Lightweight Security Testing of Software Products
Common Criteria is an ISO/IEC standard for computer security certification. With a total of a 1080 pages this standard is very cumbersome to handle and the cost of certification is prohibitive for small and medium sized enterprises (SMEs). Thus a lot of low-hanging fruits for improving the security of software products are available that cannot be reaped by SMEs due to lack of expertise and cost explosion. The goal of the proposed thesis is to design a simple set of tests and tools that can improve the security of a software product with low overhead. The tests and tools will be tested on a software product by our cooperation partner Q2D Solutions.
RISE SICS will provide background information and the necessary guidance during the course of the thesis. The tasks of the Masters student for this thesis are:
• Conduct a high level study of Common Criteria and related security certification methods
• Find a set of most common vulnerabilities in software products
• Design a set of tests to detect those vulnerabilities
• Apply the tests to the Q2D product
• Write a short manual that enables non-security experts to apply these tests and resolve the security issues found
• Document their findings and designs in the thesis manuscript
We are looking for a team of two bright and motivated MSc students who have fulfilled the course requirements, and who have attended some security courses. Good English writing skills are also required. Pedagogical competence is a plus.
Applications should include a brief personal statement, CV, and a list of grades. In the application, make sure to mention previous activities or other projects that you consider relevant for the position. Candidates are encouraged to send in their application as soon as possible. Suitable applicants will be interviewed as applications are received.
Start time: As soon as possible
Location: RISE SICS AB & Q2d Solutions AB, Lund (Ideon Beta 2)
About RISE SICS
RISE is non-profit research institute owned by the Swedish government. The mission of RISE SICS is to contribute to the competitive strength of Swedish industry by conducting research in strategic areas of computer science. The Security Laboratory at RISE SICS works on topics such as IoT-, cloud- and software-security.
About Q2d Solutions AB
Q2d Solutions AB develops solutions for IoT security life cycle management. This includes real time monitoring of wireless sensor networks, management of security and integration to companies existing systems.
Ludwig Seitz, RISE SICS AB, Security Lab (email@example.com)