The topic suggestions on this page are primarily aimed at our MSc in Computer Security and the MSc in Advanced Computer Science. Many of these projects could also be a first step towards a PhD; see also my list of possible PhD topics in Computer Science.
The list is not meant to be exclusive, and I may be happy to supervise other topics as well, particularly if they have a programming language aspect.
Some topics require knowledge of C, while others only use Java or are dissertation-only.
Security of Google Wave
Google Wave is a new product that combines features of email, collaborative Wikis, and instant messengers. It is currently in beta testing (and not entirely unhyped). Google Wave relies for its interactive feel on client-side Javascript, which puts a heavy load on the browser. Users rely for the confidentiality of their conversations on the correctness and robustness of both the Wave implementation and the Javascript interpreter, even while the interpreter is stressed with very large variables and highly concurrent interactions. The aim of this project is to assess the risk of using Wave from a secure programming and network security perspective. If possible, the project should provide appropriate feedback to Google's "Dr Wave". (You will need a Wave account to experiment with the Javascript; I have some invitations left if you do not have an account yet.)
Safer programming languages as an alternative to C
Some modern programming languages are designed to be suitable for writing code that would traditionally be written in C, but without the security problems that are widespread in C code. A project could be based on a case study, such as porting C code to a safer language. Some previous projects have successfully done so for Cyclone. Another language that would be interesting in this regard is the Go programming language under development at Google.
Javascript security
The Java security model has become much more complex than the initial sandbox design. At the same time, users face risks from malicious Javascript code. How does the Javascript security architecture compare to Java's? How does the process isolation in Google's Chrome browser impact Javascript security?
Return-oriented programming
There is an arms race between more and more cunning buffer overflow attacks and techniques (such as stack canaries and a non-executable stack) designed to defend against them. In return-oriented programming, an attacker does not even have to inject machine code. Instead, the attack uses pieces of code that are already present in memory. This style of reusing code for malicious ends has been described as return-oriented programming.
Static analysis for security
Static analysis for security is a large and active research area. Hence an MSc project in this area needs to focus on a topic that is achievable in the limited time available. On possibility is to consider languages that have not been addressed by existing tools.
Security of anti-virus software
Anti-virus software is marketed aggressively, despite the fact that it is highly invasive (comparable to root kits) and so poses significant security risks itself. The recently published buffer overflow in Clam AV is a case in point. This project aims to assess the security risk (and other consequences) of AV software, ideally by auditing some open-sourcve AV (as it may be unfeasible to find information on commercial products, although using a debugger is a possibility). It is not necessarily expected that an actual exploit is found, but that the risk is put in perspective.
Taxonomy of software vulnerabilities and defences
There is a bewildering variety of attacks on software. Some are obviously variations on a theme while differing only in technical details. A common theme is that abstractions are subverted by low level operations, so that the results of code are not what the programmer had intended while thinking at a higher abstraction level. Attempts to classify such attacks in a tree, by analogy with phylogenetic trees in biology, are not entirely convincing. A more sophisticated classification along multiple dimensions is needed. The problem is perhaps analogous to the difficulty of fitting features into an inheritance tree in an object-oriented language with single inheritance, where a tree structure may turn out to be too restrictive.
Using Java annotations for security
This project aims to use annotations in Java code to document good secure coding practice and to enable automatic tools to check this.
Economics of software security
One explanation of why computer security is so bad involves economic factors. Some of the relevant buzzwords from microeconomics are incentive incompatibility and information asymmetry. For instance, the cost of insecure code is often borne by someone else (a negative externality). Yet software engineering and software security lifecycles do not seem to take such problems into account. What happens when there are security holes in libraries or third-party components? Can things like contracts be extended with security guarantees to address security externalities?
Security implications of Java RMI
In Java, distributed systems can be programmed using Remote Method Invocation (RMI). As RMI can lead to dynamic class loading, there is a risk of malicious code injection, so that appropriate security checks need to be used. This project investigates techniques for doing so, focusing on passing remote and non-remote objects back and forth between client and server. A possible result of the project could be to identify Design Patterns for using RMI securely.
Understanding Java stack inspection
Stack inspection in Java is designed to prevent malicious code from mounting the "confused deputy" attack by calling methods to do its bidding. Stack inspection is a relatively new and in some ways ad-hoc mechanism. There is an active area of research that tries to put it into a more systematic framework for access control. The aim of this project is to review and build on this literature. Hence the project is largely dissertation, but it should include code examples.
Aspect oriented programming for security
Aspects can evidently be used for secure programming, such as adding access control to code. As aspects are a fairly new technology, it is not entirely clear how useable or scalable aspects are in this role. This projects examines some case studies of aspects for security and evaluates them. Ideally, aspects for security should also be compared to alternative forms of access control, such as Java stack inspection.
Defending against command injection attacks
One of the main avenues of attack on web applications consists of injection of SQL statements. Some recent research has developed defences against such attacks, based on parsing to check whether the input violates assumptions made by the programmer. The aim of this project is to build on the research, and perhaps to apply it to other relevant web technologies, apart from SQL; perhaps eval functions and the like.
Software security audit
We have had a very successful MSc project in which the code of a small software company was audited for security following the methodologies of Dowd et al and McGraw. It would be nice to have such projects again; the main difficulty is to find companies that are willing to trust a student with their code base. (The results would not be made public and only read by the supervisor and second marker.)
Game theory in computer security
Computer security can lead to arms races between attack and defence. For instance, some compiler techniques defend against the more straightforward kinds of stack buffer overflow; and in response, attackers use more devious attacks, leading to further defences. Game theory was developed to deal with strategic behaviour between adversaries (as in the Cold War). Can Game theory shed some light on this ongoing interaction between attacker and defence? Can it tell us how to get the most value for money in computer security?
Javascript/CSS/XHTML obfuscator
To avoid having web content plagiarized, one may render the source unreadable by automatic obfuscation. This project should use a parser generator (like ANTLR, SableCC, JavaCC,...) to read the web source code, and then produce an obfuscated version.
Security in on-line games
Attacks on on-line games are predicted to be a growth area of computer insecurity. This project consists of cases studies of such attacks, focusing on the particular technical challenges of online games, such as distributed, highly concurrent software. For instance, race conditions could be an issue.
Last modified: