The Path to Your Thesis

We supervise practical and theoretical theses in the areas of IT security, data protection, privacy technologies, and ethics of digitalization. The structured supervision process outlined on this page guides you from the initial idea to a successful defense.

Step 1: Preparation and Topic Selection

Before contacting us, you should clarify the formal requirements with the examination office. For topic selection, we recommend the following approaches:

• Review our current research projects
• Attend our courses to get familiar with our working methods
• Discuss specific areas of interest with us

The initial meeting lasts about 45 minutes. We discuss your interests, assess the fit with our projects, and agree on next steps. If we are not the right chair for your topic, we recommend alternatives.

Step 2: Proposal Development

After the initial meeting, you develop a proposal (2-4 pages) that specifies your project. Writing and revising this document helps you think through the topic and consider feasibility.

By this point, you should download and read our PSI Thesis Guide – it contains extensive information on writing and formatting your thesis and gives you a sense of our expectations.

The proposal should include the following sections:

• Problem Statement: What specific problem do you want to solve? Why is it relevant?
• State of Research: What has already been done? Where are the gaps or weaknesses in existing approaches?
• Research Questions: 1–3 precise questions your thesis should answer.
• Methodology: How will you proceed: implementation, empirical study, or theoretical analysis? Where will you start?
• Work Plan: Rough timeline of individual work steps.
• Risks: What problems might occur? How will you address them?

Step 3: Supervision and Writing Process

After the proposal is accepted, the actual work phase begins. During the work, we meet whenever you have questions or want to discuss progress with us.

For good results, we recommend:

• Use our PSI thesis template.
• Write early: Start documenting early. A few weeks later, it’s often hard to remember details.
• Submit chapter drafts to receive feedback.
• Academic approach: Ensure reproducible experiments and comprehensible argumentation
• Academic style: Write your thesis in an objective, concise, clear, and engaging manner. We teach scientific writing techniques in the PSI Seminar.

Step 4: Completion and Defense

You present your completed thesis in a 20-minute presentation followed by discussion. We are happy to provide the grading criteria (“Thesis Rubric”) in advance.

You can improve your presentation skills, for example, in one of our seminars. Professor Herrmann provides some guidance on a dedicated page:

After successful completion, various perspectives open up:

• Publication of results at academic conferences
• Collaboration in research projects as a research assistant
• Open-source release of developed software
• For outstanding theses: opportunity to pursue a doctorate

What Makes a Good Thesis?

Academic Depth Go beyond superficial presentations. Critically question existing approaches and contextualize them.

Practical Relevance Your work should make a recognizable contribution that advances the state of the art – whether as an implementation, empirical study, or conceptual development.

Comprehensible Documentation Others must be able to understand your approach and reproduce your results. Code, data, and methods must be documented comprehensibly.

Independent Work You develop your own solution approaches and make justified decisions. AI tools can support you – however, you must be able to explain all details of your work even without AI.

Successful Theses / Topic Examples

Selection of completed theses (2018–2022):

• “private-piranha.pics: A web application for showcasing common privacy problems” (2022)
• “Semi-automated Interactive Website Scanning for Comprehensive Privacy Analysis” (2022)
• “Raising Awareness for Privacy on Smart Devices” (2022)
• “Notifying Authors of Vulnerabilities in Their Programming Tutorials” (2022)
• “Automated Detection and Evaluation of Cookie Notices” (2021)
• “Detection of Outdated JavaScript Libraries on the Web” (2021)
• “Improving Transparency of iOS Apps with DNS-based Collective Traffic Analysis” (2020)
• “Traffic Analysis on Android: Identifying Apps by Encrypted DNS Traffic” (2020)
• “Third Parties on the Web: An Automated Comparison of Privacy Policies and Site Behaviors” (2020)
• “Analysis of Security and Privacy Practices in the Account Management of Popular Websites” (2019)
• “How do software repository administrators handle typosquatting attacks?” (2018)

Frequently Asked Questions