The theme for this year's network security seminar is security policies, their specification and enforcement. This includes both policies written specifically for network usage and security policies of the systems that connect to the Internet or to local communications links, and both policies intended for computers and for human consumption. Security policies are not always explicitly specified but, fundamentally, all security mechanisms aim to implement some kind of policy. When there is a security failure in an IT system, there must be some policy that is being violated. Thus, practically all security and privacy technology can be viewed from the point of view of the policy that it implements. I would therefore request both the students and instructors to think about familiar security mechanisms and processes and ask themselves what policy is implemented, how it is specified, and how it is enforced.

There are two major reasons why it is important for software developers to think about the policies behind security mechanisms. First, when developing or deploying technical security solutions, engineers too often forget to ask the fundamental questions of what is the security policy that drives the work, how the proposed technology implements it and, indeed, can it be implemented. Second, security policies that arise from business decisions and legal obligations increasingly influence everyday engineering decisions. It is important for engineers to understand the distinction between policy and enforcement, and how to the influence each other.

Topics by Erka Koivunen 

How to secure information about handling of sensitive information 

Section 15 of Finnish Act on the Protection of Privacy in Electronic Communications states that a telecommunications provider must produce and save event logs on any handling of telecommunications identification data. Since the telecommunications identification data itself is in essence log data this legislation effectively makes it obligatory for the companies to create a log on handling of log data.

In this assignment you should familiarise yourself with general telecommunications equipment (routers, DSLAMs, DHCPd, MSCs, GGSNs etc.) and understand what kinds of traffic logs they produces and how this information should be secured in order for the operators to comply with the law and regulations. You should also discuss whether 100 % compliance is technically and economically possible and present ideas to solve major problems identified in your work.

Relevant regulation:

http://www.finlex.fi/en/laki/kaannokset/2004/en20040516 (in English)

http://www.finlex.fi/fi/laki/ajantasa/2004/20040516#P15 (in Finnish) http://www.ficora.fi/attachments/suomiry/1158858981373/Viestintavirasto3082004S.pdf (only in Finnish)

Limited User Account on Windows - just a dream? 

Not long ago even Microsoft employees widely used their personal computers with administrator-level privileges. Additionally, hundreds of Windows applications are notoriously demanding when it comes to end user access levels. Some games won't work unless firewalls aren't turned off, enterprise applications need to access system folders with administrator privileges and it seems every annoying browser plug-in expects that the current user has a high-enough privilege level that allows them to install new software. Even malware writers expect that users are running their computers as an admin.

In this assignment you should familiarise yourself with the policy enforcement tools available for the Microsoft Windows platform and devise a plan to lock down a user's desktops without compromising their ability to do their work. Explain how the locked-down computers can be updated and configured by the administrators. A set of technical and administrative rules should be envisioned along with a plan to monitor anomalities and enforce the rules over a large user space (>1000 users). Alternatively, you can use other operating systems platforms such as Linux or OS X in an enterprise environment.

Some links to get you started:

http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

http://en.wikipedia.org/wiki/Group_Policy

Acceptable Use Policies and their enforcement by the Internet Service Providers 

Acceptable Use Policies (AUP) are a set of guiding principles and practical rules that the service provider wishes the end users to follow. The form and level of detail of these AUPs varies from general Terms of Service to a specialised Netiquette detailing practical do's and don'ts. As with agreements between humans the justification of individual rules can sometimes be debatable. Internet Service Providers (ISPs) in Finland are required by government regulation to implement some technical level information security enforcements in their core networks and access networks. There are also some business reasons for having certain rules in the AUPs. At best AUPs help protect the network and its users.

In this assignment you should familiarise yourself with the requirements imposed on the Finnish ISPs and network access service providers by the regulation. You should compare how these requirements are translated into the service agreements, Netiquettes and other forms of AUPs. You should also discuss whether the rules are enforceable: how and when does the ISP (or authorities) notice that a certain rule has been broken and what actions they should and could take to correct the situation? Are you able to find rules that have no security justification although they have been portrayed as security enhancements?

