Homeworks (and thesis) for the course Computer Security ...taurus.polito.it/~lioy/02krq/aa1213/tesi_tesine_1213_en.pdfHomework max grade: 27 for the writeen 3 for the oral presentation

Homeworks (and thesis) for the course Computer Security (02KRQ)of the Politecnico di Torinoacademic year 2012-2013

Prof. Antonio Lioy< lioy @ polito.it >

version 1.03 of 22/01/2013

Homework max grade:

27 for the writeen 3 for the oral presentation (optional)

report: use Latex (see example at the web site) about 20-30 pages (optional) PPT slides for a brief talk (15-20’)

can be delivered at any time but – to record the grade in a certain session –MUST compulsory be delivered respecting the following deadlines: 22/2/13 for recording the grade in March 2013 12/7/13 for recording the grade in June 2013 13/9/13 for recording the grade in September 2013

Homework outline meet your tutor to define your workplan

write down your workplan and send it to your tutor and the instructor for approval

send periodic updates to the tutor and the teacher brief (no more than 30 lines) with clear reference to the workplan (items completed)

it's possible to deliver ONE (at most TWO) draft version of the report to get feedback from the tutor/teacher: assuming that the draft is delivered well in advance of the deadline for the final

versione once the final report is delivered, it will be graded without any chance to further

amend it teacher / tutors NOT available during August

Report skeleton introduction and state-of-the-art description of the new technique / analyzed solution advantages and disadvantages residual risks (when applicable) experimental performance analysis if the homework included the development or use of some programming code:

user manual (how-to for installation and use) programmer manual (program logic, data and functions, how-to build)

bibliography / sitography

SHOULD DEMONSTRATE KNOWLEDGE OF COURSE'S TOPICS (without useless repetitions)

Picking up an homework contact the tutor to evaluate:

your real understanding of the subject pre-requisites

homeworks already assigned are marked with one or more X in the title (one X per person, up to the maximum number of people allowed for the homework)

Note about homeworks with several students the role of each student must be clear (to get individual evaluation) at the same time, it must be clear the benefit of having done a joint homework

(i.e. some common part such as a common introduction or a joint experiment)

Homework and graduation work (thesis) your homework may be the first part of your final graduation work (a.k.a.

thesis) if you want to do your thesis in the computer security area then let the the

teacher know this before getting the homework in this case do NOT select a specific hoemwork but select a thesis project and

contact the teacher for getting a suitable subject inside the project each thesis has a possible direct connection with a job at one of the project's

partners

Elenco dei progetti di tesi

Possible projects for thesis

Thesis projects (I) STORK 2.0 project (www.eid-stork2.eu)

large (58 partrners, ~10 M Euro) EU project for interoperability of e-ID possible subjects:

digital identity (SAML, XACML, id federation) public-key certificates, digital signatures, PKI smart-cards e-government applications

requirements: C or Java programming web programming

environment: Linux (preferred) or Windows

contact: LIOY or BERBECARU / diana.berbecaru@polito.it

Thesis projects (II) POSECCO project (www.posecco.eu)

medium (7 M Euro) EU project for security design and audit of large networked systems

partners: SAP, Crossgate, Deloitte, IBM, Thales, Atos, Polito, U.Bergamo, U.Berna, U.Eindhoven, U.Innsbruck

possible subjects: security ontologies and automatic reasoning automatic network and system configuration of security parameters security optimization

requirements: C or Java programming

contact: LIOY or BASILE / cataldo.basile@polito.it

securitycapabilities

securitychecker

configurationgenerator

securitytechnology

mapper

securitydeployment

engine

securitycontrols

securityaudit

systemdescription

securitypolicy

Policy-based security management

Thesis projects (III) TCLOUDS project (www.tclouds-project.eu)

medium (7.5 M Euro) EU project for secure cloud computing based on trusted computing techniques

partners: IBM, Elect. do Portugal, Technikon, Philips, Sirrix, Osp. S.Raffaele, Polito, U.Darmstadt, U.Lisbona, U.Oxford, …

possible subjects: trusted network connections trusted logs programming trusted applications remote attestation

contact: LIOY or RAMUNNO / gianluca.ramunno@polito.it

Trusted Computing, i.e. what is my trust foundation? in my network are there only my computers? my computers are running only the sw selected by me? is the sw configured in the proper way? when I use a public network (e.g. Internet) rather than a private network, am I

really connected to the expected node? when I am connected to a server, how can I verify its application sw is the

