Tag Archives: Meelis Roos

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (August)

The defences took place on the last week of August.

Student: Aleksandr Tsõganov (Software Engineering MSc)
Title: Integrating User Identity with Ethereum Smart Contract Wallet
Supervisor: Orlenys López Pintado, Aivo Kalu, Kristjan Kuhi
Reviewer: Fredrik Payman Milani

Student: Rahul Puniani (Innovation and Technology Management MSc)
Title: Conceptualization of a Blockchain Based Voting Ecosystem in Estonia
Supervisor: Fredrik Payman Milani, Mihkel Solvak
Reviewer: Orlenys López Pintado

Student: Indrek Purga (Conversion Master in IT)
Title: Detection of forged PDF documents
Supervisor: Kristjan Krips
Reviewer: Alo Peets

Student: Shahla Atapoor (Computer Science MSc)
Title: On Privacy Preserving Blockchains and zk-SNARKs
Supervisor: Helger Lipmaa, Janno Siim, Karim Baghery
Reviewer: Ivo Kubjas

Student: Mart Simisker (Computer Science MSc)
Title: Security of Health Information Databases
Supervisor: Jan Willemson, Dominique Unruh
Reviewer: Meelis Roos

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2019
https://www.cs.ut.ee/sites/default/files/www_ut/augusti_kaitsmiste_ajakava_28-08-2019.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (June)

The defences are taking place on the first and second week of June.

Student: Ivo Pure (Cyber Security MSc)
Title: An Automated Methodology for Validating Web Related Cyber Threat Intelligence by Implementing a Honeyclient
Supervisor: Risto Vaarandi, Raimundas Matulevicius
Reviewer: Alejandro Manzanares

Student: Bruno Didier Produit (Cyber Security MSc)
Title: Optimization of the ROCA (CVE-2017-15361) Attack
Supervisor: Arnis Paršovs
Reviewer: Jan Villemson

Student: Kärt Padur (Cyber Security MSc)
Title: Information Security Risk Assessment in the Context of Outsourcing in a Financial Institution
Supervisor: Raimundas Matulevičius, Liis Rebane, Toomas Vaks
Reviewer: Andro Kull

Student: Marek Matsalu (Cyber Security MSc)
Title: The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League
Supervisor: Raimundas Matulevičius, Hillar Põldmaa
Reviewer: Hayretdin Bahsi

Student: Pubudini Gayanjalie Dissanayake (Cyber Security MSc)
Title: A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System
Supervisor: Hayretdin Bahsi, Raimundas Matulevičius
Reviewer: Alexander Horst Norta

Student: Lukáš Bortník (Cyber Security MSc)
Title: Mobile Phone Digital Evidence Providers to Investigate Driver’s Distraction
Supervisor: Pavel Laptev, Satish Narayana Srirama
Reviewer: Matthew Sorell

Student: Mari Seeba (Conversion Master in IT)
Title: A Specification of Layer-Based Information Security Management System for the Issue Tracking System
Supervisor: Raimundas Matulevičius, Ahto Buldas
Reviewer: Meelis Roos

Student: Doris Sarapuu (Conversion Master in IT)
Title: Penetration Testing of Glia’s Web Application
Supervisor: Kristjan Krips, Carlos Paniagua
Reviewer: Riivo Talviste

Student: Kaspar Kala (Conversion Master in IT)
Title: Refinement of the General Data Protection Regulation (GDPR) Model: Administrative Fines Perspective
Supervisor: Raimundas Matulevičius, Jake Tom
Reviewer: Eneken Tikk

Student: Maksym Yerokhin (Software Engineering MSc)
Title: Multi-level Policy-aware Privacy Analysis
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Reviewer: Sara Belluccini

Student: Reelika Tõnisson (Computer Science MSc)
Title: Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles
Supervisor: Dominique Peer Ghislain Unruh
Reviewer: Sven Laur

Student: Helen Tera (Computer Science BSc)
Title: Introduction to Post-Quantum Cryptography in Scope of NIST’s Post-Quantum Competition
Supervisor: Dominique Unruh
Reviewer: Raul-Martin Rebane

