Titulo Estágio
Computer Forensics
Área Tecnológica
Sistemas Evol. e Comp.
Local do Estágio
R. Alfredo Cunha nr. 37 sala 35, 4450-023 Matosinhos, Portugal
Enquadramento
Visionspace Technologies is a company in space industry. We provide services to European Space Agency (ESA) Ground Segment Infrastructure regarding verification and validation of critical software. Nowaday we are strongly betting in security field, with the development of a security visualization tool regarding virtualized environments. We are building the next-generation security analysis technology making the internet a safer place to work, communicate and play.
Currently VST is working in a product of a security visualization tool regarding virtualized environments, we already have a prototype of the product and we are very enthusiastic about the way this product will redefine the threat analysis field.
This master's thesis appears in the scope of this security product. The aim of this work is the identification of the different types of attacks that a machine can be targeted and what are the methods to identify them. A tool to identify this attacks must be produced. Visionspace product produces a gigantic amount of data regarding program's execution, so there will be a plenty of testing vectors to test the developed tool.
Security is a risk management discipline and many people think security is a switch (that could be “on” or “off”). Many companies nowadays sell security as a switch button without telling the client about the threats they be facing.
Visionspace has worked for the last 6 months working on a security visualization tool that we believe will revolutionize the way companies see security threats.
This product is divided in several “sensors” that collect accurate information about the IT infrastructure of a company. We are still working on this product to improve even more capabilities and provide an even more “intelligent” analysis of the “what is going on” in an IT infrastructure.
Objetivo
This master work is divided into two main components, a strong theoretical component and a more practical component.
The goals for this master thesis are the following:
- Analyse and study the historical and the current methods used to identify attacks or threats regarding an operating system and also at network level;
- Analyse and study approaches to prevent networks and systems from this kind of threats;
- Develop a tool that performs threat analysis regarding a program execution (list of systemcalls with parameters) as input, or a list of programs ordered by timestamp;
The methodology that must be followed in this master work is composed of the following steps:
- Understanding the field in deep;
- Do a study regarding the identification and threat mitigation (Bibliographic search);
- Reading and synthesis of the selected bibliography;
- Development of a “identification threat tool”;
- Evaluation of the tool, validation and discussion of the results, regarding the state of the art.
Plano de Trabalhos - Semestre 1
Milestone1 (Month 1 to Month 2)
The first milestone period will be mainly used to do theoretical and historical research about attack identification and their importance. Also during this period, a revision of the basic bibliography will be made and at the end of this process an article will be written based on the knowledge acquired.
Milestone2 (Month 3 to Month 6)
In this second period deep study and experimentation of the state of the art tools must be performed and therefore an analysis of its functioning, architecture, pros and cons and the inside structure of attack identification tools. Also during this period, an already existent similar solutions must be analysed for comparison ends, with the main goal of helping on the implementation process of a simple detection prototype.
In this milestone the student must start to think the best techniques to identify attacks regarding the existing data produced by the Visionspace product.
At the end of this period it’s expected the full understanding of the identification techniques and the architecture model of the prototype to be implemented.
Bibliographic revision will be continued (exploring now new directions and new references derived from the basic previous readings and developments) and an article must be written for publishing intermediate conclusions.
Plano de Trabalhos - Semestre 2
Milestone3 (Month 7 to Month 8)
This period will be exclusively devoted to the development of the proposed prototype tool. In this phase Visionspace will provide full access to a database containing millions of programs executions. Will be expected the tool to be finished at the end of this period.
Milestone4 (Month 9 to Month 11)
This last milestone will be the shortest one, this will be mainly devoted to evaluate and validate the tool results, guaranteeing that everything proposed has been done correctly and efficiently. Bugs will be fixed and the results of the tests will be revised, and intermediate conclusions will be drawn from the outcome results.
At the end, all conclusions about the work done will be written and the thesis document will be reviewed. Will be desirable that at this stage the student has a scientific paper in an international conference of the security area.
Condições
People are the foundation of Visionspace success. As an employee-owned company, we care about not only the technologies we develop but also the path we take to create them. Visionspace operates under a highly collaborative organizational model that recognizes and encourages leadership throughout the company and takes care of the individual.
Visionspace' technical staff members play a pivotal role in developing advanced software technology. Engineers work in small team settings and must successfully interact with clients, partners, and other employees in a highly cooperative and intellectually challenging environment.
We’re looking for people who can invent, learn, think, and inspire. We reward creativity and thrive on collaboration.
We offer you a great internship experience with a fast growing company and the opportunity to join our staff.
Our philosophy, simply stated, is recruit once, hire twice.
This is a unpaid internship, Visionspace will pay:
- Food allowance;
- Travel allowance.
Observações
- Qualifications Needed
-- Academic background in Software Engineering or any other related computer field;
-- Cryptography academic background is a plus;
-- Interest for computer security field;
-- Knowledge of how operating systems works (processes, syscalls, etc.);
-- Interest in learning Linux internals;
-- User of version control (svn, git, mercurial);
-- Knowledge of UML;
-- Fluent in English, both in speech and writing.
- Recommended Bibliography
-- The reading of “Computer Virus and Malware” by John Aycock, is desirable as a starting point for this work.
-- “Exploiting Software: How to Break Code” by Greg Hoglund and Gary McGraw
-- “Security Engineering: A Guide to Building Dependable Distributed Systems” by Ross J. Anderson and Ross Anderson
Orientador
Mário Ulisses Costa
ucosta@visionspace.com 📩