“good” one or it has been altered?

answers: Trusted Computing (and Trusted Network Connection) TPM for desktop, MTM for mobile (or equivalent solutions) TC-enhanced Linux + trusted virtualization remote attestation & TLS

TRUST & INTEGRITY

Components of a TC system

isolationexecution in separate

domains / compartments /environments

local / remote attestationproof of configuration

(whole sw stack)

protected memoryhw key containerdata encryption

data sealing

secure I/Otowards the user

among various components

Thesis projects (IV) Webinos project (www.webinos.org)

large (10 M Euro) EU project for secure and ubiquitous platform for “personal” devices (e.g. smartphone, netbook, in-car media&comm centre, home appliance, …)

partners: Fraunhofer-Fokus, BMW, Deutsche Telekom, Sony-Ericcson, Samsung, Telecom Italy, TNO, W3C, Polito, U.Oxford, …

possible subjects: security APIs risk analysis security policy definition and enforcement

requirements: Javascript programming web programming

environment: embedded OS (with JS VM)

contact: LIOY or ATZENI / andrea.atzeni@polito.it

Thesis projects (V) TENACE project

Italian project to be started in 2013 trusted and secure environment for protection of crtifical infrastructures (CI) possible subjects:

security model of CI security policy for a CI automatic analysis / simulation of a CI

environment: Linux

Thesis projects abroadand in collaboration with industries

we have good relations with other research groups they are willing to host 1-2 students each for their MSc thesis good english is a pre-requisite joint tutorship with POLITO pre-selection by POLITO currently available hosting institutions:

TUG (Graz, Austria) KTH (Stockholm, Sweden) others might be added (e.g Oxford)

we have also some collaboration with industries, and they are willing to host some students for internship associated to a thesis

joint tutorship with POLITO pre-selection by POLITO currently available hosting companies:

Oberthur (Paris, France) CRF (Centro Ricerche Fiat, www.crf.it) TILAB (Telecom Italia Lab, www.tilab.it)

Elenco delle tesine (e tesi) proposte

Possible homeworks (and thesis)

Subjects for thesis at TUG (X –) smartphone security:

malware, security analyses development for IOS, Android, Windows Phone mGovernment

cloud: eID, Single Sign On HTML5 security eGoverment

intelligent security knowledge mining in security related areas: malware detection

digital signatures (Citizen Card) on smartphones

more details at http://goo.gl/g689s "anonymous credentials ..." assigned to S.Ivana

Subjects for thesis at KTH (X –) at most two students hosted at KTH

secure ranging and localization secure localization for global navigation systems security and privacy for vehicular communication systems location and smart spaces privacy privacy for user-centric and social network applications secure routing for Internet and for emerging networks

assigned to D.Giordano secure communication for ad-hoc networks formal analysis of security protocols

Subject for thesis at Oberthur (X) development of a simulation enevironment for security applications in Android

requires knowledge of: Java programming Android programming (at least basic)

site: Colombes (near Paris) grant: about 1000 Euro/month duration: 6 months (starting March or April 2013)

assigned to G.Scavo

(homework) Secure NTP (X) tutor: LIOY / lioy@polito.it / 7021 subject:

secure NTP (with symmetric / asymmetric crypto) people: 1 (may also be a thesis) = Bitonti references:

IETF http://www.cis.udel.edu/~mills/ntp.html

outline: protocol description and security analysis description of available implementations tracing the client-server exchange (thesis) deployment and experimental evaluation