Student: Omar Purik (Computer Science BSc)
Title: Creation of Practical Assignments on Information Security for High School Students
Supervisor: Kristjan Krips, Tauno Palts
Reviewer:

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2019
https://www.cs.ut.ee/sites/default/files/www_ut/kaitsmised_v_30-05.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2017/2018

Cyber Security Msc thesis:

Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
Student: Avramenko Valeriia
Supervisor: Hayretdin Bahşi, Raimundas Matulevičius

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm
Student: Ahmed Elazazy
Supervisor: Anton Vedeshin, Truls Tuxen Ringkjob, Raimundas Matulevicius

Testing the Security Awareness Using Open-Source Tools – Spear Phishing
Student: Karina Filipczak
Supervisor: Sten Mäses, Raimundas Matulevičius

Assessing Generational Differences in Susceptibility to Social Engineering Attacks. A Comparison Between Millennial and Baby Boomer Generations
Student: Lejla Islami
Supervisor: Olaf Manuel Maennel, PhD Raimundas Matulevicius, PhD

How to Conduct Email Phishing Experiments
Student: Kaspar Jüristo
Supervisor: Sten Mäses, Olaf M. Maennel, Raimundas Matulevičius

Evaluation of Efficiency of Cybersecurity
Student: Mikko Luomala
Supervisor: Yannick Le Moullec, Jyri Paasonen, Meelis Roos

Fingerprinting a Organization Using Metadata of Public Documents
Student: Karl Mendelman
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius

Detecting Social Spamming on Facebook Platform
Student: Ghada Zakaria Mohamed
Supervisor: Innar Liiv , Raimundas Matulevičius

Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives
Student: Raul Nugis
Supervisor: Pavel Laptev, Raimundas Matulevičius

Online Cyber Security Exercise to Evaluate and Improve Individual Technical Specialists’ Cyber Incident Reporting Skills
Student: Andres Oras
Supervisor: Sten Mäses, Margus Ernits, Raimundas Matulevicius

Ensuring the Integrity of Electronic Health Records
Student: Alvar Ristikivi
Supervisor: MSc Jaan Priisalu, PhD Raimundas Matulevičius

Related thesis from other curricula:

A Tool for Supporting Multi-Perspective System Development Through Security Risk Management
Student: Madis Kaasik
Supervisor: Raimundas Matulevičius
Master – Software Engineering

Post-Quantum Secure Time-Stamping
Student: Raul-Martin Rebane
Supervisor: Dominique Peer Ghislain Unruh
Master – Computer Science

Prediction Model for Tendencies in Cybersecurity
Student: Erik Räni
Supervisor: Justinas Janulevičius, Raimundas Matulevičius
Master – Software Engineering

Quantum-Secure Coin Toss Protocol Using Collapse-Binding Commitments
Student: Kristiine Saarmann
Supervisor: Dominique Unruh
Bachelor – Computer Science

Tool Support for Privacy-Enhanced Business Process Model and Notation
Student: Aivo Toots
Supervisor: Pille Pullonen, Luciano García-Bañuelos
Bachelor – Computer Science

Dangers of Phishing Based on a Tech-Company
Student: Lauri Välja
Supervisor: Kristjan Krips
Bachelor – Computer Science

Finding Java Security Vulnerabilities Using Static Analysis: Whence the Problem?
Student: Harald Astok
Supervisor: Vesal Vojdani
Bachelor – Computer Science

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2018

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2016/2017

Managing Security Risks Using Attack-Defense Trees
Abstract: The In this thesis, we have addressed risk management using Attack Tree. The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical data.
Student: Salman Lashkarara
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Meelis Roos
Defense: 01.06.2017, Tartu, J.Liivi 2-404

On Secure Bulletin Boards for E-Voting
Abstract: In this thesis, we propose a formal model for analysis of security and functionality of a bulletin board system motivated by the security requirements Culnane and Schneider introduced in Computer Security Foundations Symposium 2014.
Student: Annabell Kuldmaa
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Ahto Buldas
Defense: 01.06.2017, Tartu, J.Liivi 2-404

Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Abstract: This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs.
Student: Deivis Treier
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Andrey Sergeev
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Method for Effective PDF Files Manipulation Detection
Abstract: The aim of this thesis is to ease the process of detecting manipulations in PDF files by addressing its source code, before having to use other methods such as image processing or text-line examination.  The result is the construction of a solid and effective method for PDF file investigation and analysis to determine its integrity.
Student: Gema Fernández Bascuñana
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Inna Ivask, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance
Abstract: This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard.
Student: Martin Jõgi
Curriculum: Cyber Security (MSc)
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Marko Kääramees
Defense: 02.06.2017, Tartu, J.Liivi 2-404

A Prototype For Learning Privacy-Preserving Data Publising
Abstract:  This master thesis will discuss different threats to privacy, discuss and compare different privacy-preserving methods to mitigate these threats. The thesis will give an overview of different possible implementations for these privacy-preserving methods. The other output of this thesis is educational purpose software that allows students to learn and practice privacy-preserving methods.
Student: Rain Oksvort
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Benson Muite
Defense: 05.06.2017, Tartu, J.Liivi 2-404

Filesystem Fuzz Testing Framework
Abstract: In the present thesis a fuzz testing framework was built, which can be used for finding time-of-check-to-time-of-use type bugs in Linux filesystems.
Student: Vladislav Alenitsev
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Kristjan Krips
Reviewer: Karl Tarbe
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Performance Testing Bulletin Board Implementations for Online Voting
Abstract: This work takes a look at two software solutions that can be used for such purpose and analyses their performance in testing environment imitating real election workload.
Student: Marek Pagel
Curriculum: Computer Science (BSc)
Supervisor: Sven Heiberg, Janno Siim
Reviewer: Ivo Kubjas
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Cybersecurity theses defence on June 9, 2017 in Tartu J. Liivi 2-403 at 10.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.
Grades received (random order): A, B, C, C, D.

Improving and Measuring Learning at Cyber Defence Exercises
Abstract:  This thesis takes a fresh look at learning in Cyber Defence Exercises (CDXs) and focuses on measuring learning outcomes. As such exercises come in a variety of formats, this thesis focuses on technical CDXs with Red and Blue teaming elements.
Student: Kaie Maennel
Curriculum: Cyber Security (MSc)
Supervisor: Rain Ottis, Liina Randmann, Raimundas Matulevičius
Reviewer: Sten Mäses
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Federation of Cyber Ranges
Abstract: This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities.
Student: Allar Vallaots
Curriculum: Cyber Security (MSc)
Supervisor: Jaan Priisalu, Uko Valtenberg, Raimundas Matulevičius
Reviewer: Rain Ottis
Defense: 09.06.2017, Tartu, J.Liivi 2-403

A New Heuristic Based Phishing Detection Approach Utilizing Selenium Webdriver
Abstract: In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages.
Student: Ahmed Nafies Okasha Mohamed
Curriculum: Cyber Security (MSc)
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Hayretdin Bahsi
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Analysis of Exploit-kit Incidents and Campaigns Through a Graph Database Framework
Abstract: A great deal of automation can be achieved here by using public APIs such as VirusTotal, whois databases, IP blacklists, etc during the analysis and a first part of our work is dedicated to that. We will then show that this approach reveals patterns and clusters from which decisions can be made from a defensive perspective.
Student: Guillaume Brodar
Curriculum: Cyber Security (MSc)
Supervisor: Toomas Lepik, Raimundas Matulevicius
Reviewer: Arnis Paršovs
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Investigation of JTAG and ISP Techniques for Forensic Procedures
Abstract: This thesis is focusing on JTAG and ISP physical acquisitions techniques. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method.
Student: Stefanos Pappas
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Raimundas Matulevičius
Reviewer: Emin Caliskan
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Links:
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_1_2_5_06.pdf
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_6_7_8_9_06_.pdf

Cyber Security master’s theses defense in University of Tartu (January 2017)


Cybersecurity theses defence on January 6, 2017 in Tartu J. Liivi 2-224 at 11.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.

