Titulo Estágio
Vulnerability and Attack Injection Tool in Python (VAITP)
Áreas de especialidade
Engenharia de Software
Engenharia de Software
Local do Estágio
DEI-CISUC
Enquadramento
The aim of this internship is to develop a Vulnerability and Attack Injection Tool in Python (VAITP). This tool can be used for various and different purposes: i) to test applications and systems implemented in python by using the attack injection tool (or machine learning algorithms implemented in python which is quite useful to test AI-based systems) ii) to test security tools (e.g., vulnerability detection tools) by using the vulnerability injection tool, and finally iii) to train and test security teams by making them search for the vulnerabilities injected, as these vulnerabilities are proven to be real since they were verified by the Attack Injection component.
The main objective of this internship is to design and implement the following components:
1) A Vulnerability Injection component, which inserts known vulnerability types in the source code of an application. The vulnerabilities injected should be as similar as possible to real-world vulnerabilities.
2) An Attack Injection component, which attacks (as automatically as possible) the vulnerabilities injected by the Vulnerability Injection component. So, this Attack Injection component knows what vulnerabilities were injected and, using this knowledge, create attacks that can exploit the vulnerabilities (one at a time).
Given the many possibilities that Python libraries provide, we consider that the development of both components may benefit from the use of Artificial Intelligence (e.g., when deciding the location where to inject the vulnerability, the selection of the attack payload to use, etc.). This project fits better for a group of two students, one for each component. However, since the Vulnerability Injection component can be used standalone as an independent tool, a single student may work on this component and evolve to the complete VAITP tool in a follow-up project, like a Ph.D. Thesis.
Objetivo
The main objective of this internship is to design and implement the following components:
1) A Vulnerability Injection component, which inserts known vulnerability types in the source code of an application. The vulnerabilities injected should be as similar as possible to real-world vulnerabilities.
2) An Attack Injection component, which attacks (as automatically as possible) the vulnerabilities injected by the Vulnerability Injection component. So, this Attack Injection component knows what vulnerabilities were injected and, using this knowledge, create attacks that can exploit the vulnerabilities (one at a time).
Plano de Trabalhos - Semestre 1
Work Plan of 1º Semester
[Some tasks might overlap; M=Month]
T1 (M1): Knowledge transfer and state of the art review on python-specific vulnerabilities, and security attacks).
T2 (M2): Collect data regarding the reported vulnerabilities and attacks to python-based systems.
T3 (M3-M4): Analysis of the collected data and build fault and attack models.
T4 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
Work Plan of 2º Semester
[Some tasks might overlap; M=Month]
T5 (M6): Implementation of a vulnerability injection tool in python.
T6 (M7): Implementation (Improvement and extension of an existing prototype) of an attack injector in python.
T7 (M8-M10): Plan the experiments for testing the tools, collecting a representative list of applications (ML algorithms implemented in python) or security tools, and perform the tests.
T8 (M11): Writing the thesis.
T9 Write a research paper and submission to a related international conference.
Condições
The student will be integrated into the Software and Systems Engineering (SSE) group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC), where a workplace and necessary computer resources will be provided. Please contact the advisors for any questions or clarification needed.
Observações
Bolsa de licenciado por 6 meses no valor de 835.98 euros/mês, eventualmente renovável.
Advisors: José Fonseca (jozefonseca@gmail.com), Naghmeh Ivaki (naghmeh@dei.uc.pt)
Orientador
José Fonseca, Naghmeh Ivaki
josefonseca@ipg.pt 📩