Honours Projects
Available Honours Projects for 2008:
- Well-Measured Programs
- Secure Reprogramming of Sensor Networks
- Data Quality and Incident Reporting
- A Case Study on Business Process Modelling and Execution
- Information Security Analysis of Network Topologies
- Simulating Feedback-Driven Scheduling
- Simulating Erosion of Tubing Systems in a Power Station
- Funny Munny: Applying the Ideas of Web 2.0 to Personal Finance
- Business Process Visualisation
- File Carving Fragmented Hard Drives
- Volatile Memory Forensics
- Seamless and secure mobile communications
- Command and Control in Distributed Denial of Service Attacks
- Authentication for Small RF Devices
- Privacy Protecting Access Control
- High Assurance Information Sharing Networks
- Effective Information Security Assurance Management in Contemporary Organizations
- Transition From Legacy To Federated Identity Management Models
- Web Services Testbed deployment
- Open Source Information Security Management
- Virtual Infrastructure for Network Security Experimentation
- XML Search Engine evaluation
- Wikipedia Oriented Web Browser
- Wikipedia Link Discover
- Enhanced Wikipedia Browser
Well-Measured Programs
Contacts: Prof. Colin Fidge (www.fit.qut.edu.au/~fidgec/)
In embedded systems programming it's important that the units of measurement for all program variables are well understood. (In 1999 NASA's Mars Climate Orbiter crashed due to a mix-up between measurements in feet and metres!) Checking correct use of dimensional units in program code is very similar to checking correct use of variable types. Therefore, this project will use type inference techniques to develop a tool for performing dimensional analysis of program code. Both high-level and assembler-level programs will be considered.
Secure Reprogramming of Sensor Networks
Contact: Juan Gonzalez Nieto
Wireless sensor networks are often deployed in large numbers on remote areas where direct physical access to sensors may be difficult. Hence, network reprogramming protocols are used to efficiently disseminate software updates to sensors "over-the-air". However, unless security mechanisms are implemented, over-the-air reprogramming poses a threat to the network by providing attackers with an easy way of injecting rogue updates.
This project will involve the design and implementation of a secure network reprogramming protocol in resource-impoverished embedded platforms. The project will be carried out in close collaboration with researchers of the Autonomous Systems Laboratory at CSIRO (see http://www.sensornets.csiro.au).
The main prerequisite for a prospective Honours student is experience in systems level programming in C. Additionally, it would be desirable if the student had good knowledge of networking protocols, particularly wireless protocols, as well as knowledge of information security at an introductory level.
There is a possibility of offering a $12,000 scholarship to the successful applicant.
Data Quality and Incident Reporting
Contacts:
Dr Greg Timbrell (QUT)
Dr Martin Culwick (RBH), Director of Data Quality and Incident Reporting (Aust NZ Royal College of Anaesthetists - ANZCA)
Anaesthetic-related incidents are currently recorded and reported (sometimes using an information system) either locally in the hospital or in some cases regionally among a group of hospitals. Interesting incidents might be written up in an industry or academic journal. The ANZCA is proposing to set up a national reporting database for incidents to broaden the availability of such information. Dr Culwick is leading this project.
Project 1
To determine the national and international status of anaesthetic incident reporting mechanisms. Examining other similar industry incident reporting systems may also be required.
Project 2
Assist in the design / construction / implementation of such a system
A Case Study on Business Process Modelling and Execution
Contacts:
Dr. Wasana Bandara
Dr. Moe Thandar Wynn
Associate Professor Arthur ter Hofstede
Business Process Management (BPM) has recently gained prominence and is now a widely used approach to streamline organisational performance. BPM is also increasingly a popular stage as part of larger systems implementations projects. As one of its methodological core components, BPM requires business process modelling. Business process modelling is an approach for codifying, depicting, analysing and improving how businesses conduct their operations. Process models are essentially describing control flows, i.e. the way an organization operates. It is widely used to deconstruct organizational complexity and to extract business processes as an emerging unit of analysis. The term ‘Business Process Modeling’ encompasses all graphical representations of business processes and related elements such as data, resources, etc., as employed for diverse purposes including process documentation, process improvement, compliance, software implementation, or quality certification, among others.
With the popularity of upcoming standards such as Business Process Modelling Notation (BPMN) and Business Process Execution Language (BPEL), there is now a rapidly growing interest in allowing business analysts to model business processes that could be turned into executable programs. Having an executable process model also makes it possible for business modellers to use a wide variety of design time and run time analysis techniques such as deadlock analysis, log analysis and simulation studies, to support process improvement recommendations. However, there are perceived gaps between process design and process execution. Addressing this gap is a key motivation of this proposed this study.
