Propostas sem aluno atribuído - Setembro de 2014

DEI - FCTUC
Gerado a 2024-12-04 09:30:06 (Europe/Lisbon).
Voltar

Titulo Estágio

Security Testing Tool for Messaging Middleware

Áreas de especialidade

Engenharia de Software

Local do Estágio

DEI-FCTUC

Enquadramento

Messaging middleware is now being used to provide services in business and safety critical enterprise applications. Despite indications that messaging middleware is currently being made available with robustness and security problems, developers still do not have a practical approach and specialized tool that can be used to test these systems for security issues.

Objetivo

The goal of this work is to design an approach and implement a tool for security testing of JMS middleware. In practice, the expected outcome of this internship is:
– A tool that can be used to test different JMS providers (JBoss HornetQ, ActiveMQ, etc.) for security.
– A research paper, to be submitted and presented at a top international conference, describing the approach and main results obtained from the experiments.

Plano de Trabalhos - Semestre 1

[Some tasks might overlap; M=Month]
T1 (M1 – M2): Knowledge transfer and state of the art review on messaging middleware, JMS robustness and security, and JMS providers.
T2 (M2 – M3): Analysis of a main JMS Provider (e.g., JBoss HornetQ) to identify potential attack points.
T3 (M3): Creation of a client prototype to explore one of the potential attack points.
T4 (M4): Preliminary definition of rules and approach for testing the security of JMS middleware.
T5 (M5): Writing the Intermediate report.

Plano de Trabalhos - Semestre 2

[Some tasks might overlap; M=Month]
T6 (M6): Integration of the intermediate defense comments and completion of the security testing rules.
T7 (M6–M7): Analysis of two additional JMS providers and inclusion of the new rules to the previous set. Refinement of the overall set of rules.
T8 (M8): Execution of tests and analysis of results.
T9 (M9): Write a research paper and submission to a top international conference on the Dependability or Services areas (IEEE/IFIP Dependable Systems and Networks, IEEE Services Computing Conference, International Conference on Service Oriented Computing, etc.).
T10 (M10): Writing the thesis.

Condições

A scholarship may be available (value to be defined) for at least part of the duration of the internship.
The work will be supervised by Prof. Nuno Laranjeiro. It will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.

Orientador

Nuno Laranjeiro
cnl@dei.uc.pt 📩