Thesis Projects within the SoS group
If you're looking for a bachelor or master thesis subject (afstudeeropdracht) and you like the
theme of the SoS group, first glance through
some of the research areas of the SoS group outlined below. Of course you are most
welcome to come up with an idea of your own, as long as it has some relationship
with the SoS theme. Then contact the SoS afstudeercoordinator Erik Poll.
He will discuss some ins and outs with you and suggest and/or contact a possible
thesis supervisor. There is, however, also a formal
route to go through (at least partly).
NB You should start talking to people well before
- ie. several months before - you want to start working on your master thesis!
To help focusing your ideas, here is a list of some (current or recent) projects in the SoS group.
More examples of past Master Thesis projects,
plus some general information about the whole afstudeerproces,
can be found on
the Master Thesis Lab webpage.
Some concrete opportunities for thesis projects for which
we are looking for interested students - some of these are out of
date, but may give some ideas:
-
Marko van Eekelen has several concrete proposals for projects, incl. projects at some companies.
Have a look at Marko's webpage with thesis projects.
-
Test-driven Development
Research into the effectiveness and efficiency of
Test-Driven Development at InfoSupport.
institutions. For more detailed information see this Dutch description of this project, or
contact
Erik Poll.
-
SURFnet Intrusion Detection System
SURFnet is looking for
a student who is interested in setting up an Intrusion Detection System (IDS).
This IDS will be based upon several distributed sensors, each placed at one
of the institutions related to SURFnet. The distribution of these sensors should
provide specific information on the level of intrusion at those specific
institutions. For more detailed information see this Dutch description of this project.
If you are interested, contact Engelbert Hubbers.
-
automated security evaluation of smartcard code
We are looking for someone interested in
automated applet security verification for smartcard software written in Java.
There is a possibility of carrying out this work either at the university
or at the company Riscure.
For more info, contact
Erik Poll.
-
hardening the security of the Linux
There are possibilities to do a Master thesis project at Philips Research, on
hardening the security of the Linux operating systems, with the ultimate aim
to use Linux as platform in consumer electronics products.
For more info, see here or contact
Erik Poll.
-
student internschips at SIG
Software Improvement Group,
is a young company that carries out assessments of software quality
for major organisations, and develops its own tools to do this.
There are several possibilities for projects at SIG;
for up-to-date info see
here.
-
Peer2Peer systems
Several people in the group are doing research into P2P protocols.
Here there are opportunities to work on the development of a new P2P system.
Contact Peter van Rossum
or Flavio Garcia.
-
medical applications and security
Together with Perry Groot
and other people in the IRIS
group we are looking at security issues in applications of IT in
the medical domain. Perry has put some
suggestions for projects
online.
- WebGoat
is a Java web application developed to demonstrate typical security
vulnerabilities in web applications. There are several possibilities
for master thesis projects to investigate and develop techniques to detect
or rule out some classes of security vulnerabilities.
More general ideas for possible topics are given below.
Possible topics are
Security
Security is a very broad area, that is not only an interesting topic for
computer science (informatica) students but also for
information science (informatiekunde) students.
After all, security is typically only a meaningful concept if we consider
an ICT system in its context, i.e. including the organisation and
people that use the system.
Indeed, many security problems are not caused by technical issues,
nor could they be solved by technical solutions, but are down to the
way that people using the system.
People may use the system incorrectly or in ways that were not intended or foreseen.
Correctly using (or installing and configuring) a system may require
technical knowledge and understanding that typical users do not have.
Security measures may also make a system so user-unfriendly that users
refuse to use it, or try to bypass security in creative ways.
Bigger research questions that master thesis projects in security can
address are for instance:
-
What does it mean for a system to be secure ? (Security requirements engineering.)
-
How do we construct systems to be secure ?
-
How do we know if a system is secure, or
how do we evaluate security ?
Note that for many applications of ICT technology for which some - or none - of
the questions above have been seriously addressed.
