The topic suggestions on this page are primarily aimed at our MSc in Computer Security and the MSc in Advanced Computer Science. Many of these projects could also be a first step towards a PhD; see also my list of possible PhD topics in Computer Science.
Integration of RXXR2 into an IDE
The project involves the integration of the static analyser RXXR2 into a popular IDE, such as Eclipse for Java. The aim is that programmers should receive automatic warnings about potential REDoS vulnerabilities. When using the IDE, the user'ss code should be automatically searched for uses of regular expressions by running RXXR2 in the background. For example, certain arguments to API calls in the Java regular expression libraries should be extracted and fed to RXXR2.
Security of anti-virus software
Anti-virus software is marketed aggressively, despite the fact that it is highly invasive (comparable to root kits) and so poses significant security risks itself. The recently published buffer overflow in Clam AV is a case in point. This project aims to assess the security risk (and other consequences) of AV software, ideally by auditing some open-sourcve AV (as it may be unfeasible to find information on commercial products, although using a debugger is a possibility). It is not necessarily expected that an actual exploit is found, but that the risk is put in perspective.