Proposte di tesine – e tesi di laurea

Transcript

Proposte di tesine – e tesi di laurea – per il
corso di Sicurezza Informatica (03GSD)
del Politecnico di Torino
AA 2016-2017
Prof. Antonio Lioy
< lioy @ polito.it >
versione 3.2 del 8/2/2017
1
Tesine



voto massimo:
 max 27 per la relazione scritta
 max 3 per la presentazione orale (opzionale)
relazione:
 in Latex (vedere esempio sul sito)
 circa 20-30 pagine
 (opzionale) slide PPT per una breve presentazione sull’argomento (15-20’)
possono essere consegnate in qualunque periodo ma per registrare il voto in
una certa sessione bisogna TASSATIVAMENTE rispettare le seguenti
scadenze:
 15/2/16 per registrare il voto a febbraio 2016
 27/6/16 per registrare il voto a luglio 2016
 19/9/16 per registrare il voto a settembre 2016
2
Outline tesine




incontro col tutor per definire il piano di lavoro
 mettere per iscritto il piano di lavoro ed inviarlo
 al tutor ed al docente
 per approvazione / conoscenza
inviare aggiornamenti periodici a tutor e docente
 molto sintetici
 con riferimento al piano di lavoro (già fatto / da fare)
 almeno ogni 15 giorni
è possibile – e consigliabile – consegnare UNA (o max DUE) versioni in bozza
per ricevere commenti da tutor e docente:
 purché la bozza sia consegnata con largo anticipo rispetto alla scadenza di
consegna
 una volta consegnata la tesina non sarà più possibile correggere eventuali
mancanze
docente / tutori NON disponibili nel mese di Agosto
3
Relazione








introduzione e stato dell’arte
descrizione della nuova tecnica / soluzione analizzata
vantaggi e svantaggi
rischi residui
(se applicabile) analisi sperimentale delle prestazioni
se la tesina ha comportato lo sviluppo o l’uso di codice:
 manuale utente (come si installa e si usa)
 manuale del programmatore (logica del programma, dati e funzioni, come si crea
l'eseguibile)
bibliografia / sitografia
DEVE DIMOSTRARE CONOSCENZA DEGLI ARGOMENTI DEL CORSO
 … ma senza inutili ripetizioni
4
Modalità di assegnazione

contattare preventivamente il tutor della tesina per valutare:
 interesse al tema
 pre-requisiti

le tesine già assegnate sono marcate con una o più X nel titolo (una X per ogni
persona a cui è stata assegnata, fino al numero massimo di studenti indicati
per la tesina; quando il numero massimo di studenti non è indicato si assume
pari a uno)
5
Note sulle tesine svolte da più persone


il ruolo di ciascuna persona deve essere chiaramente evidenziato e valutabile
individualmente
nel contempo deve essere anche chiaro il valore aggiunto di aver svolto una
tesina in collaborazione, con una qualche parte a fattor comune (es. uno studio
introduttivo o la parte sperimentale)
6
Tesina e tesi di laurea




la tesina può costituire il primo capitolo di una tesi di laurea
comunicarlo prima dell’inizio della tesina in modo da impostarla subito nel
modo giusto
in questo caso non scegliere una tesina ma scegliere un progetto di tesi e
contattare il docente per un argomento specifico all'interno del progetto
tutte le tesi associate a progetti di ricerca europei possono condurre (dopo la
laurea) a:
 stage/lavoro presso uno dei partner industriali
 un dottorato di ricerca
7
Note finali


prestare attenzione agli aggiornamenti di questo document (tesi/tesine già
assegnate, aggiunta di nuovi argomenti)
 ogni versiona è identificata come X.Y (major.minor)
 il major number cambia quando vengono aggiunti nuovi argomenti
 il minor number cambia quando un argomento viene assegnato ad uno studente
chi è interessato alla sicurezza ma non trova un argomento adatto in questa
lista (davvero?) può provare a proporre un nuovo argomento
8
Elenco dei progetti di ricerca per tesi
/
Possible research projects for thesis
9
Research projects (I)

