Bachelor Theses Proposals

Integrity checking via SMM

SMM is the most privileged mode on an Intel machine. Among other things, researchers are investigating ways to leverage SMM to perform application integrity checking. In the scope of a bigger project, the student will have to create two modules that will work in SMM: one to translate virtual addresses into physical addresses to be able to read virtual memory from SMM and one to identify running processes from within SMM.

Advisor: Danilo Bruschi
References:
  1. Hardware-Assisted Application Integrity Monitor
Prerequisites:

Automatic analysis of real world traffic dumps (assigned)

Traffic analysis is a core activity for security, even when performed offline. Indeed, it can be useful to find emerging threats or to identify trends of already known ones. The student is provided with huge traffic dumps gathered from the Internet and with a tool to translate the traffic from single packets to flows. At first the student should optimize the tool and then improve it to recognize common attack patterns (SQL Injections, XSS, Buffer Overflows) in order to identify malicious traffic and perform some statistical analyses on detected attacks (i.e.: identifying most common patterns).

Advisor: Danilo Bruschi
References:
  1. Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring
  2. Intrusion detection system
Prerequisites:

Exploiting mobile OSes for fun and profit (assigned)

Mobile devices are nowadays spread all over the world. Companies fight for carving out a bigger slice of market by improving their products adding new features both software and hardware. This implies operating systems getting more and more sophisticated as the existing ones adopted by common PCs. Mobile device security is becoming increasingly important, as personal, confidential, and business information are exchanged on the network and to and from other devices. The student must cope with the analysis of the state-of-art security issues and wisely investigate on possible solutions.

Advisor: Danilo Bruschi
References:
  1. Apple Mac OS and iOS security
  2. Android Security Survey
Prerequisites:

Leveraging VM-Introspection techniques to inspect Linux kernel internals (assigned)

The student(s) will work on HyperDbg, a kernel debugger developed in our lab that allows to perform dynamic analysis of kernel code by leveraging Intel VT-x (namely, hardware support for virtualization). The focus of this thesis will be to add to the set of functionalities of the Linux version of HyperDbg some VM-Introspection techniques that will be used to inspect some OS-dependent features (such as recovering the list of running processes, connections, loaded drivers, etc). These features are already present in the Windows XP version but are missing in the Linux one that is still experimental and not yet released. Subject to the advisor's endorsement, this thesis can be accepted by two people that will implement different introspection techniques.

Advisor: Mattia Monga
References:
  1. Dynamic and Transparent Analysis of Commodity Production Systems
  2. HyperDbg website
Prerequisites:

A security survey of TinyOS (assigned)

Most devices used to create sensor networks leverage TinyOS, a very small and lightweight operating system. TinyOS is so different by common monolithic kernel operating systems that most of the well-known security concepts that are commonly applied to them do not make sense anymore when dealing with this minimal OS. However, security for this kind of devices is of primary importance. A worm propagating through a sensor network, for example, would be able to destroy it completely by simply forcing the sensor devices to use all of their battery power before time. The task of the student that accepts this thesis proposal would be to perform an evaluation of the current level of security of TinyOS and, eventually, to tailor common security techniques to fit in this OS.

Advisor: Mattia Monga
References:
  1. TinyOS
Prerequisites: