http://courses.cs.taltech.ee/w/api.php?action=feedcontributions&feedformat=atom&user=HayretdinKursused - Kasutaja kaastöö [et]2026-05-21T19:58:27ZKasutaja kaastööMediaWiki 1.35.9http://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=10522Thesis2022-04-19T08:44:55Z<p>Hayretdin: /* Important Deadlines for May/June 2022 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2022 Defence ==<br />
* Submission of problem statement and research design document: 15th August 2021 <br />
* Submission of the thesis to the reviewer: 14 December 2021 <br />
* OIS declaration: 13 December 2021<br />
* Submission of the final version of the thesis: 3 January 2022<br />
* Defences: 10 January 2022<br />
<br />
== Important Deadlines for May/June 2022 Defence ==<br />
<br />
* Submission of problem statement and research design document: 14 December 2021 <br />
* Submission of the thesis to the reviewer: 25 April 2022 [https://moodle.taltech.ee/course/view.php?id=31426 submission link]<br />
* OIS declaration: 9 May 2022<br />
* Submission of the final version of the thesis: 16 May 2022<br />
* Defences: 30-31 May, 2-3 June 2022<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.taltech.ee/en/thesis-and-graduation-it#p43359 here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisors must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
NB!<br />
Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager.<br />
<br />
If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
'''The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.'''<br />
<br />
==== From Marko Arik, Industry PhD student, Talgen Cybersecurity Ltd. marko.arik@taltech.ee ==== <br />
<br />
* Cyber Operations<br />
* Informational Environment<br />
* Individual competences in Cyber<br />
* GNSS jamming and spoofing of the unmanned vehicles<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in cyber-physical systems, IoT network or robotic systems <br />
* Cyber security of IoT, cyber-physical systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: Forensics issues in cyber-physical systems, IoT networks or robotics systems, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, vulnerability management or situational awareness<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Shaymaa Khalil, TalTech ====<br />
<br />
Interested in (but not limited to) topics related to:<br />
<br />
Industrial control systems: threat modeling, security, threat detection, testbeds, and education programs<br />
<br />
Digital Forensics topics, especially topics related to Industrial control systems, Windows OS and Digital Forensics tools benchmarking<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
* Log Analysis <br />
<br />
Specific ideas:<br />
<br />
* Implications of DOH on security and availability + next step from https://www.netmeister.org/blog/doh-dot-dnssec.html<br />
* Domain name availability and how DNS registrant and registrar policy changes affect cybercrime<br />
* Heuristics on ip leasing operations<br />
* Defending organization that does not have internal network<br />
* Do applications do what they promise<br />
* Identifying specific applications based network fingerprints<br />
* Evaluation log collecting methods for Microsoft networks considering log poisoning attacks<br />
* Log collecting frameworks for organisations without internal networks<br />
* Information attributes and their influence on the organisational security beyond CIA<br />
* Frame works for cybersecurity devices / software evaluation<br />
* Evaluation specific software /hardware using ATT&CK Framwork<br />
* ATT&CK -Descriptions and false positives <br />
* Anatomy of cyber fractions during the Russian-Ukrainian war<br />
* Forensic Leaked materials of cyber criminal groups.<br />
* ...<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
* Network security & network measurements (active & passive)<br />
* WAN-routing & security (IPv6, BGP/BGPsec,...)<br />
<br />
==== From Sten Mäses, Tallinn University of Technology ====<br />
<br />
* Creating educational hands-on virtual labs in rangeforce.com platform<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Anna-Maria Osula, Tallinn University of Technology ====<br />
<br />
* legal aspects of cyber security <br />
* international law<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Mauno Pihelgas NATO CCDCOE ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases <br />
<br />
- cybersecurity awareness<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Adrian Venables, Tallinn University of Technology ====<br />
<br />
* Cyber security aspects of Information Warfare<br />
* Information Advantage doctrine development<br />
* Influence Operations<br />
<br />
Note: a background in International Relations, Political Science or Strategic Studies is required<br />
<br />
<br />
==== From Gabor Visky, NATO CCDCOE / TalTech ====<br />
<br />
Gabor Visky <gabor.visky@ccdcoe.org><br />
<br />
* Network traffic analysis in the maritime cyber-lab<br />
<br />
<br />
<br />
==== From the TalTech IT office ====<br />
<br />
* Security implications in Migrating Taltech Campus LAN to IPv6; Toomas Lepik<br />
* Improving SOC and Information security processes; Toomas Lepik<br />
* Auditing Taltech EITS compliance based on public information; Toomas Lepik<br />
* Improving Log analysis pipelines; Toomas Lepik<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
NB! Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager. If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations<br />
In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
- Arnis Paršovs, University of Tartu, arnis@ut.ee<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
- Dominique Unruh, University of Tartu, <dominique.unruh@ut.ee> <br />
<br />
- Vitaly Skachek, University of Tartu, <vitaly.skachek@ut.ee><br />
<br />
- Meelis Roos, University of Tartu, <meelis.roos@ut.ee><br />
<br />
- Mubashar Iqbal, University of Tartu, <mubashar.iqbal@ut.ee><br />
<br />
- Abasi-Amefon Obot Affia, University of Tartu, <amefon.affia@ut.ee><br />
<br />
- Mari Seeba, University of Tartu, <mari.seeba@ut.ee><br />
<br />
- Sabah Suhail, University of Tartu,<br />
<br />
- Raimundas Matulevicius, University of Tartu, <raimundas.matulevicius@ut.ee><br />
<br />
<br />
Some topics are provided at <https://infosec.cs.ut.ee/Main/ThesisTopics><br />
<br />
For other topics, students can contact directly the supervisors and course lecturers.<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.taltech.ee/en/thesis-and-graduation-it#p43359 Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=10521Thesis2022-04-19T08:44:05Z<p>Hayretdin: /* Important Deadlines for May/June 2022 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2022 Defence ==<br />
* Submission of problem statement and research design document: 15th August 2021 <br />
* Submission of the thesis to the reviewer: 14 December 2021 <br />
* OIS declaration: 13 December 2021<br />
* Submission of the final version of the thesis: 3 January 2022<br />
* Defences: 10 January 2022<br />
<br />
== Important Deadlines for May/June 2022 Defence ==<br />
<br />
* Submission of problem statement and research design document: 14 December 2021 [https://moodle.taltech.ee/course/view.php?id=31426 submission] <br />
* Submission of the thesis to the reviewer: 25 April 2022<br />
* OIS declaration: 9 May 2022<br />
* Submission of the final version of the thesis: 16 May 2022<br />
* Defences: 30-31 May, 2-3 June 2022<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.taltech.ee/en/thesis-and-graduation-it#p43359 here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisors must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
NB!<br />
Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager.<br />
<br />
If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
'''The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.'''<br />
<br />
==== From Marko Arik, Industry PhD student, Talgen Cybersecurity Ltd. marko.arik@taltech.ee ==== <br />
<br />
* Cyber Operations<br />
* Informational Environment<br />
* Individual competences in Cyber<br />
* GNSS jamming and spoofing of the unmanned vehicles<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in cyber-physical systems, IoT network or robotic systems <br />
* Cyber security of IoT, cyber-physical systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: Forensics issues in cyber-physical systems, IoT networks or robotics systems, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, vulnerability management or situational awareness<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Shaymaa Khalil, TalTech ====<br />
<br />
Interested in (but not limited to) topics related to:<br />
<br />
Industrial control systems: threat modeling, security, threat detection, testbeds, and education programs<br />
<br />
Digital Forensics topics, especially topics related to Industrial control systems, Windows OS and Digital Forensics tools benchmarking<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
* Log Analysis <br />
<br />
Specific ideas:<br />
<br />
* Implications of DOH on security and availability + next step from https://www.netmeister.org/blog/doh-dot-dnssec.html<br />
* Domain name availability and how DNS registrant and registrar policy changes affect cybercrime<br />
* Heuristics on ip leasing operations<br />
* Defending organization that does not have internal network<br />
* Do applications do what they promise<br />
* Identifying specific applications based network fingerprints<br />
* Evaluation log collecting methods for Microsoft networks considering log poisoning attacks<br />
* Log collecting frameworks for organisations without internal networks<br />
* Information attributes and their influence on the organisational security beyond CIA<br />
* Frame works for cybersecurity devices / software evaluation<br />
* Evaluation specific software /hardware using ATT&CK Framwork<br />
* ATT&CK -Descriptions and false positives <br />
* Anatomy of cyber fractions during the Russian-Ukrainian war<br />
* Forensic Leaked materials of cyber criminal groups.<br />
