I currently have several open M.Sc. thesis topics that have not yet been reserved.
- OOXML Forensic Analysis Tool – The goal of the proposed project is to develop a tool that supports a forensic analyst in exploring OOXML documents (docx, xlsx, pptx). Microsoft Office Word documents are stored in the DOCX file format (from version 2007 onwards). Documents are partitioned in sections, paragraphs, and fragments („runs“). A run is a sequence of characters with identical formatting. In the default configuration all runs have a revision code that relates to the editing session when a run was introduced into the document or the session when it was changed. This is independent from the activation of the Change Tracking feature. Looking at revision codes it is possible to interpret how a document was changed or composed from source documents. This helps to recreate the change history of a document if one only has access to the document file itself. For instance, the „manifest“ that the suspected terrorist of the 22/7 attacks distributed, contains 320 revision codes. OOXML document analysis could help to determine whether there was a single editor or whether several people were involved. A first attempt at such a tool is described in Hanno Langweg (2012). An OOXML File Analysis of the Terrorist Manual Related to the 22/7 Attacks. Accepted for 13th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security – CMS 2012. (Get in touch to get a copy.)
- Forensic Readiness of Transactional Memory Systems – The goal of the proposed project is to investigate how adding logging mechanisms to transactional memory systems would support forensic investigations. Transactional memory (TM) is a concurrency control paradigm that provides atomic and isolated execution for regions of code. TM is considered by many researchers to be one of the most promising solutions to address the problem of programming multicore processors. Its most appealing feature is that most programmers only need to reason locally about shared data accesses, mark the code region to be executed transactionally, and let the underlying system ensure the correct concurrent execution. (Read in ACM’s digital library: Cascaval et. al. 2008. Software Transactional Memory: Why Is It Only a Research Toy?. Queue 6, 5 (September 2008), 46-58.)
Transactional memory provides developers of systems an interface to log all memory changes. Having a log of memory changes could support forensic analysts in determining past actions of processes based on their internal state. A first attempt to build a reference monitor for software transactional memory systems is presented in Birgisson et. al. 2008. Enforcing authorization policies using transactional memory introspection. In Proceedings of the 15th ACM conference on Computer and communications security. - Feasibility of a Malware Test Center – The goal of the proposed project is to determine the feasibility of a Malware Test Center at HiG, including requirements, effort, and implementation plan. One approach to improve software security is security testing. Including malware (proof of concept or out of the wild) poses a danger to production infrastructure at HiG. Hence, a test infrastructure that is separate from the ordinary IT infrastructure at HiG is desirable. This test center should benefit malware detection, malware analysis, application testing, fuzzing, and network security testing. It should operate with a high degree of automation, should be robust and scalable, and should need only moderate maintenance with respect to hardware and operating system upgrades. Test results should be documented in a systematic, traceable, and safe manner.
- A Survey of Security Metrics – The goal of the proposed project is to collect earlier work on security metrics, structure the approaches, identify similarities and differences, determine areas not covered by security metrics, and document the findings in a form suitable for publication. „Security metrics“ is still a young field in information security. There is a lack of a good survey article collecting and organising the knowledge of the field. A good starting point to find an article similar to what you are supposed to work on is Vilhelm Verendel. 2009. Quantified security is a weak hypothesis: a critical survey of results and assumptions. In Proceedings of the 2009 workshop on New security paradigms.
- Feasibility and Case Study of Privacy Points – The goal of the proposed project is to evaluate and implement a prototype of the privacy points metric as proposed by Langweg/Rajbhandari to find out whether the approach could work in practice. Langweg/Rajbhandari proposed a utilitarian approach to a uniform regulatory framework to assess privacy impact and to establish compensatory actions. „Privacy points“ gauge the effect of measures on people’s privacy. Privacy points are exchangeable and, hence, give companies room for innovation in how they improve people’s privacy. Regulators lose control on details while getting the opportunity to extend their power to a larger portion of the market. We propose to quantify the impact of privacy-affecting measures and to express the impact in „privacy points“. The idea is similar to „eco-points“ that quantify the amount of compensation for the use of natural resources in some building codes. The approach also exists in caps on fuel consumption for car fleets and in emission trading. The concept is described in Hanno Langweg and Lisa Rajbhandari. Flexible Regulation with Privacy Points. Accepted at TrustBus 2012 (proceedings LNCS). (Get in touch to get a copy.)
- Security Points as a Utilitarian Regulatory Approach – The goal of the proposed project is to evaluate the privacy points metric as proposed by Langweg/Rajbhandari and to transfer the concept to security metrics in general. Langweg/Rajbhandari proposed a utilitarian approach to a uniform regulatory framework to assess privacy impact and to establish compensatory actions. „Privacy points“ gauge the effect of measures on people’s privacy. Privacy points are exchangeable and allow to compare the impact of different features. Transferred to security in general, „security points“ would represent the security level of an organisation. Actions that reduce security would consume security points, while actions to increase security would generate security points. This concept is already used in building codes. The impact of a construction project on land use and degradation of the ecological value of an area is evaluated before and after a project. Compensatory measures need to be applied within the area of the project or in an attached project so that the sum of ecological assets is not reduced by the construction project. The approach is described in Hanno Langweg and Lisa Rajbhandari. Flexible Regulation with Privacy Points. Accepted at TrustBus 2012 (proceedings LNCS). (Get in touch to get a copy.)
You enjoy working with me if you are able to think independently and consider a M.Sc. thesis project to have a workload of ca. 900 hrs.
If you are interested in working on one of these topics with me, get in touch.