Master Thesis Multimedia Hardening via Fuzz-Testing - 00076756
Description of unit:
Security Research is a research area within Ericsson Research responsible for providing security research expertise. Research is conducted within areas such as applied cryptography, authentication methods, digital rights management, electronic payment, multimedia security, and protection against malware propagation in communication networks.
Digital multimedia applications are at their height of popularity. Services for streaming video (Netflix, YouTube), music (iTunes, Spotify), and real-time communication (Skype, FaceTime, WebRTC) are available on almost all types of devices and are quickly replacing traditional services. High profile exploits have been discovered in various image libraries and some video/audio libraries/applications allowing attackers to execute arbitrary code. While downloadable media allows for widespread distribution of malware, attacks using real-time communication allow an attacker to more easily choose a specific target.
Arbitrary code execution is commonly achieved through control over the instruction pointer of a running process and exploits the fact that computers do not make a distinction between code and data. Many exploits inject code into the process and use a vulnerability to change the instruction pointer to have it point to the injected code. In the interest of a safer [mobile] network experience, this thesis explores fuzz-testing as a means for hardening common media libraries.
The objective of this thesis project is to study, build and evaluate a fuzz-testing tool/framework suited for multimedia libraries, building on available tools and previously published work in the area. The thesis project will comprise
a review of state-of-the-art fuzz-testing tools and techniques and an introduction to exploit creation and mitigation;
design and implementation of a fuzz-testing tool/framework, possibly an extension of prior work; and
an experimental evaluation of the implemented tool/framework against popular multimedia libraries and applications; and
an analysis of the identified vulnerabilities (if any) for both exploitability and mitigation measures.
Thus, the work includes
an element of theoretical studies,
experimental work, and
a written report and presentations.
We are looking for a motivated MSc student with a keen interest in multimedia coding, operating systems, and/or computer security; who has fulfilled the course requirements. Thorough knowledge of basic coding concepts and good programming skills are required, as is excellent spoken and written English.
Applications must include a brief personal letter, a CV, and recent grades. Incomplete applications will not be considered. Applications should highlight examples of previous programming or other projects that may be relevant for the position.
Primary Location SE-AB-Stockholm
Job Posting Dec 19, 2012, 12:00:00 AM
Unposting Date Jan 11, 2013, 11:59:59 PM
Job Type Internship