Some links to get you started:

FICORA:

http://www.ficora.fi/attachments/englantiav/5B37cMfzM/FICORA11A2008M.pdf

http://www.ficora.fi/attachments/englantiav/5B37hthyt/FICORA13A2008M.pdf

http://www.ficora.fi/attachments/englantiav/5hw9MAxqr/FICORA09C2009M.pdf

Netiquette:

http://www.tietoturvaopas.fi/en/index/perusohjeet/netiketti.html

http://www.ietf.org/rfc/rfc1855.txt

http://fi.wikipedia.org/wiki/Netiketti (in Finnish) http://en.wikipedia.org/wiki/Netiquette

ISPs:

http://www.elisa.fi/asiakaspalvelu/as.cfm?o=3.00 (mostly in Finnish) http://www.sonera.fi/Lisatietoa/Yleiset%20ehdot/ (mostly in Finnish) http://www.dna.fi/Yksityisille/Laajakaista/ohjeetjaasetukset/Sivut/Default.aspx  (mostly in Finnish)

Topics by Boris Nechaev 

Frameworks, toolkits and software suites for automated analysis of security policies 

Security policies play a central role in protecting computer systems. Defining and implementing security policies is usually not a straightforward task especially in the light of ever-increasing complexity of systems under protection. This results in policies having mistakes that further lead to security violations not only by explicit hacking but also incidentally due to misconfiguration. Debugging security policies is also non-trivial and as well prone to mistakes. To make the debugging and verification process more reliable a number frameworks for automated analysis of security policies have been implemented. The goal of this study is to make a survey of existing policy analysis toolkits and make comparison between them if applicable. (Note: The tutoring will be mostly by e-mail.)

References:

[1] Swati Gupta, Kristen LeFevre, and Atul Prakash. SPAN: A Unified Framework and Toolkit for Querying Heterogeneous Access Policies, 4th USENIX Workshop on Hot Topics in Security (HOTSEC) , August 2009.

[2] K. Fisler, S. Krishnamurthi, L. Meyerovich, and M.Tschantz.

Verification and change-impact analysis of access-control policies. In International Conference on Software Engineering (ICSE), 2005.

[3] Marmorstein, R. and Kearns, P. A tool for automated iptables firewall analysis. In Proceedings of the USENIX Annual Technical Conference, April 2005.

Policies in Bro IDS 

Bro is a popular Unix-based open-source Intrusion Detection System (IDS) used for both real-time intrusion prevention and off-line network traces analysis. Bro engine incorporates a policy scripting language and a collection of off-the-shelf policy scripts. Bro features a separation of network event (e.g. establishment of a TCP connection, HTTP request, etc.) analyzers and policy layer which allows for greater simplicity and flexibility. The goal of this work is to give an overview of Bro IDS and its extensions, study Bro policy mechanism and scripting language, describe implications of event analyzer and policy layer separation. For those interested in hands-on experience with Bro a possible extension of the study is to implement own simple Bro policy script. (Note: The tutoring will be mostly by e-mail.)

References:

[1] V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.

[2] C. Kreibich and R. Sommer, Policy-controlled Event Management for Distributed Intrusion Detection , 4th International Workshop on Distributed Event-Based Systems (DEBS'05), 2005.

[3] M Vallentin, R. Sommer, J. Lee, C. Leres, V. Paxson, and B.

Tierney,  The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware, RAID 2007.

The role of XACML in defining access control policies 

Since the moment when the first specification of eXtensible Access Control Markup Language (XACML) was published in February 2003, it has gained vast popularity and became a de-facto tool for specifying access control policies. XACML is an XML-based language designed to standardize and thus simplify the process of defining access policies. Nowadays XACML is used in many business solutions and various extensions were suggested for it. The goal of this study is to describe the role of XACML in specifying access control policies as well as to illuminate its various use cases, extensions and evaluation engines. (Note: The tutoring will be mostly by e-mail.)

References:

[1] Karjoth, G., Schade, A., and Herreweghen, E. V., Implementing ACL-Based Policies in XACML. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC), December 2008.

[2] Liu, A. X., Chen, F., Hwang, J., and Xie, T., Xengine: a fast and scalable XACML policy evaluation engine. In Proceedings of SIGMETRICS'08, June 2008.