* ...<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
* Network security & network measurements (active & passive)<br />
* WAN-routing & security (IPv6, BGP/BGPsec,...)<br />
<br />
==== From Sten Mäses, Tallinn University of Technology ====<br />
<br />
* Creating educational hands-on virtual labs in rangeforce.com platform<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Anna-Maria Osula, Tallinn University of Technology ====<br />
<br />
* legal aspects of cyber security <br />
* international law<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Mauno Pihelgas NATO CCDCOE ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases <br />
<br />
- cybersecurity awareness<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Adrian Venables, Tallinn University of Technology ====<br />
<br />
* Cyber security aspects of Information Warfare<br />
* Information Advantage doctrine development<br />
* Influence Operations<br />
<br />
Note: a background in International Relations, Political Science or Strategic Studies is required<br />
<br />
<br />
==== From Gabor Visky, NATO CCDCOE / TalTech ====<br />
<br />
Gabor Visky <gabor.visky@ccdcoe.org><br />
<br />
* Network traffic analysis in the maritime cyber-lab<br />
<br />
<br />
<br />
==== From the TalTech IT office ====<br />
<br />
* Security implications in Migrating Taltech Campus LAN to IPv6; Toomas Lepik<br />
* Improving SOC and Information security processes; Toomas Lepik<br />
* Auditing Taltech EITS compliance based on public information; Toomas Lepik<br />
* Improving Log analysis pipelines; Toomas Lepik<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
NB! Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager. If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations<br />
In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
- Arnis Paršovs, University of Tartu, arnis@ut.ee<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
- Dominique Unruh, University of Tartu, <dominique.unruh@ut.ee> <br />
<br />
- Vitaly Skachek, University of Tartu, <vitaly.skachek@ut.ee><br />
<br />
- Meelis Roos, University of Tartu, <meelis.roos@ut.ee><br />
<br />
- Mubashar Iqbal, University of Tartu, <mubashar.iqbal@ut.ee><br />
<br />
- Abasi-Amefon Obot Affia, University of Tartu, <amefon.affia@ut.ee><br />
<br />
- Mari Seeba, University of Tartu, <mari.seeba@ut.ee><br />
<br />
- Sabah Suhail, University of Tartu,<br />
<br />
- Raimundas Matulevicius, University of Tartu, <raimundas.matulevicius@ut.ee><br />
<br />
<br />
Some topics are provided at <https://infosec.cs.ut.ee/Main/ThesisTopics><br />
<br />
For other topics, students can contact directly the supervisors and course lecturers.<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.taltech.ee/en/thesis-and-graduation-it#p43359 Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=10169Thesis2021-09-13T05:46:45Z<p>Hayretdin: /* From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2022 Defence ==<br />
* Submission of problem statement and research design document: 15th August 2021 https://moodle.taltech.ee/course/view.php?id=31686, Student key: qv374MdM<br />
<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May/June 2022 Defence ==<br />
<br />
* Submission of problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.taltech.ee/en/thesis-and-graduation-it#p43359 here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
NB!<br />
Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager.<br />
<br />
If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in cyber-physical systems, IoT network or robotic systems <br />
* Cyber security of IoT, cyber-physical systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: Forensics issues in cyber-physical systems, IoT networks or robotics systems, mobile forensics, blockchain forensics<br />
<br />
<br />
Organizational Topics<br />
<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, vulnerability management or situational awareness<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
* Aviation Cybersecurity lab<br />
* Maritime technology.<br />
* WAN networks<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Shaymaa Khalil, TalTech ====<br />
<br />
Interested in (but not limited to) topics related to:<br />
<br />
Industrial control systems: threat modeling, security, threat detection, testbeds, and education programs<br />
<br />
Digital Forensics topics, especially topics related to Industrial control systems, Windows OS and Digital Forensics tools benchmarking<br />
<br />
==== From Gabor Visky, NATO CCDCOE / TalTech ====<br />
<br />
Gabor Visky <gabor.visky@ccdcoe.org><br />
<br />
* Network traffic analysis in the maritime cyber-lab<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TalTech IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
NB! Theses supervised by supervisors from the University of Tartu (UT) have to be defended in UT. Exceptions are possible, but need do be approved by the program manager. If you will defend your thesis in UT, then you should do your thesis declaration according to the procedures and deadlines of UT. Thesis related guidelines and regulations are available at: https://www.cs.ut.ee/en/studying/guidelines-regulations<br />