In this project, a detailed case study approach is used to study and demonstrate how to conduct an end-to-end process modelling exercise. That is, how to capture the generic business requirements, identify and implement possible process improvements and design executable business processes. Real life data and processes from a reputed Queensland based company will be used as the base of the case study and YAWL (Yet Another Workflow Language) will be used to design the executable processes.
YAWL builds on the insights gained from the workflow patterns research and combines it with the powerful language of Petri-nets. YAWL is an original and sophisticated workflow language developed at QUT's BPM research group in collaboration with Eindhoven University of Technology (http://www.yawlfoundation.org). YAWL provides a very powerful, yet fundamentally simple language for process modellers to describe complex control flow relations between business processes, consequently, enabling businesses to own and manage very flexible and dynamic business processes.
This project entails two phases. Phase 1; will involve the derivation of detailed business process models which will capture the current process details and analyse potential process improvements. Phase 2, entails the designing of the business process as an executable YAWL model. This phase will also verify the correctness of the model using various design time and runtime analyses.
Required skill set
- A good understanding of Business Process Management issues
- The ability (or a willingness to learn how) to design business process models
- Programming skills in Java
Information Security Analysis of Network Topologies
Contact: Prof. Colin Fidge (www.fit.qut.edu.au/~fidgec/)
The Secure Information Flow Analyser (SIFA) is a prototype tool for analysing potential information flow through systems that can be represented as graphs. It was originally designed for analysing electronic circuit diagrams. However, the tool is general enough that it could also be used for analysing communications network layouts, or other such complex systems. Through a series of case studies this project will explore and develop SIFA's potential as a tool for evaluating network security.
Simulating Feedback-Driven Scheduling
Contact: Prof. Colin Fidge (www.fit.qut.edu.au/~fidgec/)
Model checkers are tools that allow their users to simulate the behaviour of finite state machine models and search the model's potential state space. They can be used to uncover design flaws in abstract models of dynamic systems. This project will use the UPPAAL model checker to study the behaviour of newly-proposed feedback-driven scheduling algorithms for real-time control systems. This will involve developing an executable model of a feedback-driven controller and its environment, and then experimenting with the model's capabilities.
Simulating Erosion of Tubing Systems in a Power Station
Contact: Prof. Colin Fidge (www.fit.qut.edu.au/~fidgec/)
Model checkers are tools that allow their users to simulate the behaviour of finite state machine models and search the model's potential state space. They can be used to uncover design flaws in abstract models of dynamic systems. This project will use the PRISM model checker to explore maintenance strategies for a large-scale industrial asset, the boiler tubes in a coal-fired power station. Understanding how these pipes may fail is of great importance to the power industry since their replacement costs millions of dollars. The project will involve developing an abstract model of pipe erosion and then exploring its behaviour against different maintenance regimes.
Funny Munny: Applying the Ideas of Web 2.0 to Personal Finance
Contact: Prof. Kerry Raymond
A lot of popular online services (such as Amazon, Flickr, FaceBook, etc) are described as being "Web 2.0 applications", which is a rather ill-defined term that tries to capture a mix of concepts such as:
* User control over data and presentation, including data sharing
* User generated content, both individually, and through aggregates such as recommendations and rankings
* Social networking
* High use of multimedia
* Smart algorithms that exploit this wealth of knowledge to add more value
This project aims to look at ideas used in popular Web 2.0 applications and see how they might be applied into a traditionally less exciting area such as organising a person's finances. Can we make money management a more fun and value-added experience than on-line banking is today? The outcome of the project will be a set of creative ideas for online money management, illustrated with with mock-ups showing the exciting possibilities. This project would lead naturally into Masters/PhD where the focus would be trying to make these ideas into a reality in collaboration with an industry partner.
This project is in collaboration with the Cooperative Research Centre (CRC) for Smart Services. For further information, please contact Prof Kerry Raymond k.raymond@qut.edu.au or Dr Michael Lawley m.lawley@qut.edu.au
A Smart Services scholarship may be available in connection with this project.
Business Process Visualisation
Contact: Dr. Ross Brown
Advanced virtual reality environments have become ubiquitous due to the advent of modern computer games and related hardware. Computer games contain some of the most sophisticated real-time simulations of 3D environments available, integrating advanced visual effects, physics modeling, and artificial intelligence, under the control of advanced user interfaces.
Many application domains in simulation, including military and other educational domains, have utilized games technology for simulation purposes. However, there is a lack of research in the business community into visualising business processes. We believe such visualisations will be useful for all stakholders in a process model, such as end users, customers, designers and administration staff.
