Download presentation
Presentation is loading. Please wait.
Published byRoland Henderson Modified over 9 years ago
1
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012
2
Previous CAP6135 Term Projects Web Application Vulnerabilities Spam Filtering Techniques Survey of P2P applications and inherent security risks Building KnightBot: a covert self recovering botNet library Rootkit A Study of IDS/IPS Spam Detection Zombies in the Clouds
3
Survey of Defensive Techniques for Preventing Cross Site Scripting Attacks Computer Security/Forensic Tool Validation Exploring Steganography: Seeing the Unseen Methods of Preventing SQL Injection CAPTCHA Effectivity Survey Trojan Horses Smart card and Credit card security study Security Risks found within RFID Technology 3
4
Media Sterilization Survey of Malware Detection in Mobile Environment Private Profile (a Facebook app) .NET Code Protection: Fighting Reverse Engineering Security study in cognitive radio network Security virsualization Near Field Communication (NFC)Strengths and Weaknesses 4
5
Some Suggested Hot Topics Cloud computing security Encrypted data search Virtual machine isolation Law and policy on cloud location and storage Monitoring and log Location-based service privacy for mobile system Social network privacy 5
6
Some Interesting Topics Social network security and privacy Social network based malware, such as previously appeared malware Boonana, Samy, RenRen, Koobface, and SpaceFlash. Spam in social network, such as in twitter network Privacy vulnerability and protection; such as recent incident of Facebook privacy problem Reputation assurance for online user reviewing system. How to make user reviews reliable against malicious attackers or bots (such as fake review to boost a product) Botnet modeling, attack method, defense (real case study, monitoring real botnet, peer-to-peer botnet) 6
7
Cloud computing security and privacy Virtual machine security: such as prevent information leakage among different users on the same VM or on the same physical host. Cloud data encryption. How to encrypt data on cloud so that the cloud provider cannot read the data and: (1). it can still be searched by client, (2) it can be shared by multiple users with efficient secure key management; (3). It can still support cloud provider to efficiently save storage by merging the same data together. How to spread malware in cloud; how to defend malware in cloud environment 7
8
DNS security: DNS hijacking attack and defense DNS Poisoning attack and defense Case study of previous appeared DNS attack incidents Email spam and phishing defense Spam detection, filtering Phishing attack defense Wireless networking security Ad hoc network secure routing Reputation system for wireless networking Vehicular networking security and privacy Security and privacy protection in location service in wireless networking (such as among smart phone users) 8
9
Security and privacy issues in smartphones Jail breaking in iPhone Worm propagation in smartphone: propagation theory, previous incident case study, etc. Bluetooth security issue in smartphones Web security Detection of malicious web sites (for example, by using crawling and honeypots) Detecting of phishing/fake websites Detecting malicious code injection Verifying security for all web plug-ins or extensions Browser history or cookie security issues and protection 9
10
CAPTCHA security Image-based CAPTCHA, video-based CAPTCHA Improving text-based CAPTCHA Defense against CAPTCHA human-solver attack RFID security and privacy Privacy protection in RFID systems Security protocols for RFID systems Real attacks against car key, gas station remote key, etc. Anonymity Privacy-preserving data sharing Attacks against various anonymity protocols and systems Design of new/improved anonymity protocols Black market study of hackers 10
11
Computer architecture based security Secure CPU design Secure memory design (e.g., each memory byte has a security bit support) Secure cache design to defend against side channel attack Peer-to-peer system security New attack methods against existing p2p protocols such as bitTorrent Security issues in p2p video streaming Network security Defense against distributed denial-of-service attack BGP router security Network traffic-based monitoring and attack detection Stepping stone identification 11
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.