(homework or thesis) Timestamping (X) tutor: LIOY / lioy@polito.it / 7021 subject:

TSP (Time-Stamping protocolo) and TST (Time-Stamping Token) people: 1 (or 2 if thesis, that would include also secure NTP)

homework = G.Banea

references: IETF RFC-3161 and successors openSSL-based TSP tool

outline: description of the protocol and data formats experimental evaluation of an open-source implementation

(homework) Security of location protocols (X – ) tutor: LIOY / lioy@polito.it / 7021 subject: security analysis of service location protocols, such as

Multicast DNS (MDNS) Simple Service Discovery Protocol (SSDP) Service Location Protocol (SLP, srvloc)

people: 1-2 Ferrentino ???

references: to be found on the web

outline: description of the protocol(s) and security risks/features sample experiments with available open-source tools

(homework or thesis) PKI-based e-mail (X –) tutor: LIOY / lioy@polito.it / 7021 subjects:

installation and test of a PKI-enabled MSA installation and test of a PKI-based mailing-list

people: up to 2 MAY be a thesis if implemented with trusted computing

(thesis) Fabrizio PINTUS = trusted & secure mailing-list references:

RFC for SMTP over TLS and STARTTLS MSA/MTA patches for PKI integration

RFC for S/MIME extensions for secure mailing-list MSA/MTA patches for secure mailing list

outline: description of the protocol and data formats experimental evaluation of a cert-based ACL for MSA

(homework) EKMI + SKMS tutor: LIOY / lioy@polito.it / 7021 subject:

OASIS enterprise key mgmt + symm. key mgmt. people: up to 2 references:

www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi

www.strongkey.org (open-source sw to be tested) outline:

description of the formats and protocols for EKMS and SKMS experimental trial of the StrongKey solution

(homework) PDF security tutor: LIOY / lioy@polito.it / 011-5647021 students: up to 3

for signature creation, signature verification, encryption topic:

analysis of the PDF format and its support for PKI-based security object:

study and document the security features of PDF use a POLITO certificate to sign/encrypt a PDF document

references: web

tasks: technical documentation of the PDF security features how-to manual to use POLITO certificates with Acrobat

prerequisites: asymmetric crypto

note: may become a thesis if all work done by a single student

(thesis) Secure Matchmaking in Hybrid Cloud environments

tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192) TClouds project (https://www.tclouds-project.eu/)

topic: Secure Matchmaking protocols allow users to define a private set of constraints

on the nature of the communicating party which have to be met in order to establish communication

Communication between parties takes place with the help of an external honest but curious matchmaker whose role is to guarantee fairness in the system

people: 1-2 references:

doc (http://ale.sopit.net/pdf/cose.pdf) project (details to be agreed with the tutor):

(1) evaluation of state of the art secret matchmaking algorithms (2) presentation and demonstration of a Secret Matchmaking algorithm,

characterized by the presence of a distributed matchmaker, which preserves anonimity and unlinkability of users against the matchmaker itself and against malicious users too

(thesis) Privacy by Design Cloud Computing tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192)

TClouds (https://www.tclouds-project.eu/) topic:

Cloud computing operates on Big Data exploitation, and Big Data paradigm leads to Big Risks for the end user

Privacy by design provides privacy as part of the technology rather than as an extra feature to guarantee compliance with data protection laws

doc (http://www.ipc.on.ca/images/Resources/pbd-NEC-cloud.pdf) project (details to be agreed with the tutor):

(1) Evaluation of Security and Privacy risks in Cloud environments with respect to the Cloud (or Cloud-of-Clouds) specific architecture

(2) presentation and demonstration of a Privacy by Design Cloud architecture allowing users to have full control on both access and use of their data

