Hide menu

Degree Projects

An Open, Decentralized and Distributed System for Spam Protection

Type: 30hp, 15hp

Prerequisites: C, D, Di or equivalent.

As part of the research project An Open, Decentralized and Distributed System for Spam Protection we are able to offer several degree projects of various kinds (from the very theoretical to the very practical, both with research and impelementation focus). Please contact us for additional details.

Contact: Nahid Shahmehri, nahsh@ida.liu.se


Design of validation experiments for vulnerability modeling

Type: 30hp

Prerequisites: C, D or equivalent. Understanding of software engineering is required. Basic understanding of design of empirical tests is strongly recommended.

ADIT is in the process of developing a method for improving software development processes with respect to security. As part of this project we need to empirically validate the methods being developed. Validation is expected to take place in several steps: first small-scale validation to discover any obvious weaknesses, followed by full-blown industrial validation in collaboration with one of our research partners.

The goal of this project is to design experiments that can validate our work. As part of this we expect that one or more trial runs will be executed, and the results analyzed. There are a number of questions that need to be answered:

  • Can others apply our methods successfully?
  • How robust are our methods - do different people come up with sufficiently similar results?
  • Do our methods help prevent vulnerabilities in software development?
  • Do our methods meet other goals, such as method independence, that we have set forth?

Answering these questions may require multiple experiments, and it is possible that designing experiments for all of them is beyond the scope of this project.

Contact: Nahid Shahmehri, nahsh@ida.liu.se


Program analysis tools in vulnerability modeling

Type: 20p

Prerequisites: C, D or equivalent. Programming experience is desirable. Basic understanding of how program analysis tools, program transformation tools or compilers work is required (e.g. compiler construction course). Basic understanding of software vulnerabilities is required (e.g. TDDD17).

Vulnerability modeling is a technique ADIT is developing to improve software development processes with respect to security. An important step in this process is vulnerability analysis, in which vulnerabilities are analyzed to determine their causes. Currently this process is done entirely by hand, but we think that it is possible to improve the process using software analysis tools.

The goal of this project is to determine what kinds of tools can contribute to vulnerability analysis, and how. To this end a thorough survey of the program analysis and comprehension fields will be performed, tools evaluated and to the extent possible, tested on real analysis cases.

Contact: Nahid Shahmehri, nahsh@ida.liu.se


Best practices and mitigation techniques

Type: 20p

Prerequisites: C, D or equivalent. You should have basic understanding of software engineering (e.g. software engineering courses). Programming experience is desirable. Basic understanding of software vulnerabilities is required (e.g. TDDD17).

ADIT is in the process of developing a method for improving software development processes with respect to security. Part of this method is connecting software development activities to individual causes of software vulnerabilities. For example, the activity "replace calls to sprintf with calls to snprintf" might be connected to the cause "use of sprintf on user-supplied data".

The activities in this process are frequently software development best practices. They are well described in the literature, but frequently their motivation is weak or missing. This project aims to "reverse engineer" the causes of many software best practices, to determine which vulnerability causes they actually address, and to what degree.

Contact:Nahid Shahmehri, nahsh@ida.liu.se

Page responsible: Nahid Shahmehri
Last updated: 2009-08-24