Upload
roland-henderson
View
213
Download
0
Embed Size (px)
Citation preview
CAP6135: Malware and Software Vulnerability Analysis
Examples of Term Projects
Cliff ZouSpring 2012
Previous CAP6135 Term Projects
Web Application Vulnerabilities Spam Filtering Techniques Survey of P2P applications and inherent
security risks Building KnightBot: a covert self recovering
botNet library Rootkit A Study of IDS/IPS Spam Detection Zombies in the Clouds
Survey of Defensive Techniques for Preventing Cross Site Scripting Attacks
Computer Security/Forensic Tool Validation Exploring Steganography: Seeing the Unseen Methods of Preventing SQL Injection CAPTCHA Effectivity Survey Trojan Horses Smart card and Credit card security study Security Risks found within RFID Technology
3
Media Sterilization Survey of Malware Detection in Mobile
Environment Private Profile (a Facebook app) .NET Code Protection: Fighting Reverse
Engineering Security study in cognitive radio network Security virsualization Near Field Communication (NFC)Strengths and
Weaknesses
4
Some Suggested Hot Topics
Cloud computing security Encrypted data search Virtual machine isolation Law and policy on cloud location and storage Monitoring and log
Location-based service privacy for mobile system
Social network privacy
5
Some Interesting Topics Social network security and privacy
Social network based malware, such as previously appeared malware Boonana, Samy, RenRen, Koobface, and SpaceFlash.
Spam in social network, such as in twitter network Privacy vulnerability and protection; such as recent incident of
Facebook privacy problem Reputation assurance for online user reviewing system.
How to make user reviews reliable against malicious attackers or bots (such as fake review to boost a product)
Botnet modeling, attack method, defense (real case study, monitoring real botnet, peer-to-peer botnet)
6
Cloud computing security and privacy Virtual machine security: such as prevent information leakage
among different users on the same VM or on the same physical host.
Cloud data encryption. How to encrypt data on cloud so that the cloud provider cannot read the data and: (1). it can still be searched by client, (2) it can be shared by multiple users with efficient secure key management; (3). It can still support cloud provider to efficiently save storage by merging the same data together.
How to spread malware in cloud; how to defend malware in cloud environment
7
DNS security: DNS hijacking attack and defense DNS Poisoning attack and defense Case study of previous appeared DNS attack incidents
Email spam and phishing defense Spam detection, filtering Phishing attack defense
Wireless networking security Ad hoc network secure routing Reputation system for wireless networking Vehicular networking security and privacy Security and privacy protection in location service in wireless
networking (such as among smart phone users)
8
Security and privacy issues in smartphones Jail breaking in iPhone Worm propagation in smartphone: propagation theory, previous
incident case study, etc. Bluetooth security issue in smartphones
Web security Detection of malicious web sites (for example, by using crawling
and honeypots) Detecting of phishing/fake websites Detecting malicious code injection Verifying security for all web plug-ins or extensions Browser history or cookie security issues and protection
9
CAPTCHA security Image-based CAPTCHA, video-based CAPTCHA Improving text-based CAPTCHA Defense against CAPTCHA human-solver attack
RFID security and privacy Privacy protection in RFID systems Security protocols for RFID systems Real attacks against car key, gas station remote key, etc.
Anonymity Privacy-preserving data sharing Attacks against various anonymity protocols and systems Design of new/improved anonymity protocols
Black market study of hackers
10
Computer architecture based security Secure CPU design Secure memory design (e.g., each memory byte has a security
bit support) Secure cache design to defend against side channel attack
Peer-to-peer system security New attack methods against existing p2p protocols such as
bitTorrent Security issues in p2p video streaming
Network security Defense against distributed denial-of-service attack BGP router security Network traffic-based monitoring and attack detection Stepping stone identification
11