This Honours project will investigate the present state of the art in this fledgling visualisation area. A framework for business process visualisation will be developed, incorporating many approaches and techniques, from 2D diagrams to full 3D game-like simulations, such as Second Life. Some example visualisations will be developed for application areas, such as the film industry and health care, in order to evaluate the newly developed framework.
Depending on the student’s skill set, the project can be oriented towards theoretical design or more practical software implementation foci. The focus of the project is thus open to negotiation with the supervisor.
File Carving Fragmented Hard Drives
Contact: Dr. Andrew Clark
File carving is the process of recovering files, including fragmented files, from disk images where the directory data has been lost. File carving is particularly useful for computer forensic investigators who may be wish to extract potential evidence from damaged or deleted regions of hard disk drives. Current file carving techniques consist of two main tasks: identifying the blocks which potentially correspond to a complete file; and then using a validation step to see if the file appears to have been correctly reconstructed (based upon the file type and its encoding).
Recovering fragmented files is particularly difficult as regions of a single file may be distributed widely across the disk media. This project will investigate techniques for reconstructing fragmented files using approaches such as combinatorial optimisation. The project will involve building upon existing libraries of known file types, and developing an appropriate representation for such information, including information about the nature of the file content. Additionally the project will experiment with new approaches for selecting fragmented regions of the media corresponding to single files.
Volatile Memory Forensics
Contact: Dr. Andrew Clark
Acquisition and analysis of volatile memory from computing devices are difficult problems. This project will focus on the analysis of acquired volatile memory dumps with a focus on identifying "useful"
information from within the dump. Such information includes passwords, cryptographic keys, cleartext (pre-images) or encrypted data.
Initially this project will focus on case studies of specific software tools in order to better understand how they store sensitive information within volatile memory, and whether or not simple, application-specific algorithms can be utilised for extracting that information. An outcome of this phase of the work will be a classification scheme which maps the different types of sensitive information to how they are usually stored in memory. Following on from this initial step, the project will aim to develop general techniques for identifying and extracting the various classifications of sensitive information from captured volatile memory.
Seamless and secure mobile communications
Contact: Dr. Jason Smith
Mobile computing platforms, including laptop computers, Internet tablets, and mobile smartphones now commonly integrate wireless chipsets that permit these devices to access network resources and services in personal, local, metropolitan, and wide area contexts.
As such connectivity becomes ubiquitous two important challenges must be addressed: (1) techniques for securing communications end-to-end across a range of layer two technologies must be developed, and (2) the signalling protocols used to manage mobility and the migration from one communications layer to another must also be secured.
This project will investigate the security requirements of emerging mobile networks that can utilise a multitude of layer-two technologies and identify or develop protocols suitable for ensuring the security of both user and signalling data in such networks.
Command and Control in Distributed Denial of Service Attacks
Contact: Dr.Jason Smith
Distributed denial of service (DDoS) attacks remain a persistent feature of, and significant threat to, the Internet. While a number of approaches have been proposed to improve the effectiveness of responses to DDoS attacks, a more promising direction is the disruption of the command and control channels that attackers must utilise to direct attacks. Traditionally DDoS attackers have utilised centralised command and control channels (internet relay chat rooms for example), but in recognition that such centralised command and control approaches are a point of vulnerability, they have started to utilise more distributed, peer-to-peer based methods of control. This project will investigate the evolution of command and control in DDoS attacks and develop techniques to aid in the disruption of DDoS when distributed command and control channels are employed.
Authentication for Small RF Devices
Contact: Dr. Juan Gonzalez Nieto
The next phase of the computer revolution will see ubiquitous use of small wireless computing devices. Prominent examples are radio frequency identification (RFID) tags and wireless sensor networks.
The combination of mobility, wireless communications and low-power hardware presents unique challenges in the design of authentication protocols suitable for ubiquitous computing. This project will investigate location privacy and proximity authentication. Location privacy is needed to avoid illegitimate tracking of mobile devices.
Privacy Protecting Access Control
Contact: Dr. Jason Reid
This project will investigate how authorisation policy languages such as XACML can be used to automatically enforce privacy constraints over usage and dissemination of personal information in federated systems based on Web services standards. To comply with privacy legislation, organizations that collect personal information must ensure that subsequent uses and disclosures of the information are consistent with the purpose notified to the individual when the information was collected. Since the amount of personal information that is stored, processed and shared electronically is rapidly increasing, the task of ensuring that data is handled in a manner consistent with the disclosed purpose is becoming ever more difficult. In order to automate this process, systems need to be developed to tag personal information with privacy relevant metadata (disclosed purpose of collection, retention period etc.) so that access control systems can evaluate requests to determine whether they are consistent with privacy constraints. This project will also investigate methods for determining the likely purpose of a user who is requesting access to personal information based on contextual information such as job function, past access patterns, workflow progress etc.
