Theses proposals

For fast information you can contact @teozoia (Matteo Zoia), @l_u_k_3 (Luca Buccioli), @pisqu0 (Davide Rusconi) on Telegram.

• Security of Internet of Things
  The advent of "Internet of Things" has been determined by the availability and the pervasiveness of a plethora of smart devices such as smartphones, various sensors, printers, SCADA (Supervisory Control And Data Acquisition) and medical devices. It imposes the need for a series of analysis of both protocols and underlying systems, in order to avoid them becoming sources of new attacks. Theses proposals in this field are experimental, and they're aimed at the study and analysis of these systems in the perspective of their security.
  Advisor: prof. Danilo Bruschi, Matteo Zoia, Luca Buccioli
  Prerequisites:
  • Good knowledge of Linux and C programming
• Trusted Execution Environment
  In the last ten years, producers of mobile devices have equipped their devices with CPUs which enable a protected mode for the creation of execution environments (operating systems) known as TEE, in which some security features can be guaranteed: isolated execution of certain trusted code, secure access to credentials, peripherals and memory. Theses proposals in this field aim at the security analysis of the main TEE in the current market, and an innovative implementation of some critical modules.
  Advisor: prof. Danilo Bruschi, Matteo Zoia
  Prerequisites:
  • Good knowledge of Linux and C programming
• Module implementation on libAFL (Rust)
  This thesis aims to extend the capabilities of libAFL and improve the state-of-the-art in fuzzing tools by introducing new techniques and features. It requires strong knowledge of Rust programming and a solid understanding of fuzzing techniques and tools.
  Advisor: prof. Andrea Lanzi, Davide Rusconi
  Prerequisites:
  • Good knowledge of Rust programming
• Smart contract vulnerability
  This thesis proposes a methodology for smart contract vulnerability finding that combines symbolic execution and emulation. Smart contracts are self-executing programs that run on blockchain platforms, and they are becoming increasingly popular for implementing decentralized applications. However, smart contracts are also prone to vulnerabilities that can lead to severe financial losses or other adverse consequences.
  Advisor: prof. Andrea Lanzi, Matteo Zoia
  Prerequisites:
  • Good knowledge of smbolic execution with angr
• Improving blockchain technologies with TEE
  This thesis proposes the integration of Trusted Execution Environments (TEE) with blockchain technologies to enhance their security, privacy, and scalability. Blockchain technologies are used to provide a distributed and decentralized database that can store information securely, transparently, and immutably. However, the current implementations suffer from various limitations such as low transaction throughput, high energy consumption, and privacy concerns. The proposed approach involves leveraging TEE, a hardware-based security technology, to secure the execution of smart contracts and improve the privacy of transactions.
  Advisor: prof. Danilo Bruschi, Matteo Zoia
  Prerequisites:
  • Good knowledge of Solidity and C programming
• Log event extraction for preventing cyberattacks
  This thesis proposes the use of machine learning techniques to improve log manipulation and event extraction in monitoring system technologies used to detect and prevent cyberattacks. SIEMs collect and analyze log data from different sources, while Sysmon and syslog are monitoring tools that provides detailed informations on system activities. The proposed approach involves using machine learning algorithms to analyze log data and automatically extract relevant information to improve the accuracy and efficiency of security monitoring.
  Advisor: prof. Danilo Bruschi, Matteo Zoia
  Prerequisites:
  • Good knowledge of SIEM related technologies