[3] George Hsieh, Keith Foster, Gerald Emamali, Gregory Patrick, Lisa Marvel, Using XACML for Embedded and Fine-Grained Access Control Policy, ares, in Proceedings of International Conference on Availability, Reliability and Security, 2009.

Topic by Bill Brumley 

Randomart in OpenSSH 

Randomart is basically a text-based hash visualization. It just seems to have popped up and is already deployed in e.g. Ubuntu. See: http://alibash.livejournal.com/200301.html . But what are the security properties? Nobody seems to know (or ask?), and it's already out there! There could be a ton of interesting things to look at: 1. What is the range of the function? ("How many possible randomarts?") 2. Can we get useful (pre-)pre-images? 3. Can we get useful "close" pre-images? (It's like Where's Waldo...) 4. Could even do an experiment on how "close" they have to be for people to notice. Key-words: Privacy, accountability, information-centric networks.

Topics by Jukka Ylitalo 

Accountability in publish-subscribe architectures

Weitzner et al. present an alternative viewpoint to privacy policies in the Internet in [1]. Instead on relying on access control and encryption to protect sensitive information they propose that laws and systems are needed to hold people accountable for the misuse of personal data. The research target is to analyze how some of the Weitzner's ideas can be applied to information-centric networks. More precisely, the work concentrates on the accountability-system aspects (not on legislation) in so-called next-generation publish-subscribe networks [2].  

[1] D. Weitzner et al, "Information accountability", Communications of the ACM, Volume 51 ,  Issue 6  (June 2008), pp. 82-87, ISSN:0001-0782, http://portal.acm.org/citation.cfm?id=1349043

[2] PSIRP-project, Tech. report, "Architecture Definition, Component Descriptions, and Requirements (D2.3)", Sections 3.1-3.2, 3.5, 4.1.1-4.1.4, 4.4, 4.5.1, 4.6, 8. http://www.psirp.org/files/Deliverables/FP7-INFSO-ICT-216173-PSIRP-D2.3_ArchitectureDefinition.pdf

Topics by Petri Savolainen

Filtering and throttling Peer-to-Peer traffic

Using peer-to-peer file sharing software is deemed unacceptable in a number of networks including the Helsinki university HUPNet. In this topic, the student should write a survey on the various means used by network operators in enforcing this "no p2p" policy. Of specific interest are the technologies that are used for blocking and throttling p2p traffic, their efficiency, and the counter-measures that the developers of p2p file sharing software have taken to render these technologies ineffective.

References:

[1] Dischinger, M., Mislove, A., Haeberlen, A., and Gummadi, K. P. 2008. Detecting bittorrent blocking. In Proceedings of the 8th ACM SIGCOMM Conference on internet Measurement (Vouliagmeni, Greece, October 20 - 22, 2008).

[2] C. Rossenhövel, "Peer-to-Peer Filters: Ready for Internet Prime Time?" 2008.  http://www.internetevolution.com/document.asp?doc_id=148803&

DDoS attacks and publish-subscribe

The publish-subscribe paradigm has been proposed as a means of preventing denial-of-service attacks. This is said to be achieved in such networks by enforcing a policy which dictates that a node only receives data it has subscribed to. The goal of the seminar project is to explain the concept denial-of-service attacks, introduce the publish-subscribe paradigm, and explain and the way in which this paradigm could act as a cure against denial-of-service attacks. Are publish-subscribe networks really immune to DDoS attacks?

References:

[1] RFC 4732. Internet Denial-of-Service Considerations.

[2] Jokela, P., Zahemszky, A., Esteve Rothenberg, C., Arianfar, S., and Nikander, P. 2009. LIPSIN: line speed publish/subscribe inter-networking. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication (Barcelona, Spain, August 16 - 21, 2009).

Firewalls in enforcing acceptable use policies

Firewalls are widely used in enforcing acceptable use policies in corporate networks. However, the firewalls often make also the legitimate network use difficult. In this topic the author should consider the effectiveness of firewalls as a means of enforcing acceptable use policies. What kind of acceptable use policies can be enforced using firewalls? Are firewalls effective in enforcing these policies? What kind of implications do different firewall policies have on legitimate uses of the networks? The seminar paper should consider different firewall technologies and the means of bypassing the firewalls for both legit and illegitimate reasons.