(thesis) Secure Cooperation Enforcement Mechanisms in Distributed Networks

tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192) TClouds (https://www.tclouds-project.eu/)

topic: many incentive mechanisms have been proposed to foster cooperation among

nodes in distributed networks, be they either credit or reputation based most of existing solutions rely on the existence of an online centralized authority

that is in charge of a fair distribution and transaction of either credit or reputation such centralized mechanisms mainly suffer from privacy leakage and single point

of failure problems references:

http://www.kevinjhoffman.com/csd-tr-07-013-survey-attacks-defenses-reputation-systems.pdf

http://www.eurecom.fr/fr/publication/3698/download/rs-publi-3698.pdf project (details to be agreed with the tutor):

(1) security analysis and evaluation of current cooperation enforcement mechanisms in distributed networks

(2) presentation and demonstration of a cooperation enforcement mechanism mainly conceived for the preservation of privacy

(homework) Secure Anonymous P2P Resource Sharing (XX)

tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192) topic:

current Peer-to-Peer networks either fail in providing users’ untraceability or provide it without guaranteeing resource location in ~O(log n) steps

moreover, the setup complexity of current P2P clients discourages users from joining the network

the goal of this homework is to review current P2P web applications, provide details on the security properties they hold (if any), and finally propose improvements to make such solutions meet communication untraceability and user anonymity properties

people: 1-2 = Gonnet (from PC), Annuzzi (from mobile) example references:

project (https://freenetproject.org/) project (http://anomos.info/)

outline: security analysis and evaluation of current P2P web applications identification of the improvements required to provide such applications with

communication untraceability and user anonymity properties.

(homework) Web Reputation Systems Security tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192) topic:

Reputation is an information used to make a value judgment about an object or a person

A reputation statement, in which a source makes a claim on a target, is the building block of any reputation system

Two actors, users and staff members, take three actions: claim creation, evaluation and removal

The goal of this project is to identify the security issues current web reputation systems suffer from, and propose solutions to face them

people: 1-2 example references:

doc (http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6153140&tag=1) outline:

Security analysis and evaluation of current web reputation systems Improvement proposals

(homework) Image Watermarking (XX)

tutor: Cutillo (leucio-antonio.cutillo@polito.it / 7192) topic:

a watermark consists in an information which is embedded into a digital media content in such a way to result imperceptible to humans and undetectable to machines

while strong watermarks are difficult to remove and usually aim at protecting intellectual property, weak ones are easily removable and aim at detecting content tampering

people: 1-2 Arena (in the spatial domain) Fonti (in the frequency domain)

example references: doc (http://eprints.qut.edu.au/48779/1/RnS_revised_ver_1.4%28IEEEpassed%29.pdf)

outline: Security analysis and evaluation of state-of-the-art image watermarking schemes

The webinos project contact: ATZENI (shocked@polito.it / 7192)

webinos project (http://webinos.org) topic

Secure Web Operating System Application Delivery Environment. project objective

a web platform designed to allow apps to securely run across mobile, homemedia, PC and automotive

thesis and career possibilities work with an international consortium... ...in a pervasively growing environment face with real problems from market leading companies

purpose of the project is to create working results and prototypes (availablefrom February '12!)

The webinos projectToday ~30 parties (founding

and growing set of affiliates) partners from more than 10 countries (mainly EU)

academic + industrial non-polarised cross-domain Growing number of

affiliate members

Tomorrow open (source)

community of academia, industrial and developers driving and using the developments

webinos research objectives development of a flexible, secure and usable open platform.

usable security to achieve both security and usability methodologies to achieve SSO in a privacy preserving way (e.g.

pseudonymity, anonymity) methodologies to develop webinos core securely practical and user-friendly security and privacy policy configuration improvement to state of the art mobile threat analysis and threat mitigation practical platform integrity assurance (e.g. trusted computing techniques)

transparently to the user new thesis topics are always emerging from project development…

check with us if you can find your thesis and be prepared to work in a highly dynamic environment

find (much) more on http://webinos.org

(thesis) webinos secure coding tutor: ATZENI (shocked@polito.it / 7192)

webinos project (http://webinos.org/) topic

mobile and convergent software development (e.g. javascript) lacks of secure coding methodologies and testing. In webinos, the development of security bug-free code, is required to avoid presence of disconcerting security flaws.

