thesis it security

SearchCloudSecurity SearchConsumerization SearchEnterpriseDesktop SearchCloudComputing ComputerWeekly.
Royal Holloway, University of London, Information Security Group 2014’s articles discuss topics from a variety of information security disciplines, digital forensics, cloud encryption and internet routing. Previous years' articles, including the 2013 and 2012 Royal Holloway Thesis series, have focused on topics such as secure contactless payments, the risks of multi-tenancy cloud computing, and cloud security certifications. Techtarget’s Computer Weekly is pleased to present the following articles from the best and brightest of this year's RHUL master of science graduates. Table of contents: The future of digital forensics This article in our Royal Holloway Information Security series looks at the challenges investigators face when tackling the complexities of full disk encryption. Table of contents • The three avenues of attack • Building an anti-forensic computer system • Defeating forced key disclosure Detecting the use of TrueCrypt This article in our Royal Holloway Information Security series looks at the clues that can point digital forensics investigators to evidence of TrueCrypt data encryption. Table of contents • Windows Registry evidence • TrueCrypt boot-loader • TrueCrypt hidden volume Encryption in the cloud This article in our Royal Holloway Information Security series assesses challenges of providing effective encryption to data stored in the cloud. Table of contents • Cloud formation • Cloud risk assessment • Role of cloud encryption Secure internet routing This article in our Royal Holloway Information Security series assesses whether Resource Public Key Infrastructure can provide a framework for effective security. Table of contents • The challenge of providing secure internet routing • How does internet routing work? • How can internet routing be secured?.
For further information about topics for Master thesis, please contact the members of staff listed below:Lasse Øverlier - lasse@hig.no Public key and certificate analysis Goal: Collecting public keys and certificates from public services for long term storage and analysis of: security, validity periods, update frequencies, certificate authorities, supported protocols.Task: Develop/use a robot to collect public keys and certificates from Internet services. Optimizing the robot to be quiet, not annoy the services, but prioritize services in a reasonable and resource friendly way. In addition there must be built a database for storage of the public keys and certificates for later use in generation of statistics. A lot of work exists in this area and the thesis should start by making a study of what other projects exists, what and how they collect data, their focus of research. Statistics found interesting for publication will be decided later, but interesting topics can be: certificate authorities, supported crypto protocols, key exchange methods, security (level) of certificates, self signed certificates, etc.Other Thesis proposals from Norwegian National Security Authority (NSM) and Data Protection Agency (Datatilsynet) are presented here: Tone Bakås The efficient use of resources in enterprise IT risk management Identify enterprise challenges relevant to risk management. Study today’s IT risk management approaches and map common requirements and basic steps. Identify key resources and assess importance of management engagement, segregation of duties and resource coordinating at each step. Identify competence needs and outsourcing possibilities. Discuss automation needs and possibilities and survey existing risk management support tools for enterprises (SAP GRC risk management software). Analyze your findings and conclude on key factors for efficient IT risk.
IMHO for master's in Cyber Security it will have to be beyond coding. Here are some broad categories and you will have to pick one followed by specific topic as per your interests:-1. Cryptography and cryptanalysis has a lot of scope. A good research on  a strong algorithm or a conceptual new one may be considered.2. Machine learning for IPS/IDS/Antivirus is a new and upcoming thing.3. Artificial Intelligence/ Threat Intelligence/ Analytics. 4. Advance Persistence Threats- Detection and mitigation techniques.5. Internet of Things is a relatively new and hot topic. 6. SDN or Software Defined Networking has a scope for plenty of research including new threat vectors and possible vulnerabilities. 7. Since you have indicated programming, then advance exploit development/ reverse engineering and web application vulnerabilities and security may be.
Security + Distributed Systems narrows down the attack pattern significantly. I can only think of one condition in which these two domain come into play. money. What if finical transactions where backed with an eventually consistent database? Maybe it would net thieves around million USD. Non-relational databases are all the rage, but what if you where to pick Cassandra instead of HBASE as a database for finical transactions? Out of Availability, Consistency and partition tolerance, you can only pick two: In the realm of finance, availability is key. DoS attacks mean a loss to a company's quality profit. This attack literary denies a finical institution the ability to consume. Consistency is also vital, without this, thieves are able to able to exploit a race condition. but is that the final verdict?.