Category Archives: Student Projects

A showcase of student projects and research papers related to cybersecurity.

UMSL hosts CyberPatriot Recruitment Event

23 Saturday Sep 2017

Posted by in Cyber Competitions, Security Education/Conferences/Events, Student Projects

Comments Off on UMSL hosts CyberPatriot Recruitment Event

The Midwest Cyber Center organized a CyberPatriot recruitment event at UMSL on Sep 23, 2017.

The event was intended to excite middle/high school students towards STEM programs and to encourage children to participate in CyberPatriot X competition. CyberPatriot is the National Youth Cyber Education Program. At the center of CyberPatriot is the National Youth Cyber Defense Competition. The competition puts teams of high school and middle school students in the position of newly hired IT professionals tasked with managing the network of a small company. In the rounds of competition, teams are given a set of virtual images that represent operating systems and are tasked with finding cybersecurity vulnerabilities within the images and hardening the system while maintaining critical services in a six-hour period. Teams compete for the top placement within their state and region, and the top teams in the nation earn all-expenses paid trips to Baltimore, MD for the National Finals Competition where they can earn national recognition and scholarship money.

The Midwest Cyber Center’s recruitment event was a smaller version of the upcoming CyberPatriot competition. We will bring in Military Cyber Professionals Association – St. Louis Chapter (MCPA) to help run the games. We will use members from Scott AFB as our volunteers to help the children participate in the games as well and answer any technical questions.

This event was a great example of strong community partnerships within the region aimed at fostering Cybersecurity talent!

  • UMSL – contributing facility/computer lab/ food and beverages as well as prizes
  • Military Cyber Professionals Association – St. Louis Chapter (MCPA) – contributing software and running games
  • Scott AFB – contributing volunteers to help children navigate the software and answer technical questions that arise
  • Midwest Cyber Center (MC²)– Event POC and promoting event

The event was designed as “Capture the Flag” (CTF) games by Jason Scott who was the competition lead. Volunteers from Scott Air Force base mentored the students during the competition. A CTF is an event during which students come together to compete against one another in an effort to test and expand cyber-security skills and awareness. Participants were challenged with cyber-security related puzzles from categories like network exploitation, cyber forensics, cryptography, steganography, programming, reverse engineering, and cyber trivia.

- Share/Bookmark -

Winrock Int. Farmer to Farmer ICT Assignment: AEMIP063-AET

27 Monday Feb 2017

Posted by in Student Projects, Uncategorized

Comments Off on Winrock Int. Farmer to Farmer ICT Assignment: AEMIP063-AET

Tags

, ,

From November – December 2016, a former cyber security graduate student Dan Redden was awarded approximately $4000.00 for Assignment: AEMIP063-AET, Agriculture Programs Software Training for the Institut Supérieur Agronomic et Vétérinaire de Faranah (ISAV/F) and Students in Faranah, Guinea.

Redden provided technical assistance at Guinea’s largest agricultural university by training professors to use an online open source database system. This system was to allow the university to go from a paper to a paperless environment. The system’s that Redden implemented provided two different options to the university to be able to store their documents. Redden also provided hardware and software needed for the assignment that was not available at the university to allow for an easier integration of the new applications.

View Winrock International volunteer opportunities at https://www.winrock.org/join-us/volunteer/volunteer-opportunities/

- Share/Bookmark -

52nd Annual Meeting of the Missouri Academy of Science

01 Sunday May 2016

Posted by in Security Education/Conferences/Events, Student Projects, Student Research Papers

Comments Off on 52nd Annual Meeting of the Missouri Academy of Science

Tags

, , , ,

UMSL had an undergraduate student Max Leible and graduate student Daniel Redden who participated in the Math and Computer Science section of the 52nd Annual Meeting of the of Missouri Academy of Science at Lincoln University of Missouri in Jefferson City, Missouri.

Math and Computer Science Oral Presentations

*Redden, Jr, D. SECURING YOUR SMART DEVICE. Device security has become one the hottest topics in today’s society. Millions of consumers own or have access to a smart device that not only allows them to communicate verbally with another party but has the ability to be a carry their financial and personal information around with them. The concern today is if the device is secured. Securing your smart device should be of great concern for all consumers because of the potential goldmine of data that a thief or hacker can accumulate from such device. This discussion will talk about ways to secure your smart device and ways to protect oneself from the potential disaster a breach can cause on an individual’s life.

*Dawson, M., J. Wright, M. Omar. University of Missouri -St. Louis MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ADDRESS SECURITY RELATED ISSUES. Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have preinstalled security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunity for malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, antivirus, and encryption, is widely used by the general public in mobile devices. Moreover, mobile devices are even more vulnerable than personal desktop computers because more people are using mobile devices to do personal tasks. This review attempts to display the importance of developing a national security policy created for mobile devices in order to protect sensitive and confidential data. Results of this review provide methods to address security related issues in mobile devices.

*Dawson, M., M, Leible. University of Missouri -St. Louis. OSINT EXPLOITATION OF UNIVERSITY TWEETS. With the rise of Web 2.0, Twitter has become a tool of choice for universities looking to increase their digital footprint. However there is not much guidance given into the protections of these tweets or the secure integration of Twitter into other Web 2.0 applications. As the debate for cyber threats continue to increase, these tweets must be protected and delivered in a manner that protects the sender. Explored in this report are the methods, which Twitter, and its data can be exploited for nefarious use.

