1. CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012

2. Previous CAP6135 Term Projects  Web Application Vulnerabilities  Spam Filtering Techniques  Survey of P2P applications and inherent security risks  Building KnightBot: a covert self recovering botNet library  Rootkit  A Study of IDS/IPS  Spam Detection  Zombies in the Clouds

3.  Survey of Defensive Techniques for Preventing Cross Site Scripting Attacks  Computer Security/Forensic Tool Validation  Exploring Steganography: Seeing the Unseen  Methods of Preventing SQL Injection  CAPTCHA Effectivity Survey  Trojan Horses  Smart card and Credit card security study  Security Risks found within RFID Technology 3

4.  Media Sterilization  Survey of Malware Detection in Mobile Environment  Private Profile (a Facebook app) .NET Code Protection: Fighting Reverse Engineering  Security study in cognitive radio network  Security virsualization  Near Field Communication (NFC)Strengths and Weaknesses 4

5. Some Suggested Hot Topics  Cloud computing security  Encrypted data search  Virtual machine isolation  Law and policy on cloud location and storage  Monitoring and log  Location-based service privacy for mobile system  Social network privacy 5

6. Some Interesting Topics  Social network security and privacy  Social network based malware, such as previously appeared malware Boonana, Samy, RenRen, Koobface, and SpaceFlash.  Spam in social network, such as in twitter network  Privacy vulnerability and protection; such as recent incident of Facebook privacy problem  Reputation assurance for online user reviewing system. How to make user reviews reliable against malicious attackers or bots (such as fake review to boost a product)  Botnet modeling, attack method, defense (real case study, monitoring real botnet, peer-to-peer botnet) 6

7.  Cloud computing security and privacy  Virtual machine security: such as prevent information leakage among different users on the same VM or on the same physical host.  Cloud data encryption. How to encrypt data on cloud so that the cloud provider cannot read the data and: (1). it can still be searched by client, (2) it can be shared by multiple users with efficient secure key management; (3). It can still support cloud provider to efficiently save storage by merging the same data together.  How to spread malware in cloud; how to defend malware in cloud environment 7

8.  DNS security:  DNS hijacking attack and defense  DNS Poisoning attack and defense  Case study of previous appeared DNS attack incidents  Email spam and phishing defense  Spam detection, filtering  Phishing attack defense  Wireless networking security  Ad hoc network secure routing  Reputation system for wireless networking  Vehicular networking security and privacy  Security and privacy protection in location service in wireless networking (such as among smart phone users) 8

9.  Security and privacy issues in smartphones  Jail breaking in iPhone  Worm propagation in smartphone: propagation theory, previous incident case study, etc.  Bluetooth security issue in smartphones  Web security  Detection of malicious web sites (for example, by using crawling and honeypots)  Detecting of phishing/fake websites  Detecting malicious code injection  Verifying security for all web plug-ins or extensions  Browser history or cookie security issues and protection 9

10.  CAPTCHA security  Image-based CAPTCHA, video-based CAPTCHA  Improving text-based CAPTCHA  Defense against CAPTCHA human-solver attack  RFID security and privacy  Privacy protection in RFID systems  Security protocols for RFID systems  Real attacks against car key, gas station remote key, etc.  Anonymity  Privacy-preserving data sharing  Attacks against various anonymity protocols and systems  Design of new/improved anonymity protocols  Black market study of hackers 10

11.  Computer architecture based security  Secure CPU design  Secure memory design (e.g., each memory byte has a security bit support)  Secure cache design to defend against side channel attack  Peer-to-peer system security  New attack methods against existing p2p protocols such as bitTorrent  Security issues in p2p video streaming  Network security  Defense against distributed denial-of-service attack  BGP router security  Network traffic-based monitoring and attack detection  Stepping stone identification 11