Here computer science projects scientists will typically focus on more technical
aspects,
and address one of the questions above for, say, a certain program or application,
a class of programs, or a certain platform or programming language,
whereas
information science projects will also (or mainly)
take the organisation, users, etc. of the system into account.
Some interesting background reading to get an impression of the broader field of
security, and maybe find possible topics for a thesis, are the books
"Beyond Fear" and " Secrets and Lies" by Bruce Scheier,
and the book "Security Engineering" by Ross Anderson,
both available from the library.
It is also interesting to read Bruce Scheier's newsletter
CRYPTO-GRAM.
Some concrete proposals for are listed below.
We've tried to distinguish Computer Science and Information Science topics, though
be aware that the borderline is not always very clear,
as for many systems security can be investigated both from a technical
point of view
(e.g. does a given piece of software meet certain security objectives ?)
and from the point of view of, say, the users.
(e.g. do users understand the security implications of using a system, and
can and do they use it correctly?)
Computer Science:
Information Science:
- Write a security analysis of the Dosis/GP project, for the Dutch Open Source
Information Systems for General Practitioners, see
http://www.imagineers.nl/DOSIS.
- Analyse the new KUN smart cards from an identity management perspective.
- Analyse the security and privacy aspects of
DigiD, the new proposal for the authentication system
for citizens dealing with the Dutch civil authorities.
Some ideas in the field of electronic voting; for more information
contact Wolter Pieters.
The first is clearly a Computer Science project, the others are more Information Science
projects:
-
Create a vote verification service for the RIES Internet voting
system
that is a) independent of the calculations of TTPI and b) user friendly.
-
Compare the voting systems used by the various Dutch political parties at
their party congresses in terms of requirements, expectations and results
with regard to security
(For example, D66 has been considering using this sytem.)
-
Compare the election legislation of the "waterschappen" with the one in the
"Kieswet" and identify necessary adaptations to the latter for introduction
of Internet voting in nation-wide elections (requires at least one course in
Law)
-
Investigate the possibilities for authentication in Internet elections and
discuss their advantages and disadvantages
-
Investigate people's perception of the security of Internet voting compared
to voting machines
Java software security and correctness - JML
There are possibilities for projects investigating the security and correctness
of Java applications. This can for instance be Java Card smartcard applications,
J2ME MIDP mobile phone applications, or web applications.
Work on smartcard applications can involve working with actual smartcards.
Projects here can investigate the use the Java annotation language
JML
and associated tools for JML, especially the program verification tool
ESC/Java2.
There are also opportunities to work with more lightweight static analysis tools,
aka source code analysers for Java code, in particular open source tools
such as PMD
or
Findbugs.
Master thesis project could involve using such tools on case studies
or programming on these tools to improve them, or a combination of the two.
More information about projects in this area is
available here.
Semantics
Theoretical projects in the area of semantics and correctness of object oriented
(Java) programs, using proof tools like PVS,
for instance.
Secure protocols
Using cryptographic algorithms like RSA, DES and AES, secure protocols have
been built for a large class of practical problems, ranging from simple tasks
like authentication to complex systems like digital money, or electronic
voting. These protocols, in turn, have been used as building blocks to
incorporate security into much larger applications.
Next to the analysis of the correctness of these protocols (see the previous
sections) we are also interested into the underlying designs of these
protocols, and their efficiency. Moreover, we wish to design new, more efficent
protocols, perhaps even to achieve new security goals. The design of
secure protocols is a challenging one, requiring both a proper
understanding of the actual problem and a bit of creativity as
well. Possible areas of study are
- Privacy enhancing technologies
- Smart card protocols
- Electronic voting
- Lawful interception (key escrow, phone tapping, etc.)
Assignments at industry are certainly a possibility.
For more information, contact Jaap-Henk
Hoepman. See also a list of open,
current and past assignments in this area.