people: 1 references:

selected documents (papers + project internal documents) project (details to be agreed with the tutor):

(1) development of best-practices shaped for mobile secure coding, application to a subset of the webinos software core

(2) analysis of available methodologies for automated code check and application to webinos environment

(thesis or homework): implementation and verification of webinos authentication protocols (X) tutor: ATZENI (shocked@polito.it / 7192)

Webinos plan to introduce some novel authentication methods, that should at the same time introduce user-friendly SSO and preserve user privacy. These methods needs to be developed and unambiguously verified

people: 1 = Montanaro references:

selected documents (papers + project documents) project (details to be agreed with the tutor):

modelisation and analysis of webinos authentication mechanisms introduced so far (thesis will address the whole webinos architecture, homeworks will address only isolated parts)

(thesis) webinos “penetration testing” tutor: ATZENI (shocked@polito.it / 7192)

Webinos is a complex cross-platform architecture. This complexity could conceal security flaws and weak configuration. A practical risk analysis, testing the platform and its application, is thus required.

selected documents (penetration testing methodologies + project architectururaldescription and code)

project (details to be agreed with the tutor): (1) development of a suitable methodology to test webinos, (2) practical testing of selected webinos configuration, (3) threat mitigation

(thesis) webinos “usable security” tutor: ATZENI (shocked@polito.it / 7192)

In webinos we developed methodologies to address security while considering (theoretically and practically) usability. Since the user base (unaware security people) this aspect have to be refined, mixing up concepts from different disciplines (e.g. cognitive science, user friendliness) to enrich the security model.

people: 1-2 (example) references:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.6079&rep=rep1&type=pdf

http://www.computer.org/portal/web/csdl/doi/10.1109/ARES.2011.115 project (details to be agreed with the tutor):

development and refinement of the webinos usability models (use r artifacts developments, use of artifacts in user’centered security design, privacy preserving interfaces, …)

(thesis) Risk analysis tool development tutor: ATZENI (shocked@polito.it / 7192) topic

analysis of different Risk Analysis methodologies and design and development of a risk analysis tool, based on a critical analysis of the state of the art

Pilar: http://www.ar-tools.com/en/index.html Ebios: http://www.ssi.gouv.fr/en/confidence/ebiospresentation.html Cairis: https://github.com/failys/CAIRIS

project (details to be agreed with the tutor): analyse available RA methodologies and computer aiding tools compare the other RA improve available tool or design a new one exploiting the developed concepts

(thesis) Mobile applications danger level evaluator tutor: ATZENI (shocked@polito.it / 7192) topic

design and prototypization of an evaluation system for mobile system (Windows or RIM) application, capable to evaluate the dangerousness of a downloaded app.

people: 1 (on-going work for Android and iOS) co-work with Telecom Italia Lab project (details to be agreed with the tutor and Telecom Italia Lab researchers):

analysis of the state-of-the-art for application security evaluation design and development and prototypization of the downloaded system implementation of a practical computer tool testing of the tool through automatic download of application from app stores

(thesis) “Smart” honeypot tutor: ATZENI (shocked@polito.it / 7192) topic

development of an honeypot targeted for smartphone (or tablet) and for a specific smartphone service

people: 1 co-work with Telecom Italia Lab project (details to be agreed with the tutor and Telecom Italia Lab researchers):

analysis of the state-of-the-art of honeypot in mobile environments Identification of a suitable “smart” service implementation of an honeypot mimicking the identified service collection and analysis of the breach attempts to the implemented service