SHIELD project (www.shield-h2020.eu)
 EU project for using SDN, NFV, and TC to create a virtualized scure and trusted
network infrastructure for various use cases such as:
 protection of an Intranet
 outsourced network management
 partners: POLITO, Telefonica, HP, …
 possible subjects:
 security policies (specification, management and translation)
 automatic network and system configuration of security parameters
 security optimization
 trusted network connections
 trusted execution environment (based on virtual machines)
 remote attestation
 requirements:
 C or Java programming
 environment:
 Linux (preferred) or Windows
 contact: LIOY / [email protected] / 011 0907021
10
Trusted Computing, i.e. what is my trust foundation?





in my network are there only my computers?
my computers are running only the sw selected by me?
is the sw configured in the proper way?
when I use a public network (e.g. Internet) rather than a private network, am I
really connected to the expected node?
when I am connected to a server, how can I verify its application sw is the
“good” one or it has been altered?
TRUST & INTEGRITY

answers: Trusted Computing (and Trusted Network Connection)
 TPM for desktop, MTM for mobile (or equivalent solutions)
 TC-enhanced Linux + trusted virtualization
 remote attestation & TLS
11
Components of a TC system
local / remote attestation
proof of configuration
(whole sw stack)
secure I/O
towards the user
among various components
isolation
execution in separate
domains / compartments /
environments
protected memory
hw key container
data encryption
data sealing
12
Research projects (II)

ASPIRE project (www.aspire-fp7.eu)
 research objectives
 remote software attestation
 software optimization
 empirical analysis of software protection
 remote attestation
 develop a framework to add remote attestation functionality to an existing
program
 investigate new criteria for attesting software
 formal model of software attacks and protection
 models to understand how to protect a software given the assets given
attacks and software protection dependencies
 optimization of software protection
 given the formal model, define optimization programs to select which is the
best way to protect a software
ASPIRE Consortium
Research projects (III)

FICEP
 project for connecting the Italian e-ID system to the EU e-ID interoperability
architecture (eIDAS)
 possible subjects:
 digital identity (SAML, XACML, id federation)
 public-key certificates, digital signatures, PKI
 e-ID implementation (smart-card, smartphones, NFC, …)
 e-government applications
 requirements:
 Java programming
 web programming
 environment:
 Linux (preferred) or Windows

contact: LIOY / [email protected] / 011 0907021
15
Elenco delle tesine / tesi proposte
(in aggiunta alle tesi sui progetti di ricerca)
/
Possible homeworks and thesis
(in addition to the thesis subjects
associated to the research projects)
16
Hacking tools (homework or thesis) [ X – ]






tutor:
 LIOY / [email protected] / 011 0907021
topic:
 evaluate open-source testing and hacking tools
 create guidelines for security testing with open-source tools
people:
 up to 4 (homework) = Dario Platania, Carmelo Riolo
 up to 2 (thesis)
sample references:
 https://www.concise-courses.com/hacking-tools/top-ten/
 https://www.hackread.com/top-14-best-hacking-tools/
 http://sectools.org/
 other tools that you will find (e.g. those that are part of Kali Linux)
outline:
 read documentation, experiment with the tools, and write the report
required skills:
 Linux user
 for some tools specific scripting languages (e.g. python, Lua)
17
Security best practices (homework or thesis) [ X ]






tutor:
topic:
 analyze best practices suggested by various bodies
 suggest and experiment with open-source tools to implement best practices
people: up to 2 (homework) or 1 (thesis)
 Cassese (thesis)
sample references:
 http://www.agid.gov.it/sites/default/files/documentazione/misure_minime_di_sicur
ezza_v.1.0.pdf
 http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-stateemployees/risk-assessment/risk-assessment-guideline.html
 http://www.cybersecurityframework.it/
 https://www.nist.gov/cyberframework
 other guidelines from various bodies
outline:
 read documentation, find appropriate support tools, experiment, and write report
required skills:
18
 various
Security automation (homework or thesis)