References:

[1] K. Ingham and S. Forrest, "A history and survey of network firewalls," 2002. http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf

[2] P. Kostenbader and B. Donnelly, "Standards in desktop firewall policies" 2006. http://www.securityfocus.com/infocus/1867

Topics by Elena Reshetova

Symbian OS Platform Security Model

The first part of this assignment is to study the main principles of Symbian OS Security model: Symbian capabilities, data caging, Symbian trusted computing base. The next step is to get familiar with the Platform Security Environment for developers  (such as developer's certificates, package signing tools and so on) and understand the Symbian signed model. The last step of the assignment is to develop a small program on Symbian, sign it by using the Symbian Signed process and experiment with it on a real device.

References:

[1] Craig Heath, "Symbian OS Platform Security", Wiley, 2006 (Can be borrowed from me)

[2] Symbian SDK, http://www.forum.nokia.com/info/sw.nokia.com/id/05c63dfd-d6e9-4c0e-b185-d365e7001aeb/S60-SDK-0548-3.0-f.3.215f.zip.html

[3] Symbian Signed, https://www.symbiansigned.com/app/page

Mandatory Access Control in SELinux

The SELinux security solution was presented in 2001 by the National Security Agency. It includes an implementation of Flask architecture, which provides flexible support for different mandatory policies.  The goal of the assignment is to study the basic mandatory access policies, which are supported by SELinux (such as domain type enforcement mechanism  (DTE), multi-level security mechanism (MLS), and role-based access Control (RBAC) model), and understand how they can be used to make a reasonable SELinux policy. In addition, some on-hands experience with Linux security modules (LSM) can be done.

References:

[1] R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, J. Lepreau, "The Flask Security Architecture: System Support for Diverse Security Policies", 1999

[2] P. Loscocco, S. Smalley, "Meeting Critical Security Objectives with Security-Enhanced Linux", 2001

[3] C. Wright, C. Cowan, J. Morris, S. Smalley, G. Kroah-Hartman, "Linux security modules: general security support for the Linux kernel", 2002

[4] Bill McCarty,"SELinux:NSA's Open Source Security Enhanced Linux",O'Reiily, 2004 (Can be borrowed fromme)

Sandboxing and jailing in Unix OSs

The goal of sandboxing or jailing this mechanism is to restrict access to platform services and user data by an application to specified limits. A jail guarantees that an application inside it cannot harm the system or other programs outside the jail. The goal of this assignment is to study the different sandboxing techniques, such as the chroot jail (Unix), the FreeBSD jail, and the BitFrost security system, compare them and study the possible ways of breaking out of some of them (for example how to break the chroot jail).  

References:

[1] Manual page for chroot command, http://linux.die.net/man/2/chroot

[2] How to break out of a chroot() jail. http://www.bpfh.net/simes/computing/chrootbreak.html

[3] I. Krsti, S.L. Garfinkel , "Bitfrost: the one laptop per child security model", 2007

[4] FreeBSD jail man pages, http://www.freebsd.org/cgi/man.cgi?query=jail, http://www.freebsd.org/cgi/man.cgi?query=jail&apropos=0&sektion=2&manpath=FreeBSD+7.2-RELEASE&format=html

Topics by Sanna Suoranta

Privacy policies for student data at a university  

This project will investigate the privacy and confidentiality policies for implemented at TKK for handling personal data of students. The work should be based on at least the following sources of information: legislation on data protection and freedom of information, written university policies and guidelines, and interview of the departmental administrators about their actual working policies. The main questions are: what data is public, what is confidential, and what controls are there for access to data. Note: some the sources are available only in Finnish.

Personal Data Act (henkilötietolaki), http://www.finlex.fi/en/laki/kaannokset/1999/en19990523

Act on the Protection of Privacy in Electronic Communications, http://www.finlex.fi/en/laki/kaannokset/2004/en20040516

University rules.

http://www.tkk.fi/fi/henkilokunnalle/saadokset/

http://www.tkk.fi/fi/opinnot/opintohallinto/index/

http://www.tkk.fi/fi/opinnot/opintohallinto/paatokset/,  

for example Publishing personal data and grades:

http://www.tkk.fi/midcom-serveattachmentguid-2fff5c087e4711dc9c44efa6139f2e0b2e0b/opitmkpa0311999.pdf,

http://www.tkk.fi/fi/opinnot/opintohallinto/paatokset/tkkn_kurssien_kaytantojen_yhtenaistaminen.pdf,

http://www.tkk.fi/fi/opinnot/opintohallinto/paatokset/kurssien-informaatiologistiikka.pdf