In case of any questions contact UT Institute of Computer Science Academic Affairs Specialist Maarja Kungla (maarja.kungla@ut.ee).<br />
<br />
- Dominique Unruh, University of Tartu, <dominique.unruh@ut.ee> <br />
<br />
- Vitaly Skachek, University of Tartu, <vitaly.skachek@ut.ee><br />
<br />
- Meelis Roos, University of Tartu, <meelis.roos@ut.ee><br />
<br />
- Mubashar Iqbal, University of Tartu, <mubashar.iqbal@ut.ee><br />
<br />
- Abasi-Amefon Obot Affia, University of Tartu, <amefon.affia@ut.ee><br />
<br />
- Mari Seeba, University of Tartu, <mari.seeba@ut.ee><br />
<br />
- Sabah Suhail, University of Tartu,<br />
<br />
- Raimundas Matulevicius, University of Tartu, <raimundas.matulevicius@ut.ee><br />
<br />
<br />
Some topics are provided at <https://infosec.cs.ut.ee/Main/ThesisTopics><br />
<br />
For other topics, students can contact directly the supervisors and course lecturers.<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.taltech.ee/en/thesis-and-graduation-it#p43359 Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=10009Thesis2021-04-19T10:05:09Z<p>Hayretdin: /* Important Deadlines for May 2021 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: DEC 7th 2020 in Moodle [https://moodle.taltech.ee/course/view.php?id=31016] KEY: eAsUMTS<br />
* OIS declaration: DEC 14th 2020 - deadline for submitting the application for defense of graduation thesis<br />
* Submission of the final version of the thesis: DEC 21st 2020<br />
* Defences: JAN 11th 2021<br />
<br />
== Important Deadlines for May 2021 Defence ==<br />
* Submission of the problem statement and research design document: 14 December 2020 in Moodle [https://moodle.taltech.ee/mod/assign/view.php?id=338668]: no key is needed <br />
* Submission of the thesis to the reviewer: 23 April 2021 in Moodle [https://moodle.taltech.ee/mod/assign/view.php?id=375802]: no key is needed <br />
* OIS declaration: 10 May 2021<br />
* Submission of the final version of the thesis: 14 May 2021<br />
* Defences: 27-28 May & 30 May-1 June 2021<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
* Aviation Cybersecurity lab<br />
* Maritime technology.<br />
* WAN networks<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Gabor Visky, NATO CCDCOE / TalTech ====<br />
<br />
Gabor Visky <gabor.visky@ccdcoe.org><br />
<br />
* Network traffic analysis in the maritime cyber-lab<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=10008Thesis2021-04-19T10:04:50Z<p>Hayretdin: /* Important Deadlines for May 2021 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: DEC 7th 2020 in Moodle [https://moodle.taltech.ee/course/view.php?id=31016] KEY: eAsUMTS<br />
* OIS declaration: DEC 14th 2020 - deadline for submitting the application for defense of graduation thesis<br />
* Submission of the final version of the thesis: DEC 21st 2020<br />
* Defences: JAN 11th 2021<br />
<br />
== Important Deadlines for May 2021 Defence ==<br />
* Submission of the problem statement and research design document: 14 December 2020 in Moodle [https://moodle.taltech.ee/mod/assign/view.php?id=338668]: no key is needed <br />
* Submission of the thesis to the reviewer: 23 April 2021 [https://moodle.taltech.ee/mod/assign/view.php?id=375802]: no key is needed <br />
* OIS declaration: 10 May 2021<br />
* Submission of the final version of the thesis: 14 May 2021<br />
* Defences: 27-28 May & 30 May-1 June 2021<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
* Aviation Cybersecurity lab<br />
* Maritime technology.<br />
* WAN networks<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Gabor Visky, NATO CCDCOE / TalTech ====<br />
<br />
Gabor Visky <gabor.visky@ccdcoe.org><br />
<br />
* Network traffic analysis in the maritime cyber-lab<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9777Thesis2020-12-08T12:40:58Z<p>Hayretdin: /* Thesis info for Cyber Security students */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: DEC 7th 2020 in Moodle [https://moodle.taltech.ee/course/view.php?id=31016] KEY: eAsUMTS<br />
* OIS declaration: DEC 14th 2020 - deadline for submitting the application for defense of graduation thesis<br />
* Submission of the final version of the thesis: DEC 21st 2020<br />
* Defences: JAN 11th 2021<br />
<br />
== Important Deadlines for May 2021 Defence ==<br />
* Submission of the problem statement and research design document: 14 December 2020 in Moodle [https://moodle.taltech.ee/mod/assign/view.php?id=338668]: no key is needed <br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9581Thesis2020-09-26T07:43:45Z<p>Hayretdin: /* From Arnis Paršovs, University of Tartu, arnis@ut.ee */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: DEC 7th 2020<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: DEC 21st 2020<br />
* Defences: JAN 11th 2021<br />
<br />
== Important Deadlines for May 2021 Defence ==<br />
* Submission of the problem statement and research design document: 14 December 2020 <br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
