Master/Bachelor Thesis - Proposals

Ethical hacking learning framework

Contact: Mikael Asplund

The purpose of this project is to investigate and develop new interesting frameworks for learning ethical hacking. Performing and defending against attack in realistic settings are important skills for cybersecurity professionals. LiU will give such a course as part of a new Master's programme in cybersecurity during 2024 with the ambition of extending beyond other existing courses in terms of the range of threats as well as the defensive mechanisms. This master thesis project will investigate such new learning situations and evaluate how they can be tought in a controlled, ethical and innovative way. The aim is not do develop course material as such, but rather to think outside the box when it comes to cybersecurity education. Examples of subjects that are important, but often difficult to include in regular courses, include social engineering attacks, incident response, and cybersecurity of large and complex systems. The thesis project will start with a literature review and overview of existing courses and platforms and then select a few interesting areas to explore further. Prototypes learning environments should be developed and evaluated. The project can be done by one or two master students.

Software dependency discovery

Contact: Mikael Asplund

The purpose of this project is to develop a mechanism and a tool to detect, analyze and visualize software dependencies to enable improved security management. Today, many organizations run software both in-house and hosted in a cloud environment without really having a clear idea of how they are exposed to external threats. Only when new high-impact vulnerabilities are discovered do they start investigating whether this is also present in their running systems. This master thesis project will develop a better way to analyze how different programs and libraries depend on other programs and libraries. There are tools available for open source projects (e.g., see Googles page on dependency management), but how to create such dependency graphs for special-purpose (often proprietary) software is still not sufficiently explored. The work is part of the Vinnova-funded project Sustainable Energy with Adaptive Security where these problems are investigated in collboration with industrial parthers working with next generation cloud-based energy systems. The project can be done by one or two master students.

Reconfigurable software interfaces for improved cybersecurity

Contact: Mikael Asplund

The purpose of this master thesis is to design, implement and evaluate security-aware interfaces for reconfigurable services in next generation software systems. The work is part of a new research project funded by the Swedish Foundation for Strategic Research called Adaptive Software for the Heterogeneous Edge-Cloud Continuum. In this part of the project, the idea is to explore interface specifications that allows dynamic reconfigurations with security requirements in mind. Examples of such security properties can be related to sensitive information that cannot be moved arbitrarily, requirements on authenticity of data and services, and availability requirements (i.e., avoiding single-points of failure). By stating such requirements in the interface specification, an orchestrating service can account for such requirements when reconfiguring due to changes in demand or component failures. The first part of the project will be to investigate existing frameworks for interface specifications and evaluate how well they support security requirements. Next, a prototype will be created that extends the current state-of-the-art and finally, the proposed approach will be evaluated using realistic use-cases from the industrial stakeholders involved in the project. The project can be done by one or two master students.

Mixed reality over 5G with edge computing

Contact: Simin Nadjm-Tehrani

Mixed reality is an umbrella term for any combination of reality with virtual elements. However, the algorithms used typically use video processing and rendering techniques that require a lot of computation and their complexity is increasing. This makes it hard (or even impossible) to run them in good conditions in a user (mobile) device for longer periods due to resource constraints.

Edge computing is a recent paradigm that aims at providing resources accessible with lower latency and increased privacy compared to cloud resources. By enabling the offloading of the computation-heavy task to a more powerful edge device while keeping the latency low, edge computing promises to enable applications like mixed reality.

In an earlier work, a mixed reality prototype using edge computing was implemented, its performance evaluated, and the resulting workload characterized. The first part of the application is a client running on a smartphone and responsible for getting the video input and (after treatment at the server) displaying the mixed reality video output to the user. The second part of the application runs on the server (at the edge) and is responsible for doing the heavy computations needed for providing the mixed reality content. A few enhancements to this prototype regarding hardware acceleration and encoding have been implemented. The current prototype uses WiFi for the client/server communication.

The aim of this thesis is to upgrade the application with regards to newer libraries to realise the function and also perform experimental evaluations over a 5G network, thereby understanding the performance gains and bottlenecks over 5G.

Predicting local load spikes with decentralized learning

Contact: Simin Nadjm-Tehrani

Edge computing is a recent paradigm that aims at providing distributed resources accessible closer to the user compared to cloud resources. These resources can then handle a variety of tasks locally, which reduces the amount of data being sent in the network, and also enables getting context-aware data.

One of the challenges of edge computing is that the workload to be handled is very dynamic and varying in time and space. Therefore, it is important to be able to monitor for local load spikes in order to adapt the resources allocated to maintain a good quality of service. What would be even more interesting is to be able to predict in which areas the load spike will happen in order to decrease the time where the service has to perform in a degraded way due to overload.