tutor:
topic:
 analyze various standards in the SCAP framework (e.g. CVE, CVSS, OVAL) to
evaluate operational risks
 experimental evaluation of open-source tools (or development for thesis) to
implement various SCAP components
people: up to 2 (homework) or 1 (thesis)
sample references:
 http://csrc.nist.gov/publications/drafts/800-126-rev3/sp800_126_r3_draft.pdf
 https://www.open-scap.org/
outline:
 read documentation, experiment with the tools, and write the report
required skills:
 various
19
Advances in TLS / HTTP security (homework) [ X – ]






tutor:
topic:
 HTTP Strict Transport Security (STS)
 Extended Validation (EV) certificates
 HTTP Public Key Pinning
 other advances …
people: 1-2 = BONINA Biagio + ?
sample references:
 IETF TLS WG = https://datatracker.ietf.org/wg/tls/charter/
 https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
 https://blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09Marlinspike-Defeating-SSL.pdf
 https://en.wikipedia.org/wiki/Extended_Validation_Certificate
 https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
outline:
 read documentation, experiment (if supported by browsers) and write the report
required skills: HTTP, TLS
20
Evolution of X.509 / PKIX (homework) [ X ]






tutor:
topic:
 IETF evolution of the X.509 certificates
people: 1 = CUCCI Luca
outline:
 analyze most important documents by the PKIX WG
 describe features of certificates and related management protocols
 perform experiments, whenever possible
required skills: TCP/IP, X.509, asymmetric cryptography
references:
 https://datatracker.ietf.org/wg/pkix/documents/
21
eIDAS signatures, seals, … (homework)






tutor:
 BERBECARU / [email protected] / 011 0907081
topic:
 technical aspects of the eIDAS EU regulation (e-signature part)
 advanced e-sig, qualified e-sig, qualified cert, time-stamps, seals, trust services
people: up to 2
outline:
 describe the technical solutions adopted by eIDAS and related technical
standards by ETSI
 evaluate pros and cons
 compare to state-of-the-art
required skills: asymmetric cryptography, X.509 certificates, TLS
references: https://en.wikipedia.org/wiki/EIDAS + …
22
IETF security (homework)






tutor:
topic:
 trends on security aspects of Internet
 look at the current active security WGs at IETF and find an interesting one
 https://datatracker.ietf.org/wg/#sec
people: up to 4
outline:
 describe the problem addressed by the WG
 describe the approach, solutions, activities
required skills: depend upon the selected WG
references:
 https://datatracker.ietf.org/wg/#sec
23
Electronic identity (homework or thesis)






tutor:
 SMIRAGLIA / [email protected] / 011 0907192
topic:
 OpenID Connect = http://openid.net/connect/
 WebID = https://www.w3.org/wiki/WebID
 SCIM = http://www.simplecloud.info/
 other necessary components (e.g. WebFinger)
people: up to 4 (if homework) or 2 (if thesis)
outline:
 analyze the technical aspects of the selected e-ID system
 implement a testbed with available open-source components
required skills: cryptography, X.509 certificates, TLS
references:
 see above
24
Modern secure and trusted networks (thesis)





tutor:
 LIOY/ [email protected] / 011 0907021
topic:
 creation of a trusted and secure L2 / L3 network overlay
 … using trusted computing and the new MACsec standard (IEEE 802.1AE)
 … for application with traditional router/switches as well as SDN ones
 cooperation with HP Labs (Bristol, UK) and Telefonica (ES), as part of SHIELD
people: up to 2
outline:
 study IEEE 802.1AE, IPsec, and remote attestation
 design an architecture for a secure and trusted overlay
 implement the architecture
required skills: TCP/IP, packet capture, C programming, system programming
25
Security of IoT (homework) [ X X ]