General areas:<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Andrew Roberts, Tallinn University of Technology ====<br />
Topics: <br />
1. Evaluation of Methods for Threat and Risk Assessment of Autonomous Self-Driving Vehicles<br />
2. Design and Development of a cyber range for Autonomous self-driving vehicles <br />
Contribution: <br />
<br />
Topic 1: The outcome of this work will form part of TUT contribution to standards and methods research within the International Alliance for Mobility Testing and Standardisation (IAMTS). <br />
<br />
Topic 2: The developed cyber range will be integrated into the EU ECHO-Federated Cyber Range.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
A full list of thesis topics offered by the [https://acs.cs.ut.ee/ Applied Cyber Security Group (UT)] is available in the [https://comserv.cs.ut.ee/ati_thesis_offers/index.php?year=all&keywords=acs thesis topics database].<br />
<br />
Students can also get access to various [https://acs.cs.ut.ee/hardware/ hardware] that can be used for research experiments.<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== From Tiia Sõmer, Tallinn University of Technology ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9364Thesis2020-08-28T12:15:03Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 4 August 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9362Thesis2020-08-28T12:12:51Z<p>Hayretdin: /* From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 4 August 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 3rd August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical and organizational. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, code security review, intrusion detection in SCADA or IoT systems or cyber threat intelligence <br />
* Cyber security of IoT systems: Development of a security testbed, threat modelling, honeypots, intrusion detection systems<br />
* Digital Forensics: IoT forensics, mobile forensics, blockchain forensics<br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9349Thesis2020-07-16T08:03:51Z<p>Hayretdin: /* Important Deadlines for August 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 4 August 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 10 August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9348Thesis2020-07-16T08:00:54Z<p>Hayretdin: /* Important Deadlines for August 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 4 August 2020<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 10 August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Currently only accepting students who have previously passed CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9346Thesis2020-06-08T09:03:29Z<p>Hayretdin: /* Thesis info for Cyber Security students */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 3 August 2020<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 10 August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only accepting students who have taken the CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9345Thesis2020-06-08T09:02:38Z<p>Hayretdin: /* Thesis info for Cyber Security students */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 3 August 2020<br />
* Defences: 17-18 August 2020 <br />
<br />
== Important Deadlines for January 2021 Defence ==<br />
* Submission of problem statement and research design document: 10 August 2020<br />
* Submission of the thesis to the reviewer: TBD<br />
* OIS declaration: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* Defences: TBD<br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only accepting students who have taken the CNS.073.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9335Thesis2020-05-21T07:11:01Z<p>Hayretdin: /* Important Deadlines for August 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 3 August 2020<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have only one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9334Thesis2020-05-21T06:36:08Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Important Deadlines for August 2020 Defence ==<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 3 August 2020<br />
* Defences: 17-18 August 2020 <br />
<br />
Coronavirus crisis has impacted some of the thesis studies due to the in-place restrictions or other reasons. Therefore, we have an additional defence in August 2020 as the main deadlines are given above. This defence will have one final submission date. OIS declaration that has been done on 11 May 2020 will be also valid for this defence.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9270Thesis2020-04-14T09:42:10Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
<br />
1. Comparison of identity/authentication/signing APIs from security and architecture viewpoint<br />
<br />
This might be suitable for student, who is more interested about software developing/architecture aspects, but still related to security as well. In short, there are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: <br />
<br />
* https://github.com/SK-EID/smart-id-documentation/blob/master/README.md<br />
