Quantitative Security

 Project Ideas

 

 

You must demonstrate that you know how to research, are current in the chosen topic, have developed significant expertise in it and can communicate effectively about your work. Some thought on how to do research are here.

 

Requirements: see Term Project You must explore the topic from multiple perspectives and using diverse sources. Some novel contributions are required.

 

Evaluation: Among the factors that will be used for evaluation are: significance and originality, thoroughness of research, depth of understanding displayed and presentation.

 

Topics: The topics must be closely related to the course objectives. Here is a list of suggested topics. No more than two persons can

 

Some possible ideas: These are related to some of the problems that either we have worked on recently or have thought about. You need to do your own research to locate sources of information. A related paper is mentioned only to serve as a starting point. No endorsement of the paper is implied.

 

  1. Economic modeling of vulnerability markets A related article, another.
  2. Develop model for economic tradeoffs due to security issues using actual data. Related paper.
  3. Develop models for risk evaluation due to vulnerabilities, incorporating discovery and remediation. Related paper.
  4. Quantitative modeling of vulnerability discovery in program with multiple releases. Related paper.
  5. Quantitative measurement of the impact of  security breaches. Related article and another article.
  6. Analysis of payment systems/credit card security. Related paper.
  7. Analysis of actual security breaches and what could have prevented them. Related paper.
  8. Quantitative measurement of the probability of  security breaches. Related paper.
  9. Computation of the risk of security breaches: Consider technology, probabilities and costs. Note that "risk" includes both the probability of an event and the impact.
  10. Using fuzzing to discover zero-day vulnerabilities a related article, and another.
  11. Security in virtualized/containerized systems A related article.

12.   Quantitative modeling of economics of ransomware. A related article.

13.   Quantitative examination of phishing. Related paper.

14.   Security breach costs incurred to society/government/nations (not individual businesses organizations) A related paper.

15.   Cyber risk and cyber insurance. A related paper.

16.   Economics of bugs bounty. Related paper. Another.

17.   Quantitative modeling of the impact of availability of patches. A related paper.

  1. Quantitative/algorithmic examination of exploits. Related paper.

19.   Mitre ATTack framework: algorithmic and/or quantitative examination. Related paper.

  1. Assessing effectiveness of Penetration Testing approaches. Related paper.
  2. Security of public vs private clouds (this must be based on data not opinions). Related paper.

22.   Quantitative Relationship between cost of security improvements and the degree of additional security level achieved. Related paper.

23.   Examination of the time a vulnerability remains undiscovered. Related paper.

24.   Quantitative examination of denial of service attacks. Related paper.

25.   Motivation and methods of cyber criminals and how they can be caught (you must analyze actual cases). Related paper.

26.   Smartphone security model and vulnerabilities. Related paper , another paper.