(thesis) SDR Jammer tutor: ATZENI (shocked@polito.it / 7192) topic

SDR (Software defined radio) allows to develop and program “home-made” jammer without use of too much costly hardware. The thesis aims to develop USRP jammers for GSM and UMTS terminals, using the Telecom Italia Lab test-bed and hardware

analysis of the background (jammer, GSM and UMTS protocols, SDR, ...) analysis of the available software libraries development of suitable scenarios/ use cases development, configuration, testing (using Telecom Italia Test Plant) of SDR's

jammer

(thesis) NFC threat exploitation tutor: ATZENI (shocked@polito.it / 7192) topic

Study and Apply threats (introduced in Black Hat and DefCon conferences) for NFC-based devices.

analysis of NFC attacks (e.g. Charlie Miller, Eddie Lee Black Hat and DefCon2012)

identification and retrieval of free tools to apply these threats in a controlled environment (e.g. NFCProxy based on libNFC for Android)

development of “in-vitro” analysis (i.e. reproduction in controlled environment, to determine the dangerous level of the threat)

(thesis or homework) Open webOS analysis tutor: ATZENI (shocked@polito.it / 7192) topic

Analysis of the recently released Open webOS (and possibly comparison with webinos)

theoretical analysis of the Open webOS platform (security model, how to use and install/disinstall)

(thesis) Practical analysis to hunt bugs and improve security and usability of the platform

implement ation of concept of the webOS security model in the webinosarchitecture

(homework) innovative authentication protocol (X) tutor: ATZENI / shocked@polito.it / 7192 topic:

the J-PAKE protocol is an innovative protocol based on Password-Authenticated Key Exchange, with a presently available implementation in OpenSSL and OpenSSH. Purpose of this homework is to present the feature and implement a demo of what offered by J-PAKE

people: 1 = Marsicovetere example references:

grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf outline:

protocol analysis and comparison with other authentication mechanisms analysis of libraries provided by OpenSSL and OpenSSH implementation of a test program using those libraries description of the work done in a programming manual

(homework) Smartphone file system encryption tutor: ATZENI / shocked@polito.it / 7192 topic:

proliferation of powerful but easy-to-steal or to-lose devices (e.g. smartphone) increase as well needs of confidential storage. this homework aims is to analyseand evaluate the performance and the security provided by “secure” storage solutions, detailing the suitability in constrained environments (e.g. smartphones)

http://en.wikipedia.org/wiki/List_of_cryptographic_file_systems project (details to be agreed with the tutor):

(1) selection of suitable file systems, (2) definition and deployment of the test environment, (3) testing and analysis of the selected solutions analysis of the selected

solutions.

The PoSecCo project contact: BASILE (cataldo.basile@polito.it /7173)

PoSecCo project (http://www.posecco.eu/) topic

security policy management in Future Internet project objective

improve security and compliance and lower security management costs thesis and career possibilities

work with an international consortium possibility of periods abroad, stages, PhDs

face with real problems from market leading companies abstract research topics are leveraged by real problems from companies

having high security requirements

PoSecCo Thesis research objectives

automatic or semi-automatic creation a policy chain: from abstract security requirements (business level) down to technical, configuration settings (administration level)

comparison, selection, analysis and implementation of security enforcement mechanisms

new thesis topics are always emerging from project development… …check with us if you can find your thesis

policy refinement automatic transformation of high level directives into actual optimal configurations

policy conflict analysis and management models to understand and remove cause of misconfigurations, attacks from

security configurations

PoSecCo Consortium

(thesis) network optimization tools tutor: BASILE/VALLINI (cataldo.basile@polito.it /7173)

PoSecCo project (http://www.posecco.eu/) topic:

manually deriving configurations for security mechanisms in distributed systems is a complex and error prone task

automated tools can give a tangible improvement (move from “satisfactory” configurations to “the best” configuration)

definition of advanced techniques to select the “best” configurations for filtering (firewalls) and data protection devices (firewalls) also include management and deployment costs

(thesis) ontology-based policy refinement tutor: BASILE/CANAVESE (cataldo.basile@polito.it /7173)

security requirements in natural language are used to specify policies, but they need to be mapped into configuration settings

smart techniques can “emulate” the behaviour of skilled administrators avoiding the typical human errors

use ontology to reason about policies and support complex scenarios (e.g., proxy, SSO) ontologies can be seen as a more expressive and sophisticated OO paradigm

