systems.cs.pub.ro

Research Project Proposals 2012

Detecting and Analyzing Zero-day Attacks using Honeypots

The aim of this project is to build a Honeypot using a virtual machine and implement several methods (such as memory tainting) to detect and analyze attacks. The goal is to automatically detect unknown attacks and generate intrusion detection signatures for an intrusion detection system (such as Snort).

The project has the following objectives:

  • Identify methods for detecting unknown attacks
  • Build a Honeypot system using a virtualization solution
  • Implement several detection methods
  • Implement attack analysis methods
  • Implement several attacks
  • Evaluate the attacks using the Honeypot

A team of 2 students are going to work on a period of 2 semesters for this project (with the possibility of extending the project to 4 semesters).

More details..

Application Layer Protocol Inspection

The aim of this project is to develop an open-source Application Layer Protocol Inspection Framework for a set of well-known application-layer protocols, such as HTTP, FTP, DNS, SNMP and others. The framework verifies each packet for being compliant to the RFC and detects malicious packets. The framework blocks the packets that are performing unauthorized, non-compliant operations.

The project has the following objectives:

  • Identify and analyze Application Layer Protocol Inspection solutions such as the ones implemented on Cisco Appliances.
  • Develop an open-source framework for intercepting and analyzing network traffic.
  • Develop modules that inspect different application-layer protocols and integrate them in the framework.
  • Evaluate the framework in multiple attack scenarios.

A team of 2 students are going to work on a period of 2 semesters for this project (with the possibility of extending the project to 4 semesters).

More details..

Framework for Evaluation the Security and Resource Consumption of Encryption Algorithms

The aim of this project is to implement a framework for evaluating encryption algorithms. The framework should include mechanisms to evaluate the security and the resource consumption of the algorithm. The methods for evaluating security include cryptanalysis attacks performed against the encryption algorithms. Resource consumption is evaluated in terms of processing power and memory occupation.

The project has the following objectives:

  • Identify the most secure symmetric-key and public-key algorithms.
  • Implement a framework for evaluating encryption algorithms.
  • Implement several symmetric-key and public-key algorithms.
  • Implement the resource consumption evaluation modules and integrate them in the framework.
  • Implement cryptanalysis attacks for each encryption algorithm and integrate them in the framework.
  • Evaluate the encryption algorithms from the point of view of security and resource consumption.

A team of 2 students are going to work on a period of 2 semesters for this project (with the possibility of extending the project to 4 semesters).

More details..

 DNS Security in modern networks

This project aims to provide in-depth analysis with regard to the security of the Domain Name System infrastructure.

The project has the following objectives:

  • Analyze the current existing DNS infrastructure; configure an infrastructure for testing purpose
  • Investigate the current security level for the most used DNS clients (Linux, Windows and Android) with black box testing and bug discovery tools
  • Investigate the current security level for the most used DNS servers (bind9, Windows DNS server and MaraDNS – an embedded server) with black box testing and bug discovery tools
  • Test and explore the new DNSSec infrastructure
  • Analyze the implementation for the DNS infrastructure in order to support IPv6
  • Validation for the main DNS related attacks (e.g. DNS poisoning, DNS recursion attack)

A team of 2-3 students are going to work on a period of 3-4 semesters for this project.

More details..