Student: Christian Tschida
Title: The Way to the Specialist and Management Level of Cyber Hygiene Initiative
Abstract: The prototype, of the Cyber Hygiene e-learning course was implemented and tested in the Estonian Defence Forces in early 2016. This thesis builds up on this. It tries to clarify what data should be available to the specialists and what information should be reported to the management. Additional to many interviews with specialists and security experts, a questionnaire was created to raise coverage. The testing of the questionnaire was done at an international well known think tank.
Supervisor: Sten Mäses, Raimundas Matulevičius
Reviewer: Andro Kull

Student: Mohit Kinger
Title: Enterprise Cloud Security Guidance and Strategies for Enterprises
Abstract: This thesis measures the myriad benefits of using cloud applications, and the effect of cloud computing on business performance. A nonexhaustive review of the existing literature revels that the security challenges faced by enterprises during cloud adoption and interoperability have to be addressed before the implementation of cloud computing. In this thesis, we provide a detailed overview of the key security issues in the realm of cloud computing and con-clude with the recommendations on the implementation of cloud security.
Supervisor: Andro Kull, Raimundas Matulevičius
Reviewer: Alex Norta

Student: Priit Lahesoo
Title: The Electronic Evidence Examination Reporting System by the Example of West Prefecture
Abstract: This work will focus on practical issues like how to improve the speed of drawing up an electronic evidence examination protocol. The work was done basing on examination data results that collected in the West prefecture based on real work statistics and permission by the Police and Border Guard Board. As part of the work, the practical Microsoft Access application was developed by the author.
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi

Student: Wael Mohamed Fathi Ahmed AbuSeada
Title: Alternative Approach to Automate Detection of DOM-XSS Vulnerabilities
Abstract: This thesis proposes an alternative methodology to detect DOM-XSS by building-up on the existing approach used by web scanners in detecting general XSS. The thesis proposes to add an extra scan layer which is an actual browser that would be resonsible for sending any request and render the recieved HTML response from webserver. To provide a proof of concept for this methodology, the thesis author created a web-based tool on that premises.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevičius
Reviewer: Risto Vaarandi

Student: Vsevolod Djagilev
Title: Android Chat Application Forensic Process Improvement & XRY Support
Abstract: To solve a set of problems a forensic utility has been created, both manual & automated analysis of chat application data has been done. Main result in this work allows not only to perform a search, but to write a modules in Python, which can make search narrower and each of modules can understand particular format, if needed.
Supervisor: Toomas Lepik, Raimundas Matulevičius
Reviewer: Emin Caliskan

Links:
http://www.cs.ut.ee/sites/default/files/cs/cybersecurity_theses_defence_schedule.pdf

Cyber Security master’s theses defense in Tallinn University of Technology (June 2016)

logo_tut

Monday, June 6th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Rain Ottis (chairman), Hayretdin Bahsi, Ahto Buldas, Andro Kull, Risto Vaarandi, Raimundas Matulevicius.
The grades received (in random order): 4,4,4,3,3,3,3,3,2,1,0.

Time: 09:00
Student: Ferenc Szalai
Title: Does Cyber Security Exercise Information Sharing Work?
Supervisor: Olaf Manuel Maennel
Reviewer: Lauri Palkmets

Time: 09:40
Student: Taavi Sonets
Title: Improving User Simulation Team Workflow in the Context of Cyber Defense Exercise
Supervisor: Elar Lang, Rain Ottis
Reviewer: Priit Raspel

Time: 10:20
Student: Karl Kristjan Raik
Title: Improving Web Attack Campaign Overview in Cyber Defense Exercises
Supervisor: Elar Lang, Rain Ottis
Reviewer: Jaan Priisalu

Break 11:00 – 11:10

Time: 11:10
Student: Eve N Hunter
Title: A Comparative Analysis of Cybersecurity Guidelines and Standards for Nuclear Power Plants
Supervisor: Rain Ottis, Harry Kantola
Reviewer: Sten Mäses

Time: 11:40
Student: Alvar Ristikivi
Title: Failover test measurements of load balanced infrastructure
Supervisor: Toomas Lepik
Reviewer: Risto Vaarandi

