Examensarbeten och uppsatser / Final Theses
Framläggningar på IDA / Presentations at IDA
If nothing is stated about the presentation language then the presentation is in Swedish.
Due to current distance mode thesis presentations during spring of 2020 will take place online. See more information on the page for online presentations (also link in the menu). If password is required to access the online presentation, please contact the examiner (type in the examiner's name in the search bar in the top right, and choose "Sök IDA-anställda" in the menu).
- 2020-12-01 kl 10:15 i https://liu-se.zoom.us/j/64056863240
Security Auditing and Testing of two Android Client-Server Applications
Författare: Matilda Engström Ericsson
Opponent: Joakim Östman
Handledare: Simin Nadjm-Tehrani
Examinator: Marcus Bendtsen
Nivå: Grundnivå (16hp)
The study aims to assess two proof of concept Android client-server applications partly based on the Open Web Application Security Project (OWASP) Top 10 Mobile Risks from 2016 and partly based on a vulnerability assessment that focuses on the architecture and design of the applications.
It is concluded that the applications encompass multiple of the OWASP Top 10 Mobile Risks and that automated tools find those vulnerabilities. However, the study shows that it is not sufficient to satisfy lists like these as the architecture of the application has big implications on its security. The list may give developers a false sense of security. For instance, components are often dependent upon one another and suffer if other components are not up to standard, since they either need to adapt to legacy code or bad implementations.
Another important finding was that the third party software Sinch, which was used to make voice and video calls in one of the applications, left IP addresses of the user visible during the binding request when the Session Traversal Utilities for NAT (STUN) protocol was used. The Android community has a responsibility to let users of the platform know when insecure connections are made by applications. At the moment there is no way for a regular user to know if their data is being sufficiently protected or not. This problem is reflected upon and a potential way forward is discussed in the thesis.
- 2020-12-04 kl 10:15 i https://liu-se.zoom.us/j/62571242708
Identifying Chaos in Skin Lesions Using Deep Learning - A potential examination tool for dermatologists
Författare: Marcus Odlander
Opponent: Lukas Lindqvist
Handledare: George Osipov
Examinator: Cyrille Berger
Nivå: Avancerad (30hp)
This thesis investigated whether a deep learning model could learn features of Chaos, from the Chaos & Clues evaluation protocol, in a given dermatoscopic image data set. A successful result could be of use in a future decision-support system for when dermatologists examine skin lesions for traces of melanoma (type of skin cancer).
The chosen deep learning model (Inception V3) was trained to recognise four classes related to Chaos. Nearly 5000 anonymous patient data entries was used, provided by the partnering company Gnosco. The data was partitioned into one or two classes depending on the symmetry properties found in the corresponding image annotation. More than twenty different model configurations was run to obtain the results in this thesis.
The results indicate that the chosen model was not capable of learning features of Chaos from the dermatoscopical image data-set. Training the model to recognise features of
Chaos resulted in an overfit system with low validation accuracy (close to 30%).
The prediction target was changed to contrast the negative results from the Chaos classification task. The chosen model was therefore configured to learn two classes,
’melanoma’ and ’nevus’. This prediction target yielded a more positive result as the validation accuracy was close to 85% but the corresponding confusion matrix showed that these results are not trustworthy.
It is inconclusive whether the negative results from the Chaos classification stem from the chosen approach or if the data set was insufficient for the task-difficulty. We propose adjustments to the data set for future work which could disclose if the outlined approach is viable or not.
Page responsible: Ola Leifler
Last updated: 2020-06-11