Titulo Estágio
A Fault-injection Tool for HTTP/2
Áreas de especialidade
Engenharia de Software
Comunicações, Serviços e Infraestruturas
Local do Estágio
DEI-FCTUC
Enquadramento
HTTP/2 is the next version of the HTTP protocol that in the near future is expected to replace HTTP/1.x throughout the Web. In fact, this is such an important step that major browsers and some very popular web servers have already started to implement HTTP/2. Although browsers and servers based on HTTP/1.x are quite reliable, a critical aspect is that HTTP/2 developers do not have a way of assessing their systems (browser or server) in the presence of faults (e.g., missing data, tampered data). This means that without proper testing, HTTP/2 implementations can be deployed holding severe security vulnerabilities. A malicious user or network node can easily take advantage of those vulnerabilities and create attacks that can have severe consequences on the systems involved (at client-side or server-side).
Objetivo
The goal of this work is to define an approach and implement a tool that is able to inject faults in the client-server communication to understand how vulnerable browsers or servers can be to malicious data. In practice, the expected outcome of this internship is:
- A tool that can be used to test the security/robustness of HTTP/2 browsers and servers.
- A research paper, to be submitted and presented at a top international conference, describing the approach and main results obtained from the experiments.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1 – M3): Knowledge transfer and state of the art literature review on HTTP/2 and services robustness.
T2 (M3) Design of a preliminary fault model (e.g., malicious data), using the information gathered in task T1 as basis.
T3 (M3) Identification of target systems to be used in the experiments.
T4 (M3 – M4) Implementation of a proof-of-concept prototype that is able to intercept and inject faults in HTTP/2 communication.
(M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T1 (M6): Integration of the intermediate defense comments and completion of the fault model.
T2 (M6 – M7): Implementation of the fault-injection tool, including all faults previously defined, and execution of tests (functional).
T3 (M8): Execution of experiments and analysis of results.
T4 (M9): Write a research paper and submission to a top international conference on the Dependability or Services areas (IEEE/IFIP Dependable Systems and Networks, IEEE Services Computing Conference, International Conference on Service Oriented Computing, etc.).
T5 (M10): Writing the thesis.
Condições
The selected student will be integrated in the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisor for any question or clarification needed.
Orientador
Nuno Laranjeiro; Marco Vieira
cnl@dei.uc.pt 📩