Hej! Är du arbetsgivare och vill jobba med ett socialt och modernt rekryteringsverktyg? Läs mer här! x

Detta jobb har gått ut Se liknande jobb

Master Thesis Multimedia Hardening via Fuzz-Testing

Master Thesis Multimedia Hardening via Fuzz-Testing - 00076756    
Description of unit:

Security Research is a research area within Ericsson Research responsible for providing security research expertise. Research is conducted within areas such as applied cryptography, authentication methods, digital rights management, electronic payment, multimedia security, and protection against malware propagation in communication networks.

Thesis description:
Digital multimedia applications are at their height of popularity. Services for streaming video (Netflix, YouTube), music (iTunes, Spotify), and real-time communication (Skype, FaceTime, WebRTC) are available on almost all types of devices and are quickly replacing traditional services. High profile exploits have been discovered in various image libraries and some video/audio libraries/applications allowing attackers to execute arbitrary code. While downloadable media allows for widespread distribution of malware, attacks using real-time communication allow an attacker to more easily choose a specific target.
Arbitrary code execution is commonly achieved through control over the instruction pointer of a running process and exploits the fact that computers do not make a distinction between code and data. Many exploits inject code into the process and use a vulnerability to change the instruction pointer to have it point to the injected code. In the interest of a safer [mobile] network experience, this thesis explores fuzz-testing as a means for hardening common media libraries.

The objective of this thesis project is to study, build and evaluate a fuzz-testing tool/framework suited for multimedia libraries, building on available tools and previously published work in the area. The thesis project will comprise

  • a review of state-of-the-art fuzz-testing tools and techniques and an introduction to exploit creation and mitigation;
  • design and implementation of a fuzz-testing tool/framework, possibly an extension of prior work; and
  • an experimental evaluation of the implemented tool/framework against popular multimedia libraries and applications; and
  • an analysis of the identified vulnerabilities (if any) for both exploitability and mitigation measures.
Thus, the work includes
  • an element of theoretical studies,
  • experimental work, and
  • a written report and presentations.
We are looking for a motivated MSc student with a keen interest in multimedia coding, operating systems, and/or computer security; who has fulfilled the course requirements. Thorough knowledge of basic coding concepts and good programming skills are required, as is excellent spoken and written English.
Applications must include a brief personal letter, a CV, and recent grades. Incomplete applications will not be considered. Applications should highlight examples of previous programming or other projects that may be relevant for the position.
Job   Research
Primary Location   SE-AB-Stockholm
Schedule   Full-time
Job Posting   Dec 19, 2012, 12:00:00 AM
Unposting Date   Jan 11, 2013, 11:59:59 PM
Job Type   Internship
Beskrivningen ovan är från Ericsson
Ansök nu

Fakta om jobbet:

Publicerat: 19 dec 2012
Ansökningsdatum: 11 jan 2013

Dela jobb


91 825
205 992 MSEK