Master/Bachelor-arbeiten im Bereich "Software Security"
Topic 1: "Milk or Wine"
Back in 2006 Ozment and Schechter [USENIX Sec.'06] counted the age and lifetime of vulnerabilities in the OpenBSD kernel and concluded that it matures like wine, meaning it becomes better with age. We want to reproduce their study on a much bigger scale, for all packages of Debian GNU/Linux. This will require developing a tool that can pinpoint which version of the software was the first that contained a given vulnerability. Nguyen, Dashevskyi & Massacci [ESE'16] developed such a method in a smaller scale...
Topic 2: "What can static analysis tell us?"
Edwards and Chen [CCS'12] showed some correlation between the number of issues flagged by static analysis tools and vulnerabilities discovered later. We want to investigate this hypothesis on a much bigger scale. We also want to find out which static analysis tools perform best by comparing a selection of them on our dataset.
Contact: Nikolaos Alexopoulos (alexopoulos at tk.tu-darmstadt.de)