* https://github.com/SK-EID/MID<br />
* https://developers.dokobit.com<br />
* https://developer.signicat.com/apis/sign-api/sign-api-v1/<br />
* https://github.com/open-eid/SiGa/wiki/Hashcode-API-description<br />
<br />
and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?<br />
<br />
2. Apply Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases.<br />
<br />
For example, last year, there was the master thesis https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email. <br />
<br />
If there’s some additional ideas, about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project might come out of this. <br />
<br />
3. Compare the attack model of the FIDO with the attack model of Smart-ID. <br />
<br />
The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html<br />
<br />
4. Compare the properties of Smart-ID with framework by Bonneau et al.<br />
<br />
Take the https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf and the properties described there and analyse, which ones are satisfied by Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. Compare with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9134Thesis2020-02-17T08:23:25Z<p>Hayretdin: /* Useful links */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis and MS-Word Template (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9133Thesis2020-02-17T08:22:01Z<p>Hayretdin: /* Useful links */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* event log collection<br />
* event log analysis<br />
* event correlation<br />
* network monitoring<br />
* intrusion detection<br />
* any area that is connected to security monitoring<br />
* various other system security engineering topics (for example, system hardening or firewalling)<br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience in the research area (for example, writing a thesis on network intrusion detection requires previous experience with network IDS systems). Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TalTech)]<br />
<br />
[https://gitlab.cs.ttu.ee/templates/phd-thesis LATEX template for master thesis (TalTech) (accessible by UNI-ID)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=9000Thesis2020-01-02T06:50:15Z<p>Hayretdin: /* Important Deadlines for January 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020 [https://ained.ttu.ee/mod/quiz/view.php?id=9079 via ained]<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8947Thesis2019-11-28T07:50:44Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019 [https://ained.ttu.ee/course/view.php?id=297 via ained]<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8938Thesis2019-11-27T06:56:19Z<p>Hayretdin: /* Important Deadlines for January 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019 [https://ained.ttu.ee/mod/assign/view.php?id=9078 via ained]<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8937Thesis2019-11-27T06:54:30Z<p>Hayretdin: /* Registration and submission of problem statement and research design document */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name and also the names of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
<br />
• Research Problem/Hypothesis/Question: It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
<br />
• Scope and Goal: This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
<br />
• Literature Review: This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
<br />
• Novelty: This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies.<br />
<br />
• Research Methods: The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated.<br />
<br />
• References: The resources referenced in the document are listed here. <br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8936Thesis2019-11-27T06:52:32Z<p>Hayretdin: /* Registration and submission of problem statement and research design document */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
<br />
• The name of the author<br />
<br />
• The name of the supervisor<br />
<br />
• Motivation: An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
• Research Problem/Hypothesis/Question<br />
It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
• Scope and Goal <br />
This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
• Literature Review<br />
This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
• Novelty<br />
This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies. <br />
• Research Methods <br />
The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated. <br />
• References<br />
The resources referenced in the document are listed here. <br />
<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8935Thesis2019-11-27T06:51:58Z<p>Hayretdin: /* Registration and submission of problem statement and research design document */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include the following sections and content:<br />
<br />
• The topic of the thesis<br />
• The name of the author<br />
• The name of the supervisor<br />
• Motivation<br />
An overview of the addressed problem is given here. It should be explained why the problem is important and deserves a research study.<br />