tutor:
 collaboration with Prof. CORNO
topic:
 analysis of security issues in IoT networks (Zigbee, Zwave, BT-LE, …)
 analysis of security issues IoT communication towards the cloud/app
 analysis of security proposals for IoT
 experimental evaluation of IoT security on some available devices
people: 1-2 = GIOBERGIA Flavio (ZigBee) + AMATO Mario (BT)
required skills:
 attendance of the Prof. Corno's course
Security of IoT (thesis)




tutor:
 collaboration with Prof. CORNO
topic:
 analysis of security problems in IoT
 analysis of security proposals for IoT
 design and implementation of security solution for IoT
people: 1-2
required skills:
 attendance of the Prof. Corno's course
SAML 2.0 Holder of Key profile in eIDAS (homework)






tutor:
topic:
 support for a strong security profile (SAML 2.0 HoK) in a pan-European eID
infrastructure to protect againt MiTM and MiTB attacks
people: 1
example references:
 eIDAS technical specification
 eIDAS reference implementation
outline:
 description of SAML 2.0 HoK profile
 implementation of SAML 2.0 HoK profile in an eIDAS node
 analysis and discussion of pros and cons in adopting HoK profile (e.g. with
respect to other security solutions)
required skills: Java
SAML 2.0 Holder of Key profile in Shibboleth and
SimpleSAMLphp (homework)






tutor:
topic:
 support for a strong security profile (SAML 2.0 HoK) in Shibboleth
people: 1
example references:
 Shibboleth = https://shibboleth.net/
 SimpleSAMLphp = https://simplesamlphp.org/
outline:
 description of SAML 2.0 HoK profile
 installation of Shibboleth and simpleSAMLphp (latest versions)
 document the implementation of SAML 2.0 HoK profile in Shibboleth and
simpleSAMLphp
 perform interoperability tests Shibboleth/simpleSAMLphp (if applicable)
European Trusted Lists (homework)






tutor:
topic:
 document the format of European (EU) Trusted Lists, the services supported and
the tools that may be employed to generate/manipulate such list automatically
people: 1
example references:
 EU TL manager = https://joinup.ec.europa.eu/software/tlmanager/home
 ETSI TS 102 231 (V.3.1.2)
outline:
 description of the EU Trusted Lists
 analysis of the EU Trusted Lists published by the EU countries
 document the services supported
 tools for EU Trusted List creation and manipulation: state-of-the-art, installation
and testing
Certificate validation (homework) [ X ]





tutor:
topic:
 analysis of the current state in website certificate validation
people: 1 = VISENTIN Davide
example references:
 RFC-5280
 papers on certificate validation (provided)
outline:
 description of the (complete) certificate validation process: steps, parties involved
 attacks and incidents affecting certificate validation: issuing rogue certificates
(e.g. as done by Verisign, Comodo DigiNotar), revocation checking (OCSP/CRL
and support for them in browsers), a.s.o.
 investigate, document and test countermeasures: e.g. in some browsers (like
Firefox) some tools/add-ons can be used to support certificate validation, e.g.
Certificate Patrol, CertLock, Conspiracy, Doublecheck, while in others it is
possible to adopt stricter validation policies like certificate and CA pinning in
Chrome
Data models for NSF description






tutor:
 BASILE / [email protected] / 011 0907173
 VALENZA / [email protected] / 011 0907192
topic:
 NSF, network security policies, modelling, NFV
people: 1
example references:
 Netconf/Yang, Tosca, SID,OVF
 https://datatracker.ietf.org/doc/draft-baspez-i2nsf-capabilities/
project (details to be agreed with the tutor):
 analysis of the NFV description languages
 selection of the best language for model the NSFs
 extensions to support the advanced policy management services (SECURED)
required skills:
 XML/XSD, JSON, UML
Policy driven NSFs provisioning