Using student data for research

University research benefits greatly from having access to a large population of laboratory mice: the students. Students can be asked to perform tasks, observed, and there are large databases that can be mined for information about them. The goal of this seminar project is to investigate the regulations and norms that are in place for handling personally identifiable data about students when it is used for scientific research. One or two research projects that use human subjects will be chosen as case studies.

Evaluating ethics in research in Finland (in Finnish and in Swedish), http://www.tenk.fi/JulkaisutjaOhjeet/TutkimuksenEettinenArviointiSuomessaFIN_SVE.pdf

Ethical Committees of the universities (note, more information in Finnish) are more common in universities that have faculty of medical science but others has too. TKK and Aalto do not have ethical committees.

University of Helsinki, http://www.helsinki.fi/research/ethics.html

University of Jyväskylä, https://www.jyu.fi/hallinto/toimikunnat/eettinentoimikunta/en/enindex

Legislation for medical sciences: Medical Research Act (Laki lääketieteellisessä tutkimuksessa), http://www.finlex.fi/en/laki/kaannokset/1999/en19990488

Security policies for Single Sign On in Service Ecosystems

In mashup services and other service ecosystems, service providers can create services that a user collects to use in her service composer. Currently, many mashup services have a single background organization that can also easily provide a Single sign on (SSO) for all the services. In the future, service ecosystems may not have a single background organization to handle unified access control, but the services can provide services to other services thus acting on user's behalf. The goal of this seminar project is to investigate the security policies of currently used mashup services and think what kind of policies are needed for single sign on in distributed mashup services.

OpenID  http://openid.net/

Google Friend Connect (GFC), http://www.google.com/friendconnect/

Topics by Sachin Gaur

Privacy policy for location sharing

Location sharing is coming up as a promising feature on social media. However, experts have raised concern about privacy concerns related to it. Some of the available services which provide their users with location sharing features are Google Latitude, Loopt and a research project from C.M.U. U.S.A., "Locaccino". The student is expected to write a literature survey and make a comparative analysis of different proposed techniques available for location sharing.

References:

Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and Jinghai Rao. Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application Journal of Personal and Ubiquitous Computing 2008.

Locaccino: http://www.locaccino.org/ 

Sachin Gaur,  User Centric privacy management for location tracking services, http://users.tkk.fi/~sgaur/Thesis/Thesis/TKK_Thesis.pdf 

AI, Persuasion, Game theory and other approaches to make/improve privacy policies

Choosing the right privacy policy for users is always a painful task. Either they are not aware of the privacy features or they do not realize the value of data until they run into problems. The goal is to make this task easy for users and if possible persuade them to choose safe behavior. There are a number of techniques which can be applied like persuasive design4,2, machine learning 1,3, game theory, crowd sourcing etc. The goal of this project is to write a literature survey on these persuasion techniques and identify their pros/cons and feasibility. Alternative, it is possible to write an exhaustive literature survey on one technique and propose some conceptual improvements.

References:

1. Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. "Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeous between Expressiveness and User Burden?" To appear in PETS '09

2. Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Tuomas Sandholm, Lorrie Faith Cranor, Paul Hankes Drielsma, Janice Tsai. The Impact of Expressiveness on the Effectiveness of Privacy Mechanisms for Location Sharing. CMU-ISR Tech Report 08-141.

3. Patrick Kelley, Paul Hankes Drielsma, Norman Sadeh, Lorrie Cranor. User Controllable Learning of Security and Privacy Policies. AISec 2008.

4. Janice Tsai, Patrick Kelley, Paul Hankes Drielsma, Lorrie Cranor, Jason Hong, and Norman Sadeh. Who's Viewed You? The Impact of Feedback in a Mobile-location System. To appear in CHI '09

Topics by Jukka Valkonen

Vulnerability disclosure policies

In order for vendors to fix bugs and vulnerabilities in their products, they must be reported by the discoverer. To make this possible, the vendors should have policies specifying how users can report such errors in an easy and reliable way. The goal of the topic is to write survey on different vulnerability disclosure policies.

