Android is a booming eco-system with zillions of third-party apps, many app markets, various devices and multiple platform versions. With a high probability you yourself own (at least) one Android device. Why do not spend your Master thesis work pondering about Android security, and trying to improve it?
Below are some tentative thesis topics. In the SaToSS group, we have everything you need to start investigating Android: app datasets, devices, and tools. Android is not as complex as you might think of it. Usually, you will need to learn to install apps on a device/emulator, you will need to run and write relatively small Python programs, and you will need to understand some basic Machine Learning tools. If you are interested and want to spend more time on it, we can discuss about a student job.
Summary of these projects as pdf with references.
Android apps are sources of revenue for their developers, yet it is very easy to plagiarize a third-party app by repackaging it. In this thesis you will design a new scheme for detecting repackaged Android apps by using resource files included in the packages. Resource files, such as images, strings, xml layouts, have demonstrated their potential in detecting cloned apps. Subsequent experiments have shown that particular resource file types can serve as better indicators of repackaging. In your thesis, you will focus on further improvements of the method. The improvements can be in the direction of robustness} (currently it is very easy for the adversaries to slightly modify the resource files so that the method does not recognize them as identical); scalability} (improving the performance by moving from pair-wise app comparison to search of the nearest neighbours in some ordered space); or you may focus on developing a hybrid approach} that will fuse the resource-based detection with some code-based repackaging detection technique.
One of the most challenging tasks in doing Android security is to collect the right dataset to validate the developed approach. In your thesis you will work on collecting a dataset of third-party apps to share with the community. The dataset will be focused on a particular task: repackaged app detection (a set of confirmed repackaged and non-repackaged app pairs); evolution of Android apps (we want to collect many last-generation apps and check how do they cope with the recent changes in the Android platform architecture); or malware detection (a representative set of recent malware samples). Dataset collection typically involves crawling apps from app markets, and querying different online services (e.g., VirusTotal).
This thesis will focus on applying static analysis tools to Android apps in order to detect anomalies (e.g., malicious behaviors). Some theoretical work can also be considered (developing of a semantic model of Android apps expressed as a graph or a state machine).
The thesis work will be a part of the COMMA project (see here more details). You will interact with other project members and will participate in project meetings.
Risk assessment (threat analysis) is traditionally performed by a group of human analysts (think Deloitte consultants that charge you per hour) by brainstorming about potential threats to the organization. This activity produces incomplete results, because humans are not able to take into account all possible scenarios. Thus lately security researchers started to work on automated risk assessment techniques, in which threats and potential attacks are identified automatically from some system model.
The risk management activity also includes risk treatment: identification of countermeasures that need to be introduced in the organization in order to reduce risks to acceptable levels. In this thesis you will make research in the general area of automated risk management with attack trees. Possible topics for a Master thesis are below.
Summary of these projects as pdf with references.
Assume that security analysts have designed an attack tree characterizing existing attacks for an organization. For such a tree there exist several approaches to identify the most critical attack scenarios (based on parameters important for the attacker, such as cost or time, or parameters important for the defender, such as impact). Given the set of the most severe attacks, we would like to automatically produce a set of countermeasures thwarting these attacks.
You will work on identifying a plausible approach for automated preventive security controls selection. This approach will likely require a knowledge base/an ontology that will capture applicable countermeasures for each attack type (we can start from, e.g., CAPEC). Given such a knowledge base, you will design an algorithm to select countermeasures based on some chosen metrics (e.g., risk leverage, impact reduction, likelihood reduction). You will also need to investigate how to accommodate the selected countermeasures in the original attack tree (thus yielding a correct attack-defence tree). The overall approach will be implemented as a prototype tool and integrated with the ADTool format.
Recently several tools emerged that aim at automated construction of attack scenarios expressed as attack trees. These tools however produce ``flat trees'', i.e., they do not structure the attack scenarios in some abstract way. Human analysts instead aim at establishing categories of attacks, with more abstract attack steps appearing closer to the root of the tree. In this thesis you will study existing methodologies for automated and manual design of attack trees, and will propose a taxonomy of attack tree properties that will bridge the gap between ``flat'' and ``abstract'' attack trees.
Assume that security analysts have designed a comprehensive attack-defense tree representing the existing attacks and already existing controls for an organization. Given this tree, quantitative analysis for various attributes (time, cost, probability of success, impact of an attack) can be performed in the ADTool. Sensitivity analysis} is a method for experimenting with different attribute values to identify critical paths in the tree. In the nutshell, the analyst tries to establish how variance in some attribute values affects the value for the root node.
The goal of this thesis will be to establish a methodology for sensitivity analysis on attack-defense trees. For example, if the analyst goal is to establish the place to introduce a new security control, what process does she need to follow? This methodology will be implemented as a prototype tool and integrated with the ADTool format.