Thesis

Students' proposed topics about network security or cybersecurity are welcome.

Please accept my apologies if I am unable to provide a quick answer to thesis requests. It can take a while to conceive an adequate proposal.

Some example of available thesis

Automation of Cyber ranges

Cyber ranges are a relevant component of cybersecurity expert education. Providing automation tools is beneficial for the setup and effectiveness of gaming sessions. The design and implementation of automation tools in this field are in high demand. Automation can be beneficial to any team involved in gaming sessions, i.e., red team, blue team, white team, or yellow team.

Automated evaluation of reports for cyber-range exercises

Cyber-range exercises like Locked Shields are very effective formative assessments for learning and making in practice cybersecurity skills. However, some of the activities performed in the evaluation of the exercises are still manually done by members of the white team, with tedious, repetitive and error-prone tasks. Is it possible to improve the level of automation of the white team activities? 

MQTT and lightweight protocol security

Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices. 

IPv6 security

Since the origins of the Internet, various vulnerabilities exploiting the IP fragmentation process have plagued IPv4 protocol, many of them leading to a wide range of attacks. One of the main sources of problems have been the overlapping fragments, namely fragments that when reassembled, result in unexpected –possibly malicious– packets. To overcome the problem related to fragmentation, in IPv6 a specific extension header has been introduced and a RFC 5722 developed, proposing that overlapping fragments are simply and directly dropped when encountered. Since then, several studies have proposed some methodologies to check if IPv6 websites are still accepting overlapping fragments and, than, still vulnerable to the attacks that originate from them. However, some of the above methodologies have been also proved to be incomplete or misleading.

Internship with Italian enterprises (Leonardo spa, DigitalPlatforms S.p.A.., Linkem and others)

• System hardening (Android, Windows or Linux)

Internship with NEC Laboratories Europe (GmbH in Heidelberg, Germany and Madrid, Spain)

The security group at NEC Laboratories Europe works in many topics in the area of security and privacy, and offers paid internship to graduating master students. If interested, contact me for discussing details and possible thesis-topics.