In a previous work, we proposed to use mobile edge devices to handle these local load spikes. The spikes where predicted thanks to a threshold mechanism, which serves as input for deciding where to dynamically allocate the mobile resources. The aim of the thesis would be to investigate and implement a learning-based solution to predict the forthcoming local load spikes.

The thesis project will be carried out utilizing national resources at the EdgeLab ( AI-Sweden).

Blockchain git

Contact: Mikael Asplund

The purpose of this project is to investigate decentralized storage solutison that combine the benefits of decentralized versining (e.g. git) and blockchain technologies. The project will implement a distributed data structure that forms a directed acyclic graph (DAG), rather than a single chain. Using a DAG has previously been proposed in Tangle and ABC, but neither of those have really taken advantage of the real benefits provided by this structure. By providing a semantic similar to a git repository, it is actually possible to maintain multiple versions of the data at the same time. This enables unique possibilities such as going back to a previous state, maintaining parallel software versions (i.e., partial upgrades), and recovering from a large-scale attack. Note that the data structure itself is still immutable, going back in time does not mean removing data, only to change the "current branch pointer". Another consequence of maintaining parallel states as a DAG rather than a chain is that total agreement (consensus) is not needed. The high cost of full consensus is well known in the literature, and while the probabilistic variant of consensus provided in early blockchains was a step away from strong agreement, the later permissioned blockchains have again opted for strict consensus protocols such as PBFT. In this approach each branch can decide its own rules for agreement, but crucially, the entire system does not need to agree on a common state. For efficiency and usability reasons this approach would require an automatic merge mechanism to avoid full divergence, a concept similar to state reconciliation.

Anomaly detection for SCADA security with machine learning approaches

Contact: Simin Nadjm-Tehrani

Supervisory control and data acquisition (SCADA) systems control and monitor modern critical infrastructure such as electricity distribution systems. Given the emerging of attacks targeting the control system of critical infrastructures, SCADA security has become a pressing issue.

Network-based anomaly detection is one of the potential defence mechanisms for SCADA security. It aims to model the normal SCADA traffic, e.g. using machine learning techniques, and issue an alarm when there are deviations from the learnt model. Previous work models the IEC-60870-5-104 (IEC-104) traffic from a real electric utility with its timing attributes and the model performs well in presence of non-trivial attacks.

This thesis project aims to extend the timing model to electric utilities that run different protocols such as Generic Object Oriented Substation Event (GOOSE) and Manufacturing Message Specification (MMS). Using the characteristics of the acquired data sets, may lead to discovery of new models or alternative learning approaches.

Making a safety argument for critical software

Contact: Simin Nadjm-Tehrani

The time spent in verification for safety-critical software is an order of magnitude larger than the time spent in actual development of the critical functions. Such software systems are at the core of avionics and autonomous/semi-autonomous vehicles, drones, traffic-signaling systems, and railway systems. Any means to increase the speed of development without losing control of the safety case will be vitally important with increased reliance on software in cyber-physical and embedded systems. In earlier research (DOI: 10.1109/HASE.2008.59) a method is proposed for analyzing exposure of systems, built by composing several components, to single or double faults at the interface of some component. The components are mathematically modelled, and those faults that the system is provably tolerant to are already dealt with (checked by deterministic model checking). This paper tackles the faults for which one cannot show whether the system is tolerant of, or not. This happens where exhaustive formal verification is unfeasible, hence a probabilistic approach is used. The aim of this thesis project is to build upon this work and to evaluate the industrial application of this modelling framework with respect to technical feasibility. The focus will be modelling a safety-critical, cyber-physical software system and evaluating probabilities for catastrophic events at the Critical Systems unit at Combitech. You will decide, together with your supervisor, the precise software system to model early in the thesis work.

Simulating intelligent cooperating vehicles

Contact: Mikael Asplund

Cooperative intelligent transportation systems are envisioned to improve road traffic efficiency, safety, and comfort for passengers. One of the applications currently under development is vehicular platooning. Vehicular platooning, sometimes referred to as a 'road train', is a group of vehicles that travel closely together under control algorithms that adjust the vehicle laterally and longitudinally. The algorithms leverage information shared through network protocols specially designed for vehicular environments such as IEEE 802.11p. In addition to lateral and longitudinal controllers, vehicles must employ a protocol to standardize message formats used for forming or disrupting platoons, for example. In Europe, a standardization effort called ENSEMBLE is currently ongoing with actors such as Volvo and Scania in Sweden. ENSEMBLE's primary goal is to work towards a 'multi-brand' platooning solution in which communication is standardized and therefore trucks from multiple manufacturers can co-operate in platoons. The initial task in this Master Thesis Project is to model the current protocol proposal from ENSEMBLE in the simulation framework Plexe-Veins, which provides realistic mobility and network models of vehicular communication. The model will be used to study interesting aspects such as security of platoons (e.g. is it possible to attack it or how to make them more secure), safety, and efficiency (e.g. is there any circumstance in which the protocol overloads the data channel).