Break 12:20 – 13:00

Time: 13:00
Student: Kristo Kapten
Title: Threat Modeling framework for Home Gaming Consoles
Supervisor: Hayretdin Bahsi
Reviewer: Emin Caliskan

Time: 13:40
Student: Sho Yano
Title: Security Analysis on Healthcare IoT Project
Supervisor: Olaf Manuel Maennel
Reviewer: Andro Kull

Time: 14:20
Student: Juan Manuel Rodríguez López
Title: Security Risk Assessment To The Use Of Digital Charting In Colombia
Supervisor: Alexander Horst Norta
Reviewer: Olaf Manuel Maennel

Break 15:00 – 15:10

Time: 15:10
Student: Florian Gasteiger
Title: R3AD an architecture to include UAVs in National Airspace
Supervisor: Olaf Manuel Maennel
Reviewer: Toomas Lepik

Time: 15:50
Student: Nisham Kizhakkedathil
Title: A Study Into the Prospects of Implementing End-to-End Verifiability in Estonian I-Voting
Supervisor: Tanel Tammet, Vadims Žuravļovs
Reviewer: Arnis Paršovs

Time: 16:30
Student: Rando Kulla
Title: Migrating PDF signing to New KSI Format
Supervisor: Jaan Priisalu, Ahto Truu
Reviewer: Ahto Buldas

Tuesday, June 7th 2016, Akadeemia Tee 15a, Room ICT-315.

The grades received (in random order): 5,5,4,0,?,?,?,?,?,?,?

Time: 09:00
Student: Teet Laeks
Title: Raising the Awareness of Cyber Security Based on Estonian Defence Forces
Supervisor: Tiia Sõmer, Danel Apse
Reviewer: Andri Rebane

Time: 09:40
Student: Andres Sumin
Title: Evaluation method for cyber awareness course
Supervisor: Sten Mäses, Liina Randmann
Reviewer: Sten Mäses

Time: 10:20
Student: Kevin Lwakatare
Title: Contributions of Understanding and Defending Against Social Engineering Attacks
Supervisor: Anton Vedeshin
Reviewer: Alexander Horst Norta

Break 11:00 – 11:10

Time: 11:10
Student: Alexandria Elaine Farár
Title: A Deceptive Methodology Towards Early Detection of Advanced Cyber Threats
Supervisor: Hayretdin Bahsi, Bernhards Blumbergs
Reviewer: Risto Vaarandi

Time: 11:40
Student: Onur Aydin Korkmaz
Title: Comprehensive Analysis of Cyber Attacks and Malware Using Low- and High-Interaction Honeypot
Supervisor: Truls Ringkjob
Reviewer: Mauno Pihelgas

Break 12:20 – 13:00

Time: 13:00
Student: Mina Gerges
Title: Log Monitoring and Event Correlation on Microsoft® Windows™ Using Simple Event Correlator
Supervisor: Risto Vaarandi
Reviewer: Tiit Hallas

Time: 13:40
Student: Chen Zhuge
Title: C-Based Implementation of Logcluster, a Data Clustering and Pattern Mining Algorithm for Event Logs
Supervisor: Risto Vaarandi
Reviewer: Innar Liiv

Time: 14:20
Student: Morteza Fakoorrad
Title: Application Layer of Software Defined Networking: pros and cons in terms of security
Supervisor: Olaf Manuel Maennel
Reviewer: Truls Ringkjob

Break 15:00 – 15:10

Time: 15:10
Student: Zaghum Wahab Awan
Title: A GUI Simulator For WSNs Based Protocols with Energy Harvesting and Proposed Hash Based Mathematical Modelling for the Security
Supervisor: Truls Ringkjob
Reviewer: Hayretdin Bahsi

Time: 15:50
Student: Jaan Vahtre
Title: Detection of ransomware on Windows operating systems
Supervisor: Jaan Priisalu
Reviewer: Toomas Lepik

Time: 16:30
Student: Vjatšeslav Panov
Title: Implementation of a Hash Function for Portable Executable Based on Structural Information
Supervisor: Truls Ringkob
Reviewer: Toomas Lepik

Wednesday, June 8th 2016, Akadeemia Tee 15a, Room ICT-315.