References:

NIAC Vulneravility Disclosure Framework, http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf

CISCO Security Vulnerability Policy, http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Topics by Jani Heikkinen

Privacy policies in location-based services

As the number of location-based services (LBS) is increasing rapidly, the privacy policies given by the services flourish with different kinds of terminology and assertions. According to them, services operate and use, maintain, provide, display, and disclose location data. In addition, the policies mention numerous stakeholders and ways to opt-in or opt-out. This can be confusing to most of the service consumers and thus the policies are poor aids for decision-making. In this seminar work, you will systematically analyze existing (LBS) privacy policies to get an overall understanding of the differences among the policies. You should also discuss the main reasons that explain the differences.

References:

Various privacy policies of location-based services

Einar Snekkenes, Concepts for personal location privacy policies, 2001. http://doi.acm.org/10.1145/501158.501164

CTIA, Best Practices and Guidelines for Location Based Services, 2008. http://files.ctia.org/pdf/CTIA_LBS_BestPracticesandGuidelines_04_08.pdf

Anton et al., Analyzing Website privacy requirements using a privacy goal taxonomy, 2002. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&isnumber=&arnumber=1048502

Privacy policies for location histories

Recently, there has been tremendous increase in the number of services making use of location data. Location can be determined in many ways, i.e., through IP addresses, GPS coordinates, or by relative landmarks. Whatever is the determination mechanism, the data can be stored permanently creating location histories. The privacy policies of the services tend to be relative quiet about the location data retention. They build on fair warnings and implicit consent. Transparency is a goal. In this seminar work, you will search for and analyze policies that consider location data retention and location histories. Central to the topic are questions such as who is able or entitled to access the histories, and in what ways the access can be controlled by the target.

References:

Preserving privacy in environments with location-based applications. Myles, G.; Friday, A.; Davies, N.; Pervasive Computing, IEEE Volume 2, Issue 1, Jan-Mar 2003 Page(s):56-64

Topics by Mikko Särelä

Security policies for capability based distributed denial of service resistance

Distributed denial of service attacks are a major problem in the current Internet. One potential solution to the problem lies with capabilities, i.e. requiring senders to have permission to send before network delivers packets to the specified destination. The purpose of this work is to review major capability based proposals and analyze the access control policies needed with such schemes.

Some reading:

[1] T. Anderson, T. Roscoe, and D. Wetherall. Preventing internet denial-of-service with capabilities. Hotnets II, pages 39-44, 2004.

[2] K. Argyraki and D. Cheriton. Network capabilities: The good, the bad and the ugly. ACM HotNets-IV, Jan 2005.

[3] C. Dixon and T. Anderson. Phalanx: Withstanding multimillion-node botnets. Usenix NSDI, 2008.

[4] D. Wendlandt, D. Andersen, and A. Perrig. Fastpass: Providing first-packet delivery. Technical report CMU cylab, 2006.

Security policies for filtering based distributed denial of service resistance

Distributed denial of service attacks are a major problem in the current Internet. One potential solution to the problem lies with filtering, i.e. letting the receiver inform the network about unwanted flows, so they can be blocked. The purpose of this work is to review major filtering based proposals and analyze potential filtering policies with such schemes.

[1] K. Argyraki and D. Cheriton. Active internet traffic filtering:  Real-time response to denial-of-service attacks. Usenix, 2005.

[2] F. Huici and M. Handley. An edge-to-edge filtering architecture against DoS. 2007.

[3] X. Liu, X. Yang, and Y. Lu. To filter or to authorize: network- layer dos defense against multimillion-node botnets. Proceedings of the ACM SIGCOMM 2008 conference on Data communication, pages 195-206, 2008.

Topics by Mika Rautila

Same origin policy in web browsers

Nowadays web browser is the de facto user interface for networked applications. Development of browser technology has been amazingly rapid. New features and mechanisms to improve user experience have been added continuously. But the fundamental security mechanism, same-origin policy [1], has remain unchanged. It is vaguely defined and often poorly understood. In this assignment consider implications of same-origin policy in modern browsers. Is the mechanism adequate or is it too restrictive? Compare how the policy is implemented is some popular web browser (IE7 and FF3).