Aggregering av kunddata, el, vatten, värme och bredbandsförbrukning

Contact: Simin Nadjm-Tehrani

En grupp energibolag i Sverige har avsikten att kika på hur förbrukningsbeteenden skiljer sig mellan deras respektive områden. Var för sig har de tex uppgifter kring folks elförbrukning, värmeförbrukning, bredbandsuppkoppling, vattenförbrukning, geografi mm. För att fördjupa dessa insikter kring kunder baserat på denna data men även för att utforska potentialen med att kombinera datan med extern data tänker de skapa en förståelse och se vilka mönster som skulle kunna hittas ifall de tex kombinerade vår data med data från fastighetsregistret, väderdata, inkomster, fordonsdata, antal familjemedlemmar. Exjobbet går ut på att:

• Identifiera potentiella mönster/insikter för gemensamt (delat) data samt kombinationen egna data+extern data
• Vilka analysmetoder, algoritmer och verktyg är lämpliga att använda för ovan scenarier?
• Bättre förståelse kring externa datakällor

Arguing for Safety and Correctness in Machine Learning Models

Contact: Simin Nadjm-Tehrani

Recent advances in machine learning are now being applied in safety-critical systems where software defects may cause severe harm to humans and the environment. Providing convincing arguments that such software-based systems are safe and correct is problematic due to human´s inability to understand the software, and thus fails to identify scenarios in which the software should be tested in. Several researchers have proposed formal verification methods that address these concerns, but the scalability of these methods put limitations on the size and complexity of the software being analyzed.

This thesis work aims to assess trade-offs between different machine learning models when the ability to argue for safety and correctness is important. A prototype of an airborne collision avoidance system is provided, implemented as a neural network, with formal requirements that must be verified for such systems to be deployed in the real world. The work will be done in collaboration with the Avionics Platform & Services division at Saab Aeronautics.

Säkra samhällstjänster: Molnberoenden och kritikalitet

Contact: Simin Nadjm-Tehrani

Ett företag som levererar olika samhällskritiska tjänster har flera olika delsystem som är mer eller mindre beroende av varandra. Dessutom upphandlas produkter och tjänster från tredje part. System som kan ha otydliga beroenden kan vara för komplexa för att ha en helhetssyn vad gäller kritikalitet och arkitektur. Målet med detta examensarbete är att med hjälp av tekniska redskap kartlägga systemkomponenter som är nödvändiga för att leverera en organisationstjänster, deras beroenden som uppfattas av olika aktörer inom organisationen, och hur incidenthantering för olika delsystem sköts. Utgångspunkten ska vara leverans av tjänsten och dess tillgänglighet. Kartläggningen sker genom informationssamling inne i organisationen eller underleverantörer (med betoning på molntjänster) och leder till ett underlag som kan användas för att skapa en generell metod för att effektivt göra likartade kartläggningar hos andra organisationer. Detta exjobb görs i samarbete med Svenska Kraftnät (Svk) inom ramen av forskningscentret RICS (www.rics.se).

Verktyg för att skapa syntetisk data och detektera anomalier

Contact: Simin Nadjm-Tehrani

Att säkerställa informationssäkerhet hos ett nätverkat system, t.ex. kritiska infrastrukturer som levererar samhällskritiska tjänster, bygger på analys av systemet under olika förutsättningar inklusive eventuella attack scenarier och felyttringar. För att kunna utföra systematiska och repeterbara tester där olika försvarsmekanismer utvärderas behöver man utsätta samma normalscenario för en mängd olika attacker och detektioner. Experiment med olika utgångspunkter kan skapas i en test nätverk där flera aktörer (forskare, leverantörer) kan testa sina prototyper och produkter. Därmed behöver data vara frikopplad från en viss organisation och inte kunna spåras till de ursprungliga miljöer där det skapades i. Målet med detta exjobb är att skapa syntetisk data som liknar realistisk data genom att "tvätta" data som normalt inte skulle vara tillgänglig inom en organisation, men som kan delas med andra aktörer under ordnade former. Exjobbsarbetet ska resultera i en metod med tillhörande verktyg som skapar syntetiska datan samt definiera kriterier och metrik för att validera både "likheten" med det ursprungliga datan och dessa anonimitetsegenskaper. Detta exjobb görs i samarbete med forskningscentret RICS (www.rics.se) och kommer till nytta för dess avnämare.