Defense committee: Raimundas Matulevicius (chairman), Hayretdin Bahsi, Rain Ottis, Meelis Roos, Vitaly Skachek.

Time: 09:00
Student: Luis Carlos Herrera Velasquez
Title: A Comprehensive Instrument for Identifying Critical Information Infrastructure Services
Supervisor: Olaf Manuel Maennel
Reviewer: Hayretdin Bahsi

Time: 09:40
Student: Camilo Andres Pantoja Viveros
Title: Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts
Abstract: The present paper has a profound literature review of the relation between cyber security, aviation and the vulnerabilities prone by the increasing use of information systems in aviation realm.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Sten Mäses

Time: 10:20
Student: Santiago Andres Sarmiento Bernal
Title: Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs
Abstract: This work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK.
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Juhan-Peep Ernits

Break 11:00 – 11:10

Time: 11:10
Student: Allyson Ivy Hauptman
Title: Designing Digital Forensics Challenges for Multinational Cyber Defense Exercises
Supervisor: Patrycjusz Zdzichowski, Rain Ottis
Reviewer: Toomas Lepik

Time: 11:50
Student: Luis Alejandro Velasquez Hurtado
Title: Colombia and the intelligence cycle in the 21st century, the digital age
Supervisor: Olaf Manuel Maennel
Reviewer: Rain Ottis

Break 12:30 – 13:20

Time: 13:20
Student: Didier Dubey Suarez Medina
Title: Assessment of Web-based Information Security Awareness Courses
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Rain Ottis

Time: 14:00
Student: Yuri Andrea Pinto Rojas
Title: Development of National Cyber Security Strategies (NCSSs), and an Application of Perspective to the Colombian Case
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Hayretdin Bahsi

Break 14:40 – 14:50

Time: 14:50
Student: Alex Uriel Duran Santos
Title: Organizational Interaction Mechanisms Affecting Strategic Decision-Making During Cybercrime Investigations
Supervisor: Maria Claudia Solarte Vasquez
Reviewer: Jaan Priisalu

Time: 15:30
Student: Carlos Arturo Martinez Forero
Title: Tabletop Exercise For Cybersecurity Educational Training; Theoretical Grounding And Development
Abstract: The purpose of this thesis is to suggest the improvement of potential and perceived weaknesses on the educational components of cyber security strategies, discussing awareness-training models with significant impact on the participants, focusing on strategic decision-making level personnel that could partake of cyber related incidents.
Supervisor: Maria Claudia Solarte Vasquez, Raimundas Matulevicius
Reviewer: Uko Valtenberg, Tarmo Tuisk

Links:
https://livettu-my.sharepoint.com/personal/elena_vaarmets_ttu_ee/_layouts/15/WopiFrame.aspx?guestaccesstoken=rRFwY2aM1FudPqoucCsEwNvjb2YvdduB4x%2bLFywQvpo%3d&docid=0c199fcd8c7204b8b908fa40ad8e14730&action=view
http://www.cs.ut.ee/sites/default/files/2016/loput88d/DEFENCE%20OF%20CYBER%20SECURITY%20CURRICULUM%20THESES_in%20Tallinn_2016.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016

university_of_tartu_logo

Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Reviewer:
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2016
http://www.cs.ut.ee/sites/default/files/2016/loput88d/Kaitsmiste%20ajakava.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2014/2015

university_of_tartu_logo

An Empirical Comparison of Approaches for Security Requirements Elicitation
Abstract: Security Quality Requirements Engineering (SQUARE) and Security Requirements Elicitation from Business Processes (SREBP). This thesis compares the two methods based on an empirical case study of the Estonian Football Association. The elicited security requirements are categorized and the completeness of their coverage is compared.
Student: Karl Kolk
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Fredrik Payman Milani
Defense: 26.02.2015

The Analysis and Design of a Privacy-Preserving Survey System
Abstract: This master’s thesis describes the design and business processes of the prototype of a secure survey system using secure multi-party computation. The design of the system is also described in this paper and is illustrated with a deployment model.
Student: Meril Vaht
Curriculum: Cyber Security (MSc)
Supervisor: Dan Bogdanov
Reviewer: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405

Pattern Based Security Requirement Derivation with Security Risk-aware Secure Tropos
Abstract: In this master thesis we investigate the integration of a pattern based security requirement elicitation process in the goal-oriented IS development. By performing this integration we aim at providing a process that enables the elicitation of security requirements from Security Risk-aware Secure Tropos (RAST) models. The contribution of this thesis are five Security Risk-aware Patterns expressed using RAST.
Student: Atilio Rrenja
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Peep Küngas
Defense: 04.06.2015, 09:00, Liivi 2-405.