High Assurance Information Sharing Networks
Contact: Dr. Jason Reid
There is a growing need for secure communication systems based on internet technologies to support information sharing between organizations. For example, infrastructure operators need to share highly sensitive information (vulnerability reports, incident reports
etc.) to support critical infrastructure protection activities in the telecommunications, finance and energy sectors. Sensitive information requires controlled distribution and ongoing control over dissemination and usage - a form of Digital Rights Management. One of the key challenges in dissemination control is establishing trust in client platforms that connect to the information sharing network.
This project will investigate a combination of trusted computing, secure operating systems, hardware virtualisation, cryptographic access control and a peer-to-peer network underlay for storage and distribution to provide a high-assurance information sharing environment.
Effective Information Security Assurance Management in Contemporary Organizations
Contact: Dr. Lauren May
In the Information Age, contemporary organisations are heavily reliant on their information and information infrastructures as foundations of their business. The majority of these organisations make use of Internet technologies as a means of fast, efficient and economical communications in their daily business operations. In recent years the management of information security has become a topical focus due to a number of factors at both the governance and operational levels.
This research proposes to investigate particular aspects* of the processes for attaining effective information security management in contemporary organizations in the Information Age.
* Note that these particular aspects depend upon the interests, background and skill set of the research student. They may be at a management level, a technical level, or any combination. The research may also be industry-linked; for example linked to the student.s work environment.
Transition From Legacy To Federated Identity Management Models
Contact: Dr. Ernest Foo
Many organisations already have systems for identity management.
Legacy identity management systems that follow the silo model offer poor user experience and can not easily be integrated with services from other organisations. Federated identity management systems do not suffer from the same problems as legacy systems, and can in addition be retrofitted to legacy systems. This project consists of investigating how organisations can adopt a transition from their legacy to modern federated systems without interrupting services.
Web Services Testbed deployment
Contact: Dr. Jason Smith
This project presents an opportunity to develop practical experience and skills in the fast-growing area of web services security. After investigating various platform and technology options, the student will be guided to design and deploy a web services test-bed environment. The test-bed can be established using Microsoft's .NET framework and/or Java Enterprise Edition. The installation could be based on example templates provided with the development tools. The main goal of the project is to create an environment in which approaches for secure application deployment using the WS-Security collection of standards can be evaluated.
One emphasis of the work will be on providing an infrastructure upon which cross domain authorisation and access control, using the Security Assertion Mark-up Language (SAML) and the extensible Access Control Mark-up Language (XACML), can be evaluated. This will require the development of policy decision point entities and policy enforcement points based on XACML. Open source implementations of these standards are available. The main technology standards that the project will deal with include:
* Security assertion mark-up language (SAML)
* Extensible access control mark-up language (XACML)
* Web services based on Microsoft .NET or Java EE
* Database server (MY SQL or Microsoft SQL Server)
* VMware
Experience deploying network application software (such as web servers, databases, etc.) will be beneficial as would some familiarity with J2EE or MS .NET and VMWare.
Open Source Information Security Management
Contact: Dr. Jason Smith
This project provides an opportunity to develop experience with the deployment and utilisation of information security management tools. The student will undertake a test deployment of OSSIM, an open source information management tool. OSSIM provides a dashboard that correlates information from a number of different sensors to provide real-time information as to the security posture of a network utilising multiple open source security tools. OSSIM also seeks to provide some indication as to the risk posture of the network. Ultimately the aim is to integrate information available through the use of OSSIM into an information security risk management tool (ISM) that has been developed by the ISI. The project outputs will be likely to include:
* documentation on the ease of deployment of the OSSIM framework
* documentation on the effectiveness of the tools provided by OSSIM
* documentation of the deployment process
* documentation of the information gathered by OSSIM and its potential
extraction from the OSSIM database
* documentation of the inbuilt risk tools provided by OSSIM
* test usage of gathered data with the ISM software.
Familiarity with VMware and general knowledge of Linux operating systems and network administration would be advantageous. Some knowledge of Java programming may also be beneficial.
