Supervisors and Topics

Topics will be announced after the kickoff seminar, see the topics from the last years seminar and years before

Supervisors and Topics

Raimundas Matulevičius: Security Aspects in System Modeling

  • Security Requirements Modelling
    Security is an important system artefact, however the current literature reports, that security concerns appear only when system is already in use, or, at the best case, security is considered only during the late system development stages. The purpose of this topic is to develop a method which would facilitate application of security modelling language(s) at the early modelling phase (e.g., requirements engineering). A driving technology would include the security risk management (SRM) domain model. The candidate will need to select the targeted security modelling language, propose and validate his solution.
  • Security Model Transformation
    Security Management (SM) can be addressed using different modelling techniques at different levels, including asset, risk, and risk treatment analysis. The application of security languages (e.g., Secure Tropos, Misuse cases, KAOS extensions to security) might help to engineer better security solutions. However system development should combine multiple viewpoints. The purpose of this topic is to develop a set of rules and guidelines in order to combine different security modelling approaches. The candidate will need to review the existing works. Then he will need to develop and validate the guidelines on how to perform transformations between different security language models.
  • Modeling of Role-based Access Control
    Role-based access control (RBAC) is a security mechanism to ensure that the secured data would be accessed only by the people who has a permission to access it. RBAC models can be developed using different modelling approaches, such as SecureUML, UMLsec, and others. However it was also observed that these approaches address only one particular modelling viewpoint. The purpose of this topic is to investigate whether it is possible to combine different modelling approaches for RBAC. The candidate will need to make a state of the art for RBAC modelling. Then he will need to develop and validate an approach to facilitate use of different security languages for RBAC addressed through various viewpoints.

Jan Willemson: Practical Security

  • Proof of Concept Exploit for the TLS Bug
    A serious bug vas discovered in the TLS protocol in October last year. It allows restricted man-in-the-middle attacks for TLS channels. The student should write an overview of the bug. In particular, under which conditions the attack can be carried out, what are the resulting consequences and which type of systems are vulnerable against such attacks. As a proof of concept, the student should set up a suitable environment and an attacker suite. One could also verify what exactly the new IETF patch does and why is it good or bad.
  • Tunnelling P2P communication in a another P2P network
  • Case studies with attack trees

Aivo Jürgenson: Security and Intrusion Detection

  • Detecting anomalies in web-traffic by using geographic information
  • How to fight with Skype and Tor

Dan Bogdanov: Implementations of Cryptographic Protocols

  • Various Components of Sharemind Computing Platform
  • Various Applications Built on Top of Sharemind Computing Platform

Sven Laur: Practical Security and Implementations

  • Proof of Concept Attacks Against Browser Extensions
    Firefox 3.5 runs all extension in the same address space and allows arbitrary C++ code-blobs in their code. As a result, a maliciously crafted extension can corrupt extensions and even the Firefox core. The aim of the project is to write an extension that allows to monitor or controllably modify the variables in other extensions. The controlled crashes of other extensions are a good start but the ideal would be controllable changes in their functionality. For instance, changes in the AddBlocker configurations.
  • Implementation of Zero-knowledge Proof Systems for Circuits
    Previous have gave us implementation of garbagled circuits. In this seminar, I would like to get a program that takes in a circuit and outputs a zero-knowledge proof that a certain output was correctly computed given only Pedersen commitments of input bits.

Peeter Laud: Program Semantics and Theoretical Cryptography

  • Formalizing security properties using process algebras
  • Various methods for analyzing protocols
  • Security in wireless sensor networks
Page edit