Ethical hacking is used by many large companies as an instrument, in order to detect system vulnerabilities that was not detected during the design, implementation, and testing period of the system. Ethical hackers are trusted people that try to force the system to fail, or miss function, either by having no knowledge of system they try to hack (black-box hacking), or by having the full insight of the system (white-box hacking).
In networked systems the common action performed by ethical hackers is the deny of service attempt. Other approaches that target to challenge the data confidentiality and integrity over the communication channel are also applied.
Accounting and Monitoring for AAI Services (AMAAIS), is a system developed by the Communication Systems Group in the department of Informatics, at the University of Zurich. The student’s target will be to act as an ethical hacker for the AMAAIS system. Firstly, the student will report any potential vulnerabilities found. All the methods that used by the student while trying to “hack” the AMAAIS system should be described briefly. Secondly, the student will propose solutions that might fix the problems discovered. Both black-box and white-box hacking will be performed. Thus, the student will get insight information about the system step by step. It is recommended to use the NIST security framework for a structured approach.
At the end of this venture the student will have a solid knowledge of security threats concerning operational systems, as well as ways to prevent misuse of the system.
Supervisors: Christos Tsiaras, Andri Lareidaback to the main page