tutor:
topic:
 NSF, security policies, optimization, NFV
people: 1
example references:
 http://link.springer.com/chapter/10.1007/978-3-319-25360-2_6#page-1
 http://link.springer.com/article/10.1007/s10922-014-9307-7
 definition of innovative optimization models for NSF allocations that also consider
security policy information
 integration in a real NFV Management and Orchestrator (MANO)
required skills:
 attitude to mathematical modelling, optimization models
 Java, Linux (advance sysadmin knowledge), XML/XSD, JSON, UML
Conflict analysis for SDN/NFV languages






tutor:
topic:
 NSF, security policies, conflict analysis, NFV/SDN
people: 1
example references:
 http://onlinelibrary.wiley.com/doi/10.1002/nem.1917/full
 http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6912577
 analysis of the SDN/NVF specification languages
 definition of conflict classification models
 integration in a real NFV architecture
required skills:
 Java, Linux (advance sysadmin knowledge), XML/XSD, JSON, UML
 attitude to mathematical modelling
SECURED services from OpenMano to OpenSourceMano






tutor:
topic:
 NSF, NFV, SDN, MANO
people: 1
example references:
 https://github.com/nfvlabs/openmano
 https://osm.etsi.org/
 analysis of the OpenSourceMano initiative
 analysis of SECURED services currently deployed in OpenMANO
 porting of services from OpenMANO to OpenSourceMANO
required skills:
 Java, Linux (basic sysadmin knowledge)
VANET tools (thesis) [ X – ]





tutor: BASILE / [email protected] / 011 0907173
 with Panos Panadimitratos from KTH Stockholm
topic:
 VANET (Vehicular Ad hoc NETwork) is an emerging standard. It may offer new
services to drivers, on the other hand it may create privacy issues
 a privacy solution has been proposed using pseudonyms
 location information can be used to exploit new services
people: 1-2 = Bruccolieri + …
references:
 selected documents (papers + project internal documents)
 defining the threat model for VANET applications using location info
 provide new Apps (services) based on location (accident reconstruction, road
policy violations)
Automatic analysis of Software Attacks [ X ]






tutor:
 CANAVESE / [email protected] / 011 0907192
topic:
 software risk analysis, software attacks
people: 1 = Maietta
example references:
 https://www.researchgate.net/publication/308277481_Towards_Automatic_Risk_
Analysis_and_Mitigation_of_Software_Applications?ev=prf_pub
 https://www.researchgate.net/publication/308837378_Automatic_Discovery_of_S
oftware_Attacks_via_Backward_Reasoning
 definition of automatic methods to discover software attacks against application
assets
 extension of the previous models
required skills:
 Java
 attitude to mathematical modelling
Automatic software analysis for software protection






tutor:
 CANAVESE / [email protected] / 011 0907192
topic:
 software risk analysis, SW protection, decision support
people: 1
example references:
 confidential material that will be shared with the selected candidate
 analysis of software applications with static and analysis tools
 classification of and reasoning about extracted information
 use of the extracted information for software protection purposes (e.g., to
propose better protections or for a more effective enforcement of a protection)
required skills:
 Java, C, Linux (basic sysadmin knowledge)
VM monitoring by using network IDS (thesis)






tutor: VALLINI/SMIRAGLIA/DE BENEDICTIS ([email protected] /7192)
topic:
 problem: monitoring the network behavior of a virtual machine to dynamically
detect misconfigurations and unwanted communications
 trace and classify network traffic of a virtual machine by defining high-level
policies
 forensics activities (configurable network tracing)
people: 1-2
references:
 selected documents (papers + howtos)
 (1) analysis of available open source network IDS (Snort, Suricata, BRO) and
rule-based configuration (to trace network traffic)
 (2) define a set of high-level policies useful to trace network behavior
 (3) develop a methodology and a prototype to generate IDS configuration
starting from high-level policies
requirements:
 high-level skills on managing GNU/Linux OS and network configuration
41
VM monitoring by using host IDS (thesis)






