The SPRING lab offers project opportunities for BSc, MSc, and PhD students. We encourage interested students to have a look at the Thesis & Project Guidelines from the MLO lab, where you will gain an understanding about what can be expected of us and what we expect from students.
Last Update: 22nd November 2023
Please, apply via Google form (login may be required). You will need to specify which project(s) you are interested in, why you are interested, and if you have any relevant experience in this area.
External students, i.e., students who are not from EPFL nor ETHZ, should get in touch with the supervisors of the project(s) via email.
Applications are processed in two rounds. For each round, we collect applications before the deadline. Then, we will get back to selected applicants during the corresponding “First Contact From Supervisors” period. If we do not get back to you during the indicated period, it means that we probably do not have space any more.
We will make a mark on the project once it is taken. We strongly recommend that you apply as soon as possible for best consideration, since we expect most projects would be taken after the first round. However, we will leave the form open after the second round and consider all applications, if there are still available projects at that time.
Early deadline: 11th December 2023
First Contact From Supervisors: 12th December 2023 - 22nd December 2023
Late deadline: 1st February 2024
First Contact From Supervisors: 2nd February 2024 - 16th February 2024
If you encounter any technical issue, please get in touch with Boya Wang.
Universal Composability (UC) is a model to prove that a given cryptographic primitive remains secure when arbitrarily composed (e.g., sequentially, or concurrently) with (the same or) other protocols. Thus, UC security is a very important and desirable goal for real-world protocols, where we often cannot make the assumption that a cryptographic protocol will run in isolation.
The strong guarantee of UC security comes at a cost: UC proofs are notoriously hard to write, and the resulting security bounds are complex and involve many parameters. This project aims to improve the usability and applicability of UC security results to real-world protocols for a range of cryptographic primitives.
In this project, the student will:
Requirements
Applying to this project
This semester project is aimed at one M.Sc. student. The student will work with Christian Knabenhans (SPRING lab) and Giacomo Fenzi (COMPSEC lab).
Backdoors are typically one media. So are detection algorithms. Multimodal learning could in theory allow adversaries to avoid detection of their poisoned data by breaking the backdoor in parts to gain stealthiness.
Requirements
Applying to this project
This semester project is aimed at one MSc student. The student will work with Mathilde Raynal.
Moderation models are usually blackbox, meaning that not much is known. On the other hand, it is possible to find advertisement models that are open-source. The goal of the project is to explore any correlation between the two approaches using standard datasets.
Requirements
Applying to this project
This semester project is aimed at one or two MSc students. The students will work with Mathilde Raynal.
Machine learning models are increasingly deployed on devices (so-called edge machine learning) to reduce latency and inference costs. In spite of their appeal, on-device releases expose a lot of information through the weights of the model, raising concerns about the leakage of sensitive information about the model’s training dataset.
The goal of this project is to explore the feasibility of reconstruction attacks based on a novel “transposing” technique. More specifically, it has been shown that a model can be trained with a secondary purpose of reconstructing training records in the backward direction, in addition to its primary classification purpose executed in the forward direction [1]. This is achieved through a novel ``transposing’’ technique whereby the reconstruction functionality is learnt jointly with the classification task and can be executed backwards, from the output (last) layer to the input (first) layer.
Requirements
Applying to this project
This semester or master thesis project is aimed at one M.Sc. student. The student will work with Ana-Maria Cretu.
[1] Amit, G., Levy, M., & Mirsky, Y. (2023). Transpose Attack: Stealing Datasets with Bidirectional Training. NDSS 2024.
End-to-end-encryption (E2EE) in messaging platforms allows people to communicate privately. The widespread adoption of E2EE however raises concerns that it facilitates the sharing of illegal content such as child sexual abuse media. Client-side scanning (CSS) is one of the main solutions envisioned by researchers and policymakers for detecting illegal content in E2EE communications. The idea behind this system is to scan all images shared by individuals directly on their devices before they are encrypted. The scanning consists of (1) computing a fingerprint of the image and (2) matching it against a database of fingerprints of known illegal images. If the image shared by the individual is close enough to any of the images in the database, then it is deemed a match and would be shared unencrypted for a manual analysis. The fingerprints are computed using a perceptual hashing algorithm such as a deep neural embedding model.
The goal of this project is to characterize the false positives of perceptual hashing algorithms. False positives are innocuous images wrongly flagged as matches to the database because their fingerprint closely matches one of the fingerprints in the database. False positives would be shared unencrypted with the service provider or relevant authorities for a manual check, violating user privacy and potentially leading to user blocking. Therefore, it is crucial to understand if there are any biases towards particular image categories.