Comparing Security Risk-oriented Modelling Languages to Manage Social Engineering Risks
Abstract: The paper applies structured approach in identification of one security risk management standard that can be applied with different modelling languages. For a more in-depth analysis in this paper considered several modelling languages as BPMN, Secure Tropos and Misuse case.
Student: Sarbar Tursunova
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Defense: 04.06.2015, 09:00, Liivi 2-405.
Reviewer: Olga Altuhhova

Analysis and Mitigation of Recent Attacks on Mobile Communication Backend
Abstract: This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use.
Student: Siddharth Prakash Rao
Curriculum: NordSecMob (MSc)
Supervisor: Tuomas Aura
Supervisor: Dominique Unruh
Supervisor: Silke Holtmanns
Supervisor: Ian Oliver
Reviewer: Arnis Paršovs
Defense: 09.06.2015, 09:00, Liivi 2-405.

Entropy Based Robust Watermarking Algorithm
Abstract: In this work, multiple robust watermarking algorithms are introduced. They embed watermark image into singular values of host image’s blocks with low entropy values. The quantitative and qualitative experimental results are indicating that the proposed algorithms are imperceptible and robust against many signal processing attacks.
Student: Lauri Laur
Curriculum: Software Engineering (MSc)
Supervisor: Gholamreza Anbarjafari
Supervisor: Mary Agoyi
Reviewer: Kaveh Khoshkhah
Defense: 09.06.2015, 09:00, Liivi 2-405.

NFC Security Solution for Web Applications
Abstract: This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made.
Student: Jonas Kiiver
Curriculum: Software Engineering (MSc)
Supervisor: Eero Vainikko
Reviewer: Meelis Roos
Defense: 09.06.2015, 09:00, Liivi 2-404.

Applying Estonian Internet Voting Individual Verification System to Other Electoral Systems
The current paper gives an overview of the Estonian internet voting individual verification system and introduces different ballot styles. It proposes and describes modifications to the Estonian system, so it could be used for individual verification with the introduced ballot styles and multiple elections.
Student: Joonas Lõmps
Curriculum: Informatics (BSc)
Supervisor: Sven Heiberg
Reviewer: Arnis Paršovs
Defense: 12.06.2015, 09:00, Liivi 2-404

Secure Bitcoin Wallet
This report outlines various methods and solutions targeting security concerns and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services.
Student: Sevil Guler
Curriculum: NordSecMob (MSc)
Supervisor: Sead Muftic, Vitaly Skachek
Reviewer: Arnis Paršovs
Defense: 27.08.2015

Links:
http://comserv.cs.ut.ee/forms/ati_report/index.php?language=en
http://www.cs.ut.ee/en/msc/theses/deadlines

BSc thesis: Denial of Service Attacks and Defense Solutions

smurf_attack

Student: Erki Vaino
Supervisor: Meelis Roos
Reviewer: Ljubov Feklistova

Abstract
Over time denial of service attacks have become more sophisticated and a popular method amongst attackers. This document will provide overview of different attacks and defense solutions against them. Although there are many great resources about the subject in English, there are very few of them in Estonian. Firstly there is a general overview of the attacks how they can be classified. Then descriptions of how different attacks work and which vulnerabilities or mechanics they use to stop the victim for providing service. In the last part there are descriptions how these attacks can be stopped or mitigated and also which products and solutions companies currently provide on the market at the moment. Each product is described briefly and info given how it helps to protect the network.

The thesis also contains interviews with two Estonian IT infrastructure architects.

Links:
http://comserv.cs.ut.ee/forms/ati_report/datasheet.php?id=45551&year=2015