CAP6135: Malware and Software
Vulnerability Analysis
Examples of Term Projects
Cliff Zou
Spring 2012
Previous CAP6135 Term Projects








Web Application Vulnerabilities
Spam Filtering Techniques
Survey of P2P applications and inherent
security risks
Building KnightBot: a covert self recovering
botNet library
Rootkit
A Study of IDS/IPS
Spam Detection
Zombies in the Clouds








Survey of Defensive Techniques for Preventing
Cross Site Scripting Attacks
Computer Security/Forensic Tool Validation
Exploring Steganography: Seeing the Unseen
Methods of Preventing SQL Injection
CAPTCHA Effectivity Survey
Trojan Horses
Smart card and Credit card security study
Security Risks found within RFID Technology
3







Media Sterilization
Survey of Malware Detection in Mobile
Environment
Private Profile (a Facebook app)
.NET Code Protection: Fighting Reverse
Engineering
Security study in cognitive radio network
Security virsualization
Near Field Communication (NFC)Strengths and
Weaknesses
4
Some Suggested Hot Topics

Cloud computing security






Encrypted data search
Virtual machine isolation
Law and policy on cloud location and storage
Monitoring and log
Location-based service privacy for mobile
system
Social network privacy
5
Some Interesting Topics

Social network security and privacy



Social network based malware, such as previously appeared
malware Boonana, Samy, RenRen, Koobface, and SpaceFlash.
Spam in social network, such as in twitter network
Privacy vulnerability and protection; such as recent incident of
Facebook privacy problem

Reputation assurance for online user reviewing system.
How to make user reviews reliable against malicious
attackers or bots (such as fake review to boost a
product)

Botnet modeling, attack method, defense (real case
study, monitoring real botnet, peer-to-peer botnet)
6

Cloud computing security and privacy



Virtual machine security: such as prevent information leakage
among different users on the same VM or on the same physical
host.
Cloud data encryption. How to encrypt data on cloud so that the
cloud provider cannot read the data and: (1). it can still be
searched by client, (2) it can be shared by multiple users with
efficient secure key management; (3). It can still support cloud
provider to efficiently save storage by merging the same data
together.
How to spread malware in cloud; how to defend malware in
cloud environment
7

DNS security:




Email spam and phishing defense



DNS hijacking attack and defense
DNS Poisoning attack and defense
Case study of previous appeared DNS attack incidents
Spam detection, filtering
Phishing attack defense
Wireless networking security




Ad hoc network secure routing
Reputation system for wireless networking
Vehicular networking security and privacy
Security and privacy protection in location service in wireless
networking (such as among smart phone users)
8

Security and privacy issues in smartphones




Jail breaking in iPhone
Worm propagation in smartphone: propagation theory, previous
incident case study, etc.
Bluetooth security issue in smartphones
Web security





Detection of malicious web sites (for example, by using crawling
and honeypots)
Detecting of phishing/fake websites
Detecting malicious code injection
Verifying security for all web plug-ins or extensions
Browser history or cookie security issues and protection
9

CAPTCHA security




RFID security and privacy




Privacy protection in RFID systems
Security protocols for RFID systems
Real attacks against car key, gas station remote key, etc.
Anonymity




Image-based CAPTCHA, video-based CAPTCHA
Improving text-based CAPTCHA
Defense against CAPTCHA human-solver attack
Privacy-preserving data sharing
Attacks against various anonymity protocols and systems
Design of new/improved anonymity protocols
Black market study of hackers
10

Computer architecture based security




Peer-to-peer system security



Secure CPU design
Secure memory design (e.g., each memory byte has a security
bit support)
Secure cache design to defend against side channel attack
New attack methods against existing p2p protocols such as
bitTorrent
Security issues in p2p video streaming
Network security




Defense against distributed denial-of-service attack
BGP router security
Network traffic-based monitoring and attack detection
Stepping stone identification
11