13062350_10153985199100049_1094245434753858799_n13063438_10153985187100049_1846669361918262322_o
Download the abstracts at 2016 MAS ALL Abstracts Final
- Share/Bookmark -

Cryptography Domain – Steghide Application

20 Sunday Mar 2016

Posted by in Student Projects

Comments Off on Cryptography Domain – Steghide Application

Tags

, , ,

Students in the Advanced Cyber Security Concepts course had to perform a number of activities that displayed their ability to master the cryptography domain.  This included performing basic stenography encryption.  The graduate student selected Steghide application to perform this task.  In the figure below you can see the student’s encrypted photo and the command line commands used to decrypt it.  See Steghide documentation and steps at http://steghide.sourceforge.net/documentation.php

Screenshot from 2016-03-20 19:27:49

Figure 1: Google Hangout Steghide Demonstration

- Share/Bookmark -

Student projects in Cloud Computing

14 Thursday Jan 2016

Posted by in Student Projects

Comments Off on Student projects in Cloud Computing

Tags

,

In this semester-wide project, students are required to design cloud architecture for a hypothetical company.  They are required to address all aspects of cloud, including security and auditing.  Two of the projects are added here.

- Share/Bookmark -

FALL 2015 INFSYS 6868 Software Assurance – Student Research Papers

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on FALL 2015 INFSYS 6868 Software Assurance – Student Research Papers

Tags

,

INFSYS 6868 Software Assurance – Student Research Papers

Software Development Security: Security Driven Development

Abstract: Security design patterns in the software development life cycle has taken a back seat to create better user experience. At the cost of this better user experience is the risk associated with the lack of focus in security. This becomes an issue for companies that experience major security breaches and must continue to patch their patterns rather than, taking a security driven approach to designing their software. In this paper we will explore the benefits of moving toward a security driven development pattern. In the paper the focus will be centered on business processes and involving security throughout the organizational ecosystem. The benefits and challenges that is associated with moving toward a security driven development pattern and how to build a security driven organization.

Click here to view research paper Secuirty_Driven_Dev_Sasa_Basara

Third Party Risk Management: Cost-effective Approach

Abstract: This paper focuses on importance of third-party risk management and outsourcing risks. Specifically this paper will emphasize the importance of building supplier relationships in safe, secure and productive way applying risk-based approach to supplier oversight and relationship management. Benefits and challenges outlined along with recommendations on how to build risk averse and policy compliant corporate culture.

Click here to view research paper Third Party Risk Management

Improving Web Application Security by Eliminating CWEs

Abstract: This study examined improving web application security by eliminating CWEs. With the developing of web application, securities are becoming more and more important and complicated. The article states the current situation of the web application security and provides possible solution method. By understanding the CWEs and eliminating CWEs can help web application developers to solve or minimizing the security problems. The study listed three CWEs as examples to show how to understand and eliminate CWEs. Problem-solving based method can help people quickly understand the advantage of using CWEs to improve web application. Cloud Computing is also covered in the study for the future research directions.

Click here to view research paper  Weijie_Chen_ResearchPaper

- Share/Bookmark -

Code Analysis Research & Presentation

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Code Analysis Research & Presentation

Tags

,

INFSYS 6868 Software Assurance & INFSYS 3868 Secure Software Development

In this assignment, students were broken up into groups to perform the following tasks below.

Task
Select source code (minimum of 2 applications)
Select tool(s)
Run the tools and obtain reports
Create a presentation based upon reports (no more than 10 slides)
Defend how to fix deficiencies, errors, or vulnerabilities found
Present finding to class/instructor

Click to view this group’s final submission INFSYS6868_StaticAnalysis_Basara_Want_Fillipets

Click to view this group’s final submission Static Code Analysis_Meyer_Zahniel

- Share/Bookmark -

Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Mission Assurance Category (MAC) I Classified Requirements Student Exercise

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Mission Assurance Category (MAC) I Classified Requirements Student Exercise

Overview

This task is creating threshold (shall) requirements for the DoD 8500.2 IA Controls.  Students required to select a classification and Mission Assurance Category (MAC) level.

Goals

  1. Become familiar with authoring Information Assurance (IA) requirements.
  2. Develop skills in developing security focused requirements.

Requirements Matrix

A total of 35 requirements are chosen from the MAC [#], [Classification].

Screenshot from 2016-01-13 12-31-57

Click the following link to view the student research assignment Student Assignment_Req_Docs_Sasa_basara.  Requirements can be viewed by clicking the following attachment ia_cv_diacap_MACI_Classifed_Requirements

- Share/Bookmark -

Cloud Environments and Security

13 Wednesday Jan 2016

Posted by in Student Projects

Comments Off on Cloud Environments and Security

In a Fall 2015 course CMP SCI 4730 Computer Communications and Networks, an undergraduate student Luke Bicklein did research on Cloud Environment security and submitted the research paper. The following is the major content.

Cloud Environments and Security

Luke Bicklein , bicklein (at) umsl.edu (A paper written under the guidance of Prof. Jianli Pan)

Download paper here: Cloud Computing Security

Abstract:

Large virtual environments are a rapidly being deployed and utilized in many (if not most) large institutions. Private industries, public institutions, and individuals everywhere continue to migrate their data and shared resources to cloud environments. This paper details modern Cloud environments, security concerns involved in large environments, as well as current and possible future solutions to securing them.

Keywords:

Cloud, Cloud Computing, Cloud Stotage, Virtual Environment, Virtual Machine, data warehouse, virtual firewall

Table of Contents

  • 1. Introduction
    • 1.1 What is Cloud Computing?
    • 1.2 The Importance of a Secure Cloud
  • 2. Large-Scale Enviroments
    • 2.1 Intentions of Large Environments
    • 2.2 Modern Deployment and Utilization
    • 2.3 Infastructure: Under the Hood
  • 3. Security Concerns
    • 3.1 Identifying Threats
    • 3.2 Modern Threats
    • 3.3 Virtual Firewalls
  • 4. Summary
  • 5. References
  • 6. List of Acronyms

 

- Share/Bookmark -