Honours Thesis and Other Coursework Projects
Introduction
The thesis/project topics listed here are available to strong final-year undergraduate students, and as research projects for strong coursework students. They are mostly associated with research projects and generally quite challenging; many topics have the potential to lead to a publication, and in average we get about one paper a year from the work of one (or more) undergraduate thesis students. Students who are not aiming for excellence are in the wrong place here.
We guarantee a thesis topic to any student who has obtained a HD grade in UNSW's Operating Systems or Advanced Operating Systems course, no matter what their other grades are! This does not mean that an OS HD is a prerequisite, but we do expect our students to have a strong track record in relevant courses.
Strong computer Science Honours students may qualify for the John Lions Computer Science Honours Award.
Note that the below list is constantly updated, new topics are
added as we identify them as work on various research projects
proceeds. Topics marked 
are recent additions.
- Topics supervised by Gernot Heiser
- Topics supervised by Rob Sison
- How to apply
- Info for students looking for a special project (COMP3901/3902)
- Info for postgraduate coursework students
Topics supervised by Gernot Heiser (official list)
Analyse and optimise driver VMs
Joint Supervisor: Peter Chubb
LionsOS is a new seL4-based OS for embedded systems under development at TS. It uses a modular device-driver model that passes I/O data via shared-memory, zero-copy data structures. LionsOS I/O outperforms Linux.
However, the LionsOS driver model is incompatible with that of legacy systems, making it necessary to re-write drivers from scratch. While this is ok for selected, performance- or security-critical devices, and made approachable by the simplicity of the model, it is unfeasible to write all drivers from scratch.
LionsOS supports re-use of unmodified Linux drivers by encapsulating a driver into a minimally configured Linux kernel hosted in a per-device driver VM, which appears to the rest of the system like a native driver. While efficient in terms of engineering cost, this comes at a significant performance cost.
This project is to evaluate and analyse the overheads of driver VMs and investigate how far they can be reduced. While we cannot expect driver VMs to perform at par with native drivers, we are interested in minimising overheads for complex yet important device classes, such as Wifi, USB and graphics. Native Linux will serve as the performance baseline.
LionsOS-based robot demonstrating hard real-time capabilities
Joint Supervisor: Peter Chubb
Develop a simple robot (using hardware TBD) that uses LionsOS and demonstrates true mixed criticality capability, by having time-critical control co-exist with untrusted functionality (networking) running at a high rate without interfering with the timeliness of the control.
ARINC-653 OS on seL4
ARINC 653 (Avionics Application Software Standard Interface) is a software specification for space and time partitioning in safety-critical avionics real-time operating systems.
A recent honours thesis explored mapping of ARINC-653 scheduling and communication abstractions onto the seL4 Microkit. This project is to continue that work to develop a complete ARINC 653 OS environment. This mostly involves developing application libraries on top of LionsOS to provide ARINC-653-compatible APIs.
Persistence for LionsOS apps
Joint Supervisor: Peter Chubb
LionsOS is an seL4-based OS under development in the Trustworthy Systems group. There should be a largely transparent way of providing persistence (via checkpoint/restart) for apps, possibly in a similar way as done on smartphones.
This project is to explore possible designs of such persistence support, specifically looking at the model used by iOS and Android, and examine the trade-offs involved with system-wide, transparent and consistent checkpoints vs per-application checkpoints. Provide a prototype implementation and evaluate.
Evaluate languages for verified LionsOS components
Project allocated!
Secure file system
Project allocated!
Usable system model for time protection
Project allocated!
Fact-check HongMeng
Project allocated!
Formalising and verifying device controllers
Project allocated!
Formalisation and implementation of security policies
Any verification of security enforcement by an OS, whether it be a statically-architected one, such as LionsOS, or a general-purpose OS, needs a formalisation of its security policy. This project is to develop, under supervision of a formal methods expert, a formalisation of some standard security policies and proof security properties about them. The policies should be representable in the LionsOS framework and also apply to the general-purpose OS.
ARINC time-partitioned scheduling on seL4 MCS
Project allocated!
“Containers” on LionsOS
Project allocated!
Principled PMU management in seL4
The performance management unit (PMU) is a component of modern CPUs that provides insight into the operation of the processor by counting specific hardware events. The PMU is widely used for statistical profiling (for performance analysis at the microarchitecture level) but also for production use, such as driving models of energy use that are essential for managing overall energy consumption in a computer system.