Virtual Infrastructure for Network Security Experimentation
Contact: Dr. Jason Smith
This project presents an opportunity to develop practical experience and skills in the design and deployment of virtual infrastructure to support network security research. Following an investigation of virtualisation technologies, the student will be guided through the design and deployment of a virtual infrastructure framework. The framework will enable security research by supporting the construction of reusable components (e.g.
authentication servers, web servers, and network monitoring systems); allowing the rapid construction of test environments from existing components; and permitting the evaluation and analysis of the constructed environment through experimentation with both exploit and vulnerability assessment tools.
The main goal of the project is to design and deploy an infrastructure framework that allows researchers to develop framework components and include these components in a library in a consistent manner, thereby promoting the reuse of such components. The outputs of this project are likely to include:
* identification of common components used in network security
experiments; specification of a deployment platform (software,
hardware, and networking requirements);
* documentation relating to the use of the platform;
* an example of a component being added to the library and the use of
that component in an experimental architecture; and,
* an example of components from the library being combined in an
experimental scenario.
Familiarity with virtualisation software such as VMware or QEMU and with Linux system / network administration will be beneficial.
XML Search Engine evaluation
Contact: Associate Professor Shlomo Geva
Search engines exhibit different performance quality with respect to different user information needs. For instance, the most popular web search engines perform well in document retrieval mode, but are not very good at identifying the specific location of content within large documents. Some search engines specialize in Question Answering, others specialize in domain specific knowledge. There is a need to evaluate search engine performance in an objective manner with respect to desirable behavior and user needs.
In this project we are interested in the evaluation of search engines in Passage Retrieval. The task is to return passages within documents that are relevant as answers to queries. Rather than develop a search engine, the task is to take a set of queries, a set of results-sets from several search engines, a set of relevant passages that satisfy the queries. The evaluation program has to derive a performance score for each result-set based on how well it is able to match the known relevant passages. We are dealing with the Wikipedia collection of articles, in XML format.
The evaluation strategy has to be explored and a program should be implemented in Java that performs the evaluation in an effective manner. XML processing will be required.
Good programming skills and an aptitude for writing efficient programs are required.
Wikipedia Oriented Web Browser
Contact: Associate Professor Shlomo Geva
The Wikipedia interface has several deficiencies at present. It does not support content search (only by keywords in page names), it does not support automatic link suggestion when entering new documents, and it does not support multiple links per anchor.
The purpose of this project is to investigate how the open source web browser (Firefox or Mozzila) can be adapted to support Wikipedia specific searching and browsing. We shall explore the 3 abovementioned tasks, but other user oriented improvements will be explored and implemented. User experiments may be conducted to obtain feedback on performance of the new features.
Not for the faint hearted – requires the ability to study carefully and work with open source code of the highest standard and the confidence to make the necessary modifications.
Wikipedia Link Discover
Contact: Associate Professor Shlomo Geva
Link-the-Wiki: we are using the Wikipedia collection - about 5GB consisting of 660,000 documents, in XML format. The document set is extensively hyperlinked, but not completely and always effectively. The Link-the-Wiki task aims at creating link discovery algorithms. More specifically, given a new Wikipedia document, the task is to analyse the text and recommend a set of incoming and outgoing links from/to anchor text in the existing collection. Going beyond traditional text document analysis, in the context of Link-the-Wiki we aim to operate at the XML element level. This means that anchor text will link not only to a related document, but to a specific XML element within, or to the best entry point for starting to read the referenced material from. More than one link will be allowed per anchor, extending the current Wikipedia link structure. We also consider modifications to the Wikipedia page viewer so that it can support multiple link per anchor browsing.
Good Java, XML, and Database skills are required.
Enhanced Wikipedia Browser
Contact: A/Prof Shlomo Geva
The project involves development of an enhanced Wikipedia Browser. The standard browser is rather limited and in particular does not support the navigation of an extensively linked web of related topics. A user who explores the Wikipedia has to navigate manually through links, move forward and backwards using only the standard and rather limited navigation features of a browser (e.g. use forward/backward or history navigation, or use multiple tabs, etc.) We are looking to create a Wikipedia browser that will be dedicated to the interaction mode of wikipedia users. It should provide a totally different exploration experience. It should support multiple links per anchor, it should remember where a user had been and provide a suitable visual representation to assist the user. It should try and predict what page a user might visit next, or suggest other links. It should assist users in discovering related documents that are not explicitly linked to the viewed document, and so on. Finally, we are looking to integrate a GUI for generating new pages in the Wikipedia to improve significantly on the existing tool which assumes too much about the ability of the user to manage the process. The GUI should also support extensive link discovery so that the new page can immediately be linked to/from existing pages.
Software: Java, Database
Good programming skills and enjoyment of programming are essential.