Most up-to-date information about doing an MSc project (afstudeeropdracht) with me or others in the Digital Security group can be found here.

(Below some older information about possible MSc projects, which still may provide useful inspiration)

My core research interests are

• software security -- how can we avoid security holes in software? This question applies to every stage of the software development lifecyle, from (security) requirement engineering, design, coding, testing, and maintenance.
• formal program specification and verification, especially for Java and using the specification language JML and tools like ESC/Java2 (possibly as way to improve software security);
• type systems and static analysis, (again, possibly as way to improve software security)
• smartcards and applications that use smartcards:
• the Java Card platform for smartcards, J2ME MIDP platform for mobile phones, and Java web applications.

There are plenty of opportunities for Master or Bachelor thesis projects in the areas above. Looking at my publications may give you some more concrete idea of what I'm working on. Some concrete proposals below. These proposals reflect my own interests; of course, you're more than welcome to come up with other proposals based on your own expertise and interests. NB for a Master thesis you should choose a topic that you think is interesting.

• Explore the possibilities that JSR 308 - Annotations on Java Types offers for tainting trusted & untrusted data in mobile phone programs.

• Smartcards Ideas for projects around smartcards:
  • Perform a security analysis of ABN-AMRO's new e-dentifier2 for internet banking.
  • Explore the possibilities of running malicious code on Java Card smartcards, in the style of this paper.
  • The new JavaCard 3.0 standard came out March 31 2008. It introduces major new features, eg. multi-threading and the possiblity to have http servlets on a smartcard. The trickier aspects of this standard (transaction mechanism in a multi-theaded context, firewall, etc.) are interesting topics to investigate, to see if there are loopholes or ambiguities in the spec, or errors in implementations that introduce potential vulnerabilities.

• For Information Science students: read the excellent book "The inmates are running the asylum" by Alan Cooper, (which IMO is essential reading for all Information Science; available in our library under "8023 CO") and apply the approach described there to any over-engineered, hard-to-use interface that you know, for instance Blackboard, the reservation system at the university sports centre, or - for application that are security-sensitive - using PGP, managing ssh keys and ssl certificates, ....

• Also for Information Science students: investigate the EDP (Electronisch Patiented Dossier) - what are the arguments for introducing this, and which of the potential users think it is useful.

• Check out the MSc projects we have listed at the Kerckhoffs institute.

• If you are interested in web-applications, browsing around the OWASP website, or visiting some the OWASP Netherlands meetings, might give some ideas.

• The company Topicus in Deventer has opportunities for MSc projects in the field using static analysis for domain-specific checks, esp. for Java web applications.

• Performing a security analysis of an application.

  Here there are many possibilities. The focus can be on the initial stages, ie. looking at security requirements, the attacker model, etc. This would be more `informatiekundig' in flavour. This would also look at the context (organisation) surrounding the application. This could be done at a company. The focus can also be the later stages, eg. doing actual code review, for instance trying out some tool-support or methodology to do this (see next bullet).

  Interesting applications to look at would be any of the dozen web applications that are used at the university (e.g. KISS, EasyChair conference management system, e-Groupware's on-line calendar), and security-critical open source projects such as OpenSSH or OpenSSL.

• Program analysis tools that could be used as part of a source code evaluation include Splint, Frama-C, or Microsoft's PREfast for C(++), or PMD or Findbugs for Java. We can also try to obtain have licenses for some commerical tools, such as Fortify, Jtest, and Klocwork.

  Interesting questions to investigate for such tools are (i) ways to improve this technology, (ii) possible customisations of tools for particular application domains (eg. JavaCard, Java MIDP, Java web-apps, or hypervisors in C); (iii) trying to come up with best practices to apply such tools: (iv) testing one tool or compare tools on example applications. There is currently little hard emperical evidence about the use of these tools, so it would for instance be intersting to a tool on (an old release of) some open source project, say. OpenSSH or OpenSSL, to see if it exposes known security vulnerabilities or new ones.

• If you're interested in programming languages, esp. Java, then there are possibilities for projects around JSR 305 - Annotations for Software Defect Detection and JSR 308 - Annotations on Java Types.

  Projects could look at improving type information in Java programs, for instance for alias control (using ownership type systems) or keeping track of which objects are immutable (using systems like the one proposed in .

• A more practical project around Java would be developing a fuzzer for Java (or C#, for that matter), to check for buffer overflows in native code. Especially implementations of graphics routines in the Java API contain a lot of native code, and hence contain buffer overflows, as demonstrated by this bug. Trying out existing fuzzers for C to catch problems such as this one might also interest you.

• More fundamental projects would be case studies in the use of the program specification language JML and JML tools, eg. using the JML runtime asssertion checker or the program verification tool ESC/Java2. Possible projects would be
  • trying to specify part of the Java API,
  • verifying some example application, eg. Java MIDP applications for mobile phones.

• Race conditions are an important source of bugs in multi-threaded code, and a possible source of security problems. For example, a race condition was responsible for a security vulnerability of the Siemens S55 mobile phone, as described in this paper. Moreover, ensuring the absence of race conditions is a crucial step in any attempt to verify multi-threaded code.

  There are a few experimental tools to check the absence of race conditions. A possible MSc project would be to evaluate one or more of these tools, for instance on multi-threaded mobile phone applications, to see if these tools can cope with the (limited) use of multi-threading in such applications.

• Minimal TCBs Experiments with or evaluation of minimal TCBs, using hypervisors or micro-kernels (eg. Nova, L4, Xen, Citrix, MINIX3 ...)

• Security Protocols How can we provide precise specification of real-life security protocols (eg. TLS/SSL) and use these as basis to develop/evaluate implementations of these protocols?

• Safe C Experiment with and evaluate safe C dialects such as Cyclone