[1] https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript  

[2] http://taossa.com/index.php/2007/02/08/same-origin-policy/  

[3] http://taossa.com/index.php/2007/02/17/same-origin-proposal/  

[4] N. Daswani, C. Kern, A. Kesavan: Foundations of security

Browser programming and access control policies

It is quite common that web users are accessing several web pages simultaneously or during a browser session. It is also common that the data on a web page is collected from several sources, and that web pages contain client side programs (e.g., JavaScript). In these circumstances it is crucial that access to data stored in browser's memory is controlled carefully. In this assignment study the access control mechanisms used in browsers to protect data. What data elements should be protected? How they are protected? Are current protection mechanisms hindering development of innovative web applications?

Certificate validation policies

SSL is used to secure web sessions. One part of this is authentication of the web service provider (web server), e.g., when you are using web bank you want to be sure that are accessing the authentic or real bank. This can be done by validating web server's certificate. One alternative is that the user manually validates the certificate. Of course, this would be rather cumbersome and error prone. In this assignment study how certificates are validated in browsers. What factors affect the validation process? How a user could be misled into believing that he/she is accessing the correct site? How it could be made easier for the user to detect a phishing attempt?

Wazan, Laborde, Chadwick, Barrere1, and Benzekri: Which Web Browsers Process SSL Certificates in a Standardized Way?, 2009

RFC 5280

Marlinspike: New tricks for defeating SSH in practice, BlackHat 09

Topics by Tony Joki-Kyyny

Using SIM credentials for enforcing access control policies in P2PSIP

When open protocols and platforms are used for telephony services on the open networks, it becomes difficult for a telephone operator to enforce access-control policies.  The paper should investigate how SIM cards and the credential son them can be used for enforcing operator policies and for protecting the users. In particular, how can the SIM card b used for enforcing access control policies in a P2PSIP network? Could parts of RELOAD (I-D) protocol be implemented on a SIM card or in another safe execution environment to improve the security of policy enforcement?

http://www.p2psip.org/

http://www.ietf.org/id/draft-ietf-p2psip-base-03.txt

Enforcing security policies in open protocols

Although telephone networks are based on standard protocols and components, they are traditionally relatively closed systems. This gives them a level of protection against attacks compared to services that operate on the Internet. Internet VoIP services like Skype, on the other hand, operate on the open Internet and their security is mainly base on proprietary, undocumented protocols and/or code obfuscation. The new open protocols like P2PSIP/RELOAD are open and standardized and intended for use on open networks. What problems does this pose to the network operator and the security of the service?

http://www.p2psip.org/

http://www.ietf.org/id/draft-ietf-p2psip-base-03.txt

Topics by Antti Ylä-Jääski

Secure data filtering and aggregation in wireless sensor networks

The wireless sensor networks, data is collected from a large number of sensors and collected into a sink node. There are many proposals for routing protocols that forward the data from remote sensors via other sensors or other wireless routers towards the sink. In many environments, the sensor data also needs to be authenticated to prevent a malicious entity from inserting false data into the system. Traditional shared-key authentication mechanisms, such as a message authentication code computed with a key known only to the sensor and the sink, have the disadvantage that false data items cannot be verified by the intermediate routers. Public-key cryptography, on the other hand, is computationally expensive to verify at each hop. The seminar paper should explore proposes solutions to this problems, i.e., secure routing and data aggregation protocols for sensor networks that allow filtering of false data before it reaches the sink.

S. Zhu, S. Setia, S. Jajodia, and P. Ning, "An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks," in Proceedings of IEEE Symp. on Security and Privacy, 2004, http://discovery.csc.ncsu.edu/~pning/pubs/oakland04.pdf

B. Przydatek, D. Song, and A. Perrig. SIA: Secure information aggregation in sensor networks. In Proc. of ACM SenSys 2003. http://www.ece.cmu.edu/~dawnsong/papers/sia.pdf

Hani Alzaid, Ernest Foo, Juan Gonzalez Nieto. Secure data aggregation in wireless sensor network: a survey, http://portal.acm.org/citation.cfm?id=1385127