholz

Internship Location: St. Ingbert

Project Identifier: KK_MentalModels

Description: This research project explores how young adults understand the deletion of media, accounts, and other personal information in the context of mobile apps they have been using while growing up. We seek to explore young adults’ perceptions of what happens after deletion, who might have access, and differences between metadata, media (texts, images, videos), and apps (Snapchat, WhatsApp, TikTok,...). Through a user study, this project will extend the existing body of research to young adults and explore their specific needs.

Prerequisites: 
- Successful completion of courses related to HCI, security, and statistics or equivalent demonstrated working experience. 
- Highly motivated, organized, and independent individual. 

Duration: 8 to 12 Weeks.

Title: Privacy Protection for Large Language Models

Supervisor: Adam Dziedzic, Ph.D. and Dr. Franziska Boenisch (SprintML Group)

Internship Location: St. Ingbert

Project Identifier: ADFB_PrivateLLMs

Description: In recent years, large language models (LLMs) have emerged as novel and highly powerful models that revolutionized the machine learning landscape. This remarkable progress is attributed to their pre-training in a self-supervised manner on a vast quantity of data with the use of enormous computing resources and additional cost-effective adaptations to better align the LLMs’ predictions with specialized, and often private, downstream tasks. 

The practice of pre-training LLMs on extensive text corpora and subsequently adapting them on private datasets has increasingly raised privacy concerns as LLMs can memorize their pre-training and adaptation data and, based on it, generate responses that reveal private information. Apart from the privacy concerns stemming from the inclusion of private information in the pre-training and adaptation data, another concern arises when users who lack the resources to host LLMs locally want to adapt a centrally hosted, proprietary LLM, such as GPT4. They have to send their private data to the LLM provider, such as OpenAI in the case of GPT4, to obtain the adaptation. This practice exposes their private data directly to this LLM provider, which is particularly problematic when the adaptation data originates from sectors such as healthcare or finance, where privacy regulations, such as the GDPR, apply.

A central technical challenge lies in detecting that private data has been included in the LLM’s pre-training data. We will develop a novel method for inferring the presence of private data in LLMs’ pretraining set, providing a more reliable approach compared to existing techniques. This method will ensure that a given LLM is only pre-trained on public and not on private data. Building on this foundation, we will explore new strategies for privately adapting LLMs to sensitive data and establish benchmarks to evaluate these adaptations across key axes such as privacy, performance on downstream tasks, and cost efficiency of training and inference. Lastly, we will introduce a framework for transferring LLM adaptations between small local and large proprietary centrally hosted LLMs, thus enhancing the privacy protection of individual data owners against LLM providers while enabling them to benefit from the technical advances of novel powerful LLMs.

Experimental approach: The internship presumes a good understanding of machine learning. The students should have taken and passed a machine learning course and obtained a good grade. This internship is open to senior Bachelor, Master, and Doctoral students. We will analyze the differences between the adaptations of LLMs in the framework of differential privacy, measuring performance in terms of privacy-utility trade-offs on text classification and generation tasks, and comparing monetary costs for creating the adaptations and querying the adapted LLMs. Specifically, we will focus on methodological limitations and performing extensive experiments using state-of-the-art LLMs of various sizes, including models like GPT4 or Llama.

Group: We are the SprintML lab with a research focus on Secure, Private, Robust, INterpretable, and Trustworthy Machine Learning. The lab is jointly led by Professors Adam Dziedzic and Franziska Boenisch. We are located at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. CISPA helps with finding accommodation. Saarland is a picturesque state in southwestern Germany, known for its strong Franco-German cultural ties due to its proximity to France. Saarbrücken, the state capital, is a charming city blending modern industry with historic architecture, and a lively cultural scene.

Prerequisites: The internship presumes a good understanding of machine learning. The students should have taken and passed a machine learning course and obtained a good grade.

Duration: 12 Weeks.

Title: Memorization in Diffusion Models

Supervisor: Adam Dziedzic, Ph.D. and Dr. Franziska Boenisch (SprintML Group)

Internship Location: St. Ingbert

Project Identifier: ADFB_MemoryDM

Description: Diffusion models (DMs) produce very detailed and high-quality images. Their power results from extensive training on large amounts of data, usually scraped from the internet without proper attribution or consent from content creators. Unfortunately, this practice raises privacy and intellectual property concerns, as DMs can memorize and later reproduce their potentially sensitive or copyrighted training images at inference time. Prior efforts prevent this issue by either changing the input to the diffusion process, thereby preventing the DM from generating memorized samples during inference, or removing the memorized data from training altogether. While those are viable solutions when the DM is developed and deployed in a secure and constantly monitored environment, they hold the risk of adversaries circumventing the safeguards and are not effective when the DM itself is publicly released. To solve the problem, we will develop new methods to localize the memorization in DMs on the level of individual neurons and will design methods to mitigate this vulnerability.

Prerequisites: The internship presumes a good understanding of machine learning. The students should have taken a machine learning course and obtained a good grade.

Duration: 12 Weeks.

Further information on the life in the city and on the university campus can be found here:

• https://saarland-informatics-campus.de/en/studium-studies/uni-life/

• https://www.stw-saarland.de/en/

Please note that this section will be continuously updated.

Eligible means that the institution as well as foreign degrees from this institution are recognized in Germany for visa processing. You can find an overview with which you can check your home institution here: https://anabin.kmk.org/anabin.html.

Unfortunately, this website is available only in Germany. We recommend following this tutorial to navigate the Anabin database: 
https://www.make-it-in-germany.com/fileadmin/1_Rebrush_2022/a_Fachkraefte/PDF-Dateien/1_Arbeiten_in_DE/2023_Jan_MiiG_Anleitung_anabin-Datenbank_DE.pdf

Depending on whether you already obtained a Bachelor's degree and depending on the workdays per week (i.e., whether there are statutory holidays or not) the monthly salary may wary. Please keep in mind that this is a gross amount that is subject to social security/taxes.

Unfortunately, this program is specifically for enrolled students only who have not yet completed their Bachelor or Master studies and thus qualify for a study-related internship.

It is mandatory in Germany to be health insured. For certain funding programs, this extents to accident insurance as well. Your own insurance provider may offer, for instance, a global / overseas health insurance. If not, insurance providers in Germany offer special rates for foreign students.

Some helpful information can be found here: https://www.daad.de/en/study-and-research-in-germany/plan-your-studies/health-insurance/

Submitting a copy of the passport helps expedite the processing. However, even if you do not have an international passport (yet), we encourage you to apply. But please inform yourself about what is needed to get a passport and keep waiting times in mind when thinking about the start date of the internship.

Here it is: https://dl.cispa.de/s/ks7tEGwBxbZW6Cg

The large majority of CISPA researchers have offices in Saarbrücken and St. Ingbert (nearby cities in Saarland, which is a one of 16 federal states of Germany), but there are also research groups in other cities / federal states, for example, Dortmund (in North Rhine-Westphalia) or Hannover (in Lower Saxony). 

Please do not submit multiple applications. We recommend that you select a project that is in line with your research interests and relevant to your area of expertise.  

In principle, yes. We are always looking for outstanding colleagues. But keep in mind that for this particular program, priority will be given to candidates from CIRCLE partner universities. 

Unfortunately, we can only hire one person per project.