Advanced Topics In Security Of Complex Systems - Suggested Topics

Please refer to the set of slides available on the main page of this course for detailed informations on exam rules. Note that the following two lists contain only suggestions. Students are strongly suggested to propose the topics they're most interested in. Strike-though topics are not available. For each topic a title and the link to a publication where more info can be found are provided.

Suggested topics:

Malware analysis
Choose a malware family, study its behavior on publicly available documents, download samples and test them on a FireEye MAS 5400 appliance. Check correspondences between the known behavior and the observed one. (Contact the lecturer for further information on this topic)

The impact of network topologies on intrusion possibilities and detection probability.
The effect of network topology on the spread of epidemics

State of the art for digital certificates.

Beyond RSA: elliptic curve cryptography and other methods in the state-of-the-art for public-key cryptography.
SEC 1: Elliptic Curve Cryptography

Confidential search: how to search encrypted data
Practical Techniques for Searches on Encrypted Data

Secure hash functions: from SHA-1 to more secure message digest algorithms.
NIST CRYPTOGRAPHIC HASH ALGORITHM COMPETITION

Cryptographic modules: current standards and their implementation in real-world products.
FIPS PUB 140-2

Secure mail protocols and legal aspects.
Technical rules for the Italian PEC (ONLY IN ITALIAN)

The hurdles of security in cloud computing platforms.
Computing Arbitrary Functions of Encrypted Data
A Math Primer for Gentry’s Fully Homomorphic Encryption
Fully homomorphic encryption using ideal lattices

GPU computing vs security: how to make a strong password weak
Update: New 25 GPU Monster Devours Passwords In Seconds

Platforms for federated identity management.
Build a running demo to test identity federation among several providers: Google, Facebook, Windows Live ID, Shibboleth, Microsoft ADFS. Providxe insights from your implementation activity.