Aleksandr Lenin MSc Thesis topics

Introduction

Dear cybersecurity students,

all the final thesis topics, offered by me, are directly or indirectly related to the EU FP7 project TREsPASS. This project and the related research area in general, are the main focus of my research activities.

What does this mean for you? The topics I offer are practically oriented, these topics are not something invented from scratch, but areas of research and development that need to be done, which is a merit, of course. The downside of writing your final thesis on the topic which is part of an EU project is that these activities have, as a rule, their corresponding deadlines, which are, in general, not flexible. The deadlines indicated below are not the deadlines when your final thesis document has to get ready -- these are related to some internal deadlines within the project and set the time when the result has to be delivered. This means that the result has to be provided by the deadline and no extensions are allowed. These deadlines, as you can see below, are, as a rule, earlier, than the planning time of the defense. If you take such a topic, you have to provide an idea or solution before the deadline, and once the result is delivered, you may spend the rest of the time writing your final thesis document.

In the list of topics below you will see:

• current priority of the topic: High, Medium, or Low. This describes the degree of "urgency" within the project on the specified topic.
• current status of the topic: Pending which means that the topic is free to choose, or In Progress which means that some student is already working on the topic.
• The due date - the approximate date when the results have to be delivered and end up in the project documentation. TBA (aka To Be Announced) means that the due date for the considered topic will be, at the very least, next term.

Some topics are more complicated, some are less, and they require various background and knowledge from the students. This means that not every topic will suite everyone equally.

The minimal requirements for the student are the following:

• Being active and willing to defend your final thesis.
• Good communication skills in English (spoken and written).
• Mean result at least "good" for the courses in your curricula.
• Skills to work independently, as well as in a team.
• Being self-sufficing. Given a task and the description what do we need to obtain, being able to independently find a way how to do it.

Additional requirements for the students willing to write thesis on a specific topic under my supervision are described in the detailed description of the topic. To get approval for the topic you need to meet me in person, and I assess if you are suitable to write the chosen topic, then will either approve the supervision or not.

A final thesis of the student should be a fair piece of work. If for some reason I feel that your work is not sufficiently well written or the quality is not sufficient for a master thesis, I reserve the right not to approve this work for defense and postpone it for the next term.

I treat the work of every master student, who writes a thesis under my supervision, as raw material for the upcoming publication(s). The vast majority of the topics offered below will be published, and for this reason I assume that prospective master students might be interested in assisting writing publications. Co-authorship is also negotiable (especially for those who plan to continue with their PhD studies).

Thesis topics to offer

Algorithms for Security Analysis:

• [TREsPASS] A Genetic (Evolutionary) Algorithm for the Failure-Free Risk Analysis Model

      [Priority: High Status: In progress Due: April 2015]

• [TREsPASS] Attack scenario Transformation Component. Design and Implementation

      [Priority: High Status: In progress Due: April 2015]

• [TREsPASS] Comparison of the Genetic Approach with the Upper Bounds Estimation Method of the Failure-Free Model. Assessment of performance. Benchmarking and analysis.

      [Priority: Medium Status: Pending Due: June 2015]

Security Modelling:

• [TREsPASS] A structure for representing attack scenarios in the form of attack graphs in xml file.

      [Priority: Low Status: Pending Due: June 2015]

• Attack Process Graphs -- a new look into security modelling and analysis.

      [Priority: Low Status: Pending Due: TBA]

Fuzzy Metrics for Security:

• [TREsPASS] Fuzziness as a Measure of Uncertainty in Quantitative Security Metrics.

      [Priority: High Status: In progress Due: April 2015]

Fuzzy decision making and control:

• [TREsPASS] Fuzzy Attacker Profiling

      [Priority: Medium Status: Pending Due: June 2015]

• [TREsPASS] Fuzzy Quantitative Security Risk Analysis

      [Priority: Medium Status: Pending Due: June 2015]

Security modelling patterns:

• [TREsPASS] APL (Attack Pattern Library) design and implementation.

      [Priority: High Status: Pending Due: April 2015]

• [TREsPASS] Social APL (Attack Pattern Library) design and implementation.

      [Priority: Low Status: Pending Due: TBA]

• A library of attacker behavioral patterns.

      [Priority: Low Status: Pending Due: TBA]

Quantitative Security Risk Analysis:

• [TREsPASS] Approximation of the fully-adaptive strategies by the most optimal non-adaptive strategy. Assessment of precision and viability of the approach.

      [Priority: Medium Status: Pending Due: June 2015]

ISKE:

• [TREsPASS] TREsPASS-ISKE Integration -- The Case Study

      [Priority: High Status: In progress Due: April 2015]

Security Games:

• Defender game for the quantitative security analysis models.

      [Priority: Low Status: Pending Due: TBA]

• Attacker-defender strategic interaction. Stackleberg equilibrium and security analysis.

      [Priority: Low Status: Pending Due: TBA]

Defended thesis topics

• Attacker Profiling in Quantitative Security Assessment [Defended: January 2014]
• Performance Analysis of Attacker Profiling in Quantitative Security Risk Assessment [Defended: June 2014]
• Assessment of Integration Possibilities of the TREsPASS Toolset into the ISKE tool [Defended: January 2015]