Requirements
Applying to this project
This master thesis project is aimed at one M.Sc. student. The student will work with Ana-Maria Cretu.
[1] Jain, S., Creţu, A. M., Cully, A., & de Montjoye, Y. A. (2023, May). Deep perceptual hashing algorithms with hidden dual purpose: when client-side scanning does facial recognition. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 234-252). IEEE.
[2] Prokos, J., Fendley, N., Green, M., Schuster, R., Tromer, E., Jois, T., & Cao, Y. (2023). Squint hard enough: attacking perceptual hashing with adversarial machine learning. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 211-228).
Humanitarian organisations, such as the ICRC, have a mandate to assist and protect crisis-affected populations and report their activities through various means, including sharing statistics both publicly and with donors (see, for instance, the ICRC’s Annual Report 2022). As it stands, there is no clear methodology for assessing the privacy risk of such data sharing; despite the known risk that even sharing aggregate data can result in harmful inferences (see, for instance, this blog post that explains a certain type of statistical privacy attack).
In this project, we will build on our previous work, to develop a risk assessment methodology that is data-driven, i.e., takes into account quantitative measures computed on the data to be released, and compatible with existing organisational structures.
Requirements
Applying to this project
This semester project or master thesis is aimed at one MSc student. The student will work with Theresa Stadler.
Recommender systems, such as those used in online advertising, are known to pose substantial risks to the individuals they concern. Articles on this topic mostly talk about privacy risks caused by the large amounts of data collected to power the machine learning models behind those systems. As a reaction, many service providers have moved towards privacy-friendly recommender systems that fulfil the same function as their traditional counterparts; but do so in a way that supposedly avoids privacy risks through, for instance, decentralised model training or encryption. In this project, we want to question whether such systems that avoid privacy risks actually solve the problem they claim to solve: to eliminate not just privacy invasions through machine learning-based attacks but the potential harms that might result as a consequence.
Requirements
Applying to this project
This semester project or master thesis is aimed at one MSc student. The student will work with Theresa Stadler.
Around a third of all internet users (1.76 Billion users) rely on Ad-blockers to browse the internet privately. Ad-blockers are browser extensions (small applets that run on your browser) that continuously filter network requests and elements in your webpage for Ads and trackers that are trying to monitor you. Ad-blockers are part of a bigger family of extensions called “Privacy Enhancing Technologies” or PETs for short. Since their inception, there has been a mouse-and-cat game between Privacy addon developers and web marketers.
Browser Addons interact with the page you are browsing using APIs specified by the browser. In June 2024, Chrome (a very popular browser) will be migrating its APIs from “Manifest V2” to “Manifest V3”. This update changes the fundamental way addons, and especially adblockers, interact with the webpages and restrict their core functionality: (1) transitioning from background pages to “service workers”; (2) limiting network request modification by addons; and (3) removing remotely hosted code execution. Since this announcement, the adblocker community raised their concerns and is trying hard to prepare their addons for this shift.
This project aims to understand and characterize how the change to manifest v3 will impact PET addons. By studying the impact on the cost of privacy, we hope this project helps shed light on the important arguments in the discussion between browsers and the ad-filtering community.
In this project, the student will:
Requirements
Applying to this project
This semester project is aimed at one MSc student. The student will work with Saiid El Hajj Chehade.
As you visit any page on your favorite browser, you need to fetch the page from some server. Your browser uses the HTTP protocol to fetch the necessary bits. But, the HTTP protocol is stateless: every request is independent. But, as you know, shopping websites for example can keep track of your cart across multiple visits. How does it pull it off? It uses “Cookies”. Cookies are small files sent by the server with the HTTP response and stored by your browser. In the example given, the server can request from your browser to store cookies about the item IDs in your bag. Cookies are also used to keep you logged in to a website.
But cookies can also be used maliciously to track you across multiple websites. Marketers can then sell your browsing patterns and identify your interests to serve you personalized Ads. But most often, these malicious cookies are well obfuscated to be differentiated from the cookies with sensitive info like your user session.
Isolating sensitive and necessary cookies is essential to many domains. For example, Tor has to block all your cookies to prevent fingerprinting. In this project, we will explore how sensitive cookies look and behave and try to use modern methods to identify them among other cookies.
In this project, the student will:
Requirements
Applying to this project
This semester project is aimed at one MSc student. The student will work with Saiid El Hajj Chehade.