The seL4 microkernel presently only supports the PMU in a debugging configuration, which is sufficient for profiling but not for production use. A recent RFC proposes the introduction of a new PMU kernel object to support these use cases. This project is to implement and evaluate the PMU object in seL4 and its use for sharing and time-multiplexing the PMU.
Automated validation of SPIN models
Project allocated!
Evaluate queueing performance in sDDF
Project allocated!
Can we make servers untrusted in seL4?
The protected-procedure call mechanism of seL4 is the microkernel equivalence of a Linux system call: it allows securely executing code with different (typically higher) privileges. As such, it is a standard assumption that the invokee (the “server”) is trusted by the client.
This thesis is to explore the degree to which that trust can be reduced. Unlike Linux, the client's address space is protected from the server (unless that has explicitly been given capabilities to some of the client's memory). However, since the client is blocked for the duration of the call, it must trust the server to return promptly. While the client can use a watchdog thread to prevent unlimited blocking (a very coarse-grain protection mechanism), a client invoking a server has essentially no mechanism for limiting the amount of its budget the (passive) server consumes. This thesis is to explore, design, implement and evaluate mechanism(s) for limiting the budget the server can consume.
Core management in LionsOS
Project allocated!
Dynamic IOMMU management in sDDF
The seL4 Device Driver Framework (sDDF) provides the basis for high-performance I/O in LionsOS, currently under development in TS. It presently uses static I/O-space mappings in the system's IOMMU. This requires trusting the device and its driver.
This project is to implement and evaluate dynamic IOMMU mappings in sDDF. This implies a prototype implementation and a cost-benefit analysis of dynamic IOMMU mappings, as well as suggesting an appropriate kernel interface.
Secure OS for Sunswift
Project allocated!
Most topics can lead to publications.
Present topics supervised by Rob Sison (official list)
Proving functional properties for system calls that block
seL4 is the world's first operating system (OS) kernel with a proof of implementation correctness, followed by proofs of security enforcement; it is at the same time the benchmark for microkernel performance. Verifying systems that run on top of seL4 (e.g. via the seL4 Microkit), however, will rely on its system calls correctly implementing certain functional properties, phrased as postconditions on its outputs it must meet if its caller satisfies preconditions on its inputs.
For system calls that block on the activity of other processes - e.g. waiting for a message to be queued, through to being woken up when that happens - this is a verification result that has yet to be achieved by the prior OS verification literature. Work at TS has recently begun on proving such properties are satisfied by the seL4 kernel's abstract specification in the Isabelle/HOL interactive theorem prover, but restricted so far to nonblocking cases - e.g. receiving a message that's already been queued.
This thesis project is to prove functional properties about seL4's system calls in Isabelle/HOL, focusing especially on sensible assumptions and guarantees that could for the first time enable proofs about blocking and unblocking system calls to be composed into a single functional property from the temporarily blocked caller's perspective. Stretch goals can include furthermore attempting to develop and apply the formal methods needed to achieve this composition.
Validating seL4's accounting of touched addresses for Time Protection
Project allocated!
Refining seL4's accounting of touched addresses for Time Protection
Project allocated!
Formalising the composition of security subpolicies for OS components
Project allocated!
How to apply:
Contact the relevant supervisor.
Note for OS related topics: We promise a thesis topic to every interested student who has obtained a HD grade in COMP3231/COMP9201 Operating Systems or COMP9242 Advanced Operating Systems. If necessary we will define additional topics to match demand.
We will not turn down any students doing exceptionally well in OS courses. However, this does not mean that an HD in OS or Advanced OS is a prerequisite for doing a thesis with me. Interested students with lower OS marks are welcome to talk to me if they feel they can convince me that they will be able to perform well in an OS thesis.
Keep in mind that these topics are all research issues and generally at the level of Honours Theses. They are not suitable for marginal students or students with a weak understanding of operating systems. We expect you to know your OS before you start.
Topics for a Special Project (COMP3901/3901):
Some undergraduate thesis topics are also suitable for a special project (typically with reduced scope/expectations). But generally Taste of Research topics are a better match for this. Talk to us if you're interested!
Postgraduate project topics (COMP999x):
Undergraduate thesis topics are also suitable for coursework Master's projects. Same conditions apply: You must have a pretty good track record in OS courses for OS and FM related topics.