(homework) conflict analysis in security controls tutor: BASILE (cataldo.basile@polito.it /7173)

detect and resolve misconfigurations in security controls the (long term) objective is to support analysis of various device configurations

customize the TORSEC geometric analysis model to support vendor-specific policy analysis CISCO (1-2), CheckPoint (1), iptables (1), Apache (1), Squid (1), firewall

builder (2), racoon (1) Apache = Morelli

(thesis) conflict analysis in distributed systems tutor: BASILE (cataldo.basile@polito.it /7173)

detect and resolve misconfigurations in large heterogeneous networked environments

the (long term) objective is to capture dependencies among security controls in computer systems and identify anomalies

extend the conflict analysis model developed by the TORSEC group to support new security functionalities (e.g., channel protection, NAT and reverse proxy)

automatic/assisted conflict resolution

(thesis) VANET tools tutor: BASILE/cataldo.basile@polito.it /7173

with Panos Panadimitratos from KTH Stockholm topic:

VANET (Vehicular Ad hoc NETwork) is an emerging standard. It may offer new services to drivers, on the other hand it may create privacy issues

a privacy solution has been proposed using pseudonyms people: 1-2 references:

(1) testing the privacy model (2) provide new Apps (services) based on location (accident reconstruction,

highway code violations)

(homework) UEFI and secure boot (X) tutor: Marco VALLINI (marco.vallini@polito.it) topic:

UEFI (Unified Extensible Firmware Interface) malware attacks could modify critical operating system components (e.g.,

bootloader) UEFI secure boot proposal aims to validate the bootloader (before starting it) to

ensure that its image is authorized to run on the platform people: 1 = E.Caimotti references:

selected documents (papers + specifications) objectives:

analysis of specifications, criticisms and recommendations considering organizational/compatibility and security aspects (e.g. Setup Mode, Platform Ownership)

comparison with other technologies (e.g. Trusted Boot)

(thesis) security of embedded systems tutor: Antonio LIOY (lioy@polito.it) + researcher(s) from CRF to be performed at CRF (Fiat Research Center, www.crf.it) topics:

security in HTML5 security of web-based embedded applications

people: up to 2 (one subject each) references:

will be provided to candidates objectives:

analysis of the weaknesses of web-based architectures when used inside an automotive system for the entertainment and control objectives

proposal of solutions to counter these weaknesses

Final notes look for of updates of this document (e.g. subjects already assigned, addition

of new subjects) each version is identified as X.Y (major.minor) the major number is changed when new subjects are added the minor number is changed when a subject is assigned to a student

if you are interested in computer security but can’t find a suitable subject in this list (are you kidding me?) then you can propose your own subject

Homeworks (and thesis) for the course Computer Security ...taurus.polito.it/~lioy/02krq/aa1213/tesi_tesine_1213_en.pdfHomework max grade: 27 for the writeen 3 for the oral presentation

Documents

Security of network...

Dispense di Metodi Numerici per le Equazioni Differenziali.....

Architetture di sistemi distribuiti -...

Оглавление - Oy-lioy-li.ru/book/kniga_rop.pdf ·....

Lioy, Paul J., Ph.D

Falck M. 2009. The Norwegian species of Villa Lioy 1864...

Presentazione del WP2 Antonio Lioy ( lioy@polito.it ) Marco....

MHS (Message Handling...

Impresoras Lioy & Leis

HTML (HyperText Markup Language) -...

Metodologie Informatiche Applicate al Turismo - 1...

COMPLEX ANALYSIS -...

Network programming: socketslioy/01mqp/socket_en_3x.pdf ·....

Lioy, The Biblical Concept of Truth in the Fourth …Lioy,.....

Electronic ID at work: issues and perspective fileI'm Lioy /...

Practical exercises of Computer Security -...