topic:
 problem: monitoring the host behavior of a virtual machine to dynamically detect
misconfigurations and attacks
 trace and identify file changes (integrity), running processes, etc. of a virtual
machine by defining high-level policies
 forensics activities (configurable network tracing)
people: 1
references:
 (1) analysis of available open source host IDS (OSSEC, Aide, md5deep) and
rule-based configuration
 (2) define a set of high-level policies useful to trace behavior
 (3) develop a methodology and a prototype to generate host IDS configuration
starting from high-level policies
requirements:
 high-level skills on managing GNU/Linux OS
42
Monitoring and profiling with logs (thesis)






topic:
 collection of logs from cloud-like infrastructures
 integration of logging management framework with IDS and IPS
 (real time) analysis of logs in order to monitor and profile computing and network
units (e.g. virtual machines, router, firewall)
people: 1-2
references:
 (1) analysis of available open source logging frameworks (e.g. ELK, Graylog)
 (2) definition of high-level policies to manage and deploy the configuration of the
logging in the whole environment
 (3) definition of high-level policies to monitor and profile the environment units
 (4) implementation of the adaptation layers (if needed)
requirements:
 expert on managing GNU/Linux OS
 programming and scripting languages (e.g. Python, Ruby, Bash, Java)
43
Adaptive mobile malware identification







tutor:
 ATZENI / [email protected] / 011 0907173
topic:
 mobile malicious developers often combine portions of code from available
samples to create new malware variants and exploit available knowledge from
open repository and online antivirus to make the identification harder. The goal of
the thesis is to develop an identification methodology to counteract these mobile
malware anti-identification techniques.
people: 1-2
possible co-work with Telecom
references:
 [1] Graziano et al "Needles in a haystack: mining information from public
dynamic analysis sandboxes for malware intelligence." In 24th USENIX Security
Symposium (USENIX Security 15), pp. 1057-1072. 2015
 [2] https://koodous.com
outline:
 1) analysis and test of state-of-the-art identification methodologies, 2) design,
implementation and testing of a methodology to adapt to malware evolution.
required skills: Android (app and system level)
44
Usable security (thesis)







tutor:
topic:
 Since end users are largely unaware of security principles, many security issues
are caused by usability problems. Purpose of this thesis is to identify usability
issues in widespread security procedures and tools, define a benchmarking
methodology to assess usability in security, and propose policies to develop
secure nd usable products
people: 1-2
possible co-work with Bournemouth University
Example reference:
 http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.6079&rep=rep1&ty
pe=pdf (+selected documents to be discussed with the tutor)
outline:
 Analysis of state-of-the-art in usability evaluation of security, selection of target
security tools and procedures, analysis of selected items, synthesis and
refinement of available evaluation methodology, definition of policy and rules to
avoid usable security pitfalls.
preferred skills: usability, human-computer interaction, interest in cognitive science
48
SSG – Security Serious Games (thesis)







tutor:
topic:
 serious games are a recent tendency to exploit games for specific training. Even
if some serious game has been developed in the field of security (e.g. Computer
Forensics) the security field has still not been addressed. Purpose of the thesis is
to apply serious game methodology for developing a proof of concept security
serious game
people: 1-2
possible co-work with Bournemouth University
references:
 selected document to be discussed with the tutor (past thesis and homeworks on
the matter)
outline:
 design of the game requirements (goals, user models)
 development of the proof of concept
 experimental evaluation
required skills: programming. preferred skills: browser-based development,
knowledge of unity framework
49
Scenario-based authorisation framework (thesis)







