This page lists the research topics that are currently available in the Secure Systems group or with our industry partners. Each topic can be structured either as a special assignment or as an MSc thesis depending on the interests, background and experience of the students. If you are interested in a particular topic, send e-mail to the contact person (as well as the responsible ssupervisor: N. Asokan, Tuomas Aura, Lachlan Gunn or Janne Lindqvist) listed explaining your background and interests.
All topics have one or more of the following keywords:
PLATSEC Platform Security
NETSEC Network Security
ML & SEC Machine learning and Security/Privacy
USABLE Usable security
OTHER Other security research themes
Available research topics for students in the Secure Systems Group
PLATSEC Private outsourced computation with Blinded Memory
Outsourcing computational tasks to cloud services can be cheap and convenient, but requires a lot of trust in the provider. How do we know that the cloud provider won't suffer a data breach, or sell our private data?
Blinded Memory (BliMe) aims to modify a CPU so that it can make a convincing promise to its clients that it will not reveal sensitive data outside the system, whether by malware, software vulnerabilities, or even side-channel attacks (such as measuring execution times, or with more advanced attacks like the well-known Meltdown and Spectre). It does this by using special hardware to import data from outside, then applying a taint-tracking policy to make sure that the data is not revealed, except to the original client. If the program tries to leak sensitive data, then it will crash. Achieving this involves several main tasks:
- Modifying a CPU (Like the open-source Boom core) to import/export data and enforce the taint-tracking policy
- Modifying the OS to manage all of the above
- Modifying a compiler (in our case, Clang/LLVM) to produce code that does not inadvertently try to leak data, without too much work by the user
- Designing protocols for clients to communicate with the new hardware with as few changes as possible
- Applying this to realistic workloads, such as processing data using machine learning models
- Validating that the whole design is secure, using both formal and informal methods
As you can see, this is a quite varied project, and there are plenty of ways for people of different backgrounds to get involved. In general, C or C++ programming skills and a basic information security background will be useful for this project, but this is a big project with a wide variety of tasks, so if any of the above sounds interesting to you, then please get in contact and we can see whether you will be able to fit in somewhere.
For more information, please contact: Lachlan Gunn, email lachlan.gunn@aalto.fi
Further reading:
BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking, https://arxiv.org/abs/2204.09649
PLATSEC Application isolation using SELinux
The Linux feature SELinux enforces a class of access control policy known as type enforcement. These policies are built up of rules like "web servers can read website files" and "web applications can open connections to a PostgreSQL database server". In practice, real systems are complex enough that it is difficult to write these rules by hand without giving applications more privileges than they need.
In this project, you will look at ways to automatically modify policies in order to reduce the privileges of applications without breaking the system. In particular, your goal will be to identify a set of policy changes that will isolate an application from the rest of the system, except for some listed set of interactions that can be audited.
Useful knowledge:
- Programming skills in Python
- A general information security background (e.g. as provided by the course Information Security)
- Experience with the Linux operating system
For more information, please contact: Lachlan Gunn, email lachlan.gunn@aalto.fi
Research topics with our industry partners
SSH: Software Developer Summer Trainee
27 Feb
We are looking for a motivated and enthusiastic summer trainee to join our R&D team at SSH Communications Security!
As a Software Developer Trainee, you will be responsible for assisting in the design, development, testing and maintenance of software applications for our products. You will be a part of a dynamic and fast-paced work environment, working alongside our experienced software engineers to create secure, innovative, and user-friendly solutions.
This position requires a commitment of at least 3 months with a possibility to continue after part-time.
Requirements:
- Education in software development or a strong background in IT.
- Understanding the use of complex technical software products in security area such as encryption, SSH keys, remote access, etc.
- Knowledge of a modern programming language like Go, Python, JavaScript.
- Passion for coding, learning, and problem solving
Read more about the position and apply at: Software Developer Summer Trainee (ssh.com)
SSH: UI/UX Summer Trainee
27 Feb
We are looking for creative and enthusiastic summer trainee to join our R&D team at SSH Communications Security!
As a UI/UX Trainee you will have an opportunity to work on a variety of projects and tasks such as usability testing, user experience design, and developing use case documentation.
The ideal candidate for this position should have a knowledge of software engineering principles, a creative eye for design, and excellent problem-solving skills. We are looking for candidates who will have a curiosity to explore and a willingness to take initiative to solve problems.
This position requires a commitment of at least 3 months with a possibility to continue after part-time.
Requirements:
- Understanding the use of complex technical software products in security area such as encryption, SSH keys, remote access, etc.
- Understanding of UX/UI design.
- Ability to conduct usability tests.
- Understanding of UI psychological biases and ability to identify user shortcuts.
- Familiarity with software documentation platforms and modern practices.
Read more about the position and apply at: UI/UX Summer Trainee (ssh.com)
Ericsson: Thesis students and summer interns
2 Nov
Please see the list of open student positions: Student AND Finland - Ericsson Jobs