tutor:
topic:
 this thesis aims to develop a flexible and context-aware authorization system,
exploiting a model of the scenario in which the authorization must be granted
(developed in CAIRIS) and an extensible on-line authorization framework
(SAFAX)
people: 1-2
possible co-work with Bournemouth University and Eindhoven University of
Technology (TU/e)
references:
 CAIRIS: http://cairis.org/
 SAFAX: http://security1.win.tue.nl/safax/
 (+selected document to be discussed with the tutor)
outline:
 definition of scenarios of usage, development and implementation (using CAIRIS
and SAFAX compatible workflow), comparison with other authorization
framework solutions.
required skills: programming, preferred skills: modelisation, authZ framework.
50
eIDAS Shibboleth (thesis) [ X ]






tutor:
topic:
 Shibboleth is a world-wide federated identity solution, flexible and open source.
eIDAS is an European regulation for electronic Identification and signature,
allowing different EU countries to federate their authentication systems. Aim of
this thesis is the enrichment of eIDAS infrastructure (e.g. adding an attribute
provider) adopting shibboleth components.
people: 1 = Pellone
references:
 https://joinup.ec.europa.eu/software/cefeid/document/eidas-technicalspecifications-v10
 https://shibboleth.net/
outline:
 Shibboleth last version analysis
 eIDAS technical specification understanding
 development of shibboleth modules.
required skills: SAML, Java
51
Testing of authentication mechanisms (homework)





tutor:
topic:
 This homework aims to install and test modern authentication procedures and
tools (based, for example, on google authenticator, OATH, FIDO, …)
people: 1-2
example references:
 open authentication initiative (https://openauthentication.org/)
 YubiKey (https://www.yubico.com/products/yubikey-hardware/)
outline:
 selection of relevant authentication mechanisms
 set-up of authentication mechanisms
 usability and performance test of authentication mechanisms
52
Android’s apps obfuscation (thesis)







tutor:
topic:
 many obfuscation techniques exists in various OS (widely used, for example, in
malware applications). This work aims to compare Android current situation
versus desktop OS and evolve mobile current techniques, challenging present
mobile detection tools.
people: 1
references:
 selected documents (malware obfuscation techniques and malware analysis
tools review)
outline:
 state of the art (about Android obfuscation techniques, e.g. in malware apps)
 practical test of existing obfuscation techniques versus detection tools
 development and test of novel Android obfuscation techniques
required skills: Android (app and system level), programming
53
Android’s mobile application danger level evaluator
(thesis)







tutor:
topic:
 This thesis aims to enrich a framework for analysis and evaluation of Android
applications dangerousness, integrating and evolving Android apps evaluation
techniques, both on-line and off-line, in a practical apps analysis toolkit.
people: 1
references:
 selected documents (previous thesis done on this aspect)
outline:
 analysis of the state-of-the-art for application security evaluation
 development, implementation, testing and integration of different modules to
analyse apps
required skills: Android (app and system level), programming
54
Security analysis of NFC tickets [X]






tutor:
topic:
 are NFC tickets really secure?
people: 1 = SANFILIPPO FRITTOLA Marco
references:
 NFC datasheets
outline:
 analysis of NFC tickets
 security issues and possible solutions
required skills: Android (app and system level), Java programming, NFC
55
Remote attestation of Docker containers [X]






tutor:
topic:
 extend remote attestation to support Docker containers
people: 1 = VALLONE Fabio
references:
 documnetation about RA, Docker, and EBPF
outline:
 adapt RA to work with the latest version of Docker
 evaluate EBPF to perform attestation and (possibly) policy enforcement
 evaluate techniques to perform run-time attestation
required skills: Linux and Docker internals
56

Proposte di tesine – e tesi di laurea

Transcript

Documenti analoghi

- PORTO

General rules related to the final exam The Bachelor`s degree

Normalization and extension of single-collector - Torino

on the dynamics of suspension bridge decks with wind

Location and topology design problems in telecommunication

Conference Brochure - eguleonardo2012

BANDO DI CONCORSO PER - Didattica

Bando di concorso 31 ciclo Inglese

ecdl-gis newsletter - Certificazione ECDL-GIS

THEIR HONOUR IS CALLED COWARDICE Mise