• Research Problem/Hypothesis/Question<br />
It is imperative to write a proper research problem/hypothesis/question statement(s).<br />
• Scope and Goal <br />
This section defines the goal of the study and describes the main outcomes. It is required to specify the scope, limitations and key assumptions of the study.<br />
• Literature Review<br />
This section includes the analysis of similar studies in the literature and gives a discussion of the research gap. It is important to link this research gap explanation with the research problem.<br />
• Novelty<br />
This section justifies the novelty of your study, explains what the main contribution is and what the differences are when compared to similar studies. <br />
• Research Methods <br />
The research methods that you will apply in your study are given here. The data collection and analysis methods are also covered in this section. It is needed to explain how your research outcome will be validated. <br />
• References<br />
The resources referenced in the document are listed here. <br />
<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
toomas.lepik@taltech.ee<br />
<br />
=====General areas:=====<br />
<br />
* Network Forensic (related data analysis)<br />
* Reverse engineering (including malware analysis)<br />
* SCADA security <br />
* Incident Handling.<br />
<br />
[https://courses.cs.ttu.ee/pages/Thesis/tl/ A bit more specific research ideas ]<br />
<br />
<br />
<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
- cybersecurity risk assessment and management<br />
<br />
- IT and cybersecurity audits<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
Here are potential areas for selecting a thesis topic:<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
<br />
When applying for supervision, preference is given to students who have either passed the Cyber Defense Monitoring Solutions course with grade 4 or 5, or have previous engineering experience with security monitoring technologies. Before applying, make sure you have selected at least one initial thesis topic suggestion with a background research about its validity.<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8699Thesis2019-09-26T09:34:42Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: 23 April 2020<br />
* OIS declaration: 11 May 2020<br />
* Submission of the final version of the thesis: 19 May 2020<br />
* Defences: 28-29 May 2020, 1-2 June 2020 <br />
<br />
<br />
The procedure for thesis defence is set by TalTech regulations. The students who have a supervisor from TalTech but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8698Thesis2019-09-26T09:32:43Z<p>Hayretdin: /* Important Deadlines for January 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: 9 December 2019<br />
* OIS declaration: 16 December 2019<br />
* Submission of the final version of the thesis: 3 January 2020<br />
* Defences: 9-10 January 2020<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
Only very limited slots for 2020, accepting students working towards January '''2021''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
<br />
==== From Matthew Sorell, Tallinn University of Technology / Adelaide University Australia ====<br />
<br />
Matthew James Sorell <matthew.sorell@taltech.ee> <br />
<br />
1. A risk-based decision approach for handling digital devices at a crime scene.<br />
<br />
It is common for electronic devices such as mobile phones to be discovered at a crime scene, but the means for securing the device is becoming increasingly complex. In spite of this, evidence handling procedures are often static and increasingly out of date, leading to the loss of critical evidence in serious crime.<br />
<br />
The phone may be remotely wiped; picking it up may activate motion sensors; and in some cases (such as missing persons) the urgency of the evidence needs to be weighed against securing forensic evidence for investigation and prosecution. <br />
<br />
In this research, we consider the development of a risk-based approach to advising crime scene investigators to handle digital devices in the least-worst way.<br />
<br />
<br />
<br />
2. Feasible route mapping<br />
<br />
When examining timestamped geolocation data, it is often useful to determine feasible routes which could be taken from one location to another. <br />
<br />
Google Maps, for example, provides directions and sometimes provides a small number of alternatives. For criminal investigation, a heatmap of feasible routes would support investigators with a means to rapidly evaluate the context of movement in and around a crime. <br />
<br />
In this project, we propose to use the Google Maps Platform (https://developers.google.com/maps/gmp-get-started) to build, through statistical sampling, a heatmap of feasible routes subject to time and modes-of-transportation constraints.<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8639CyberResearch2019-09-18T10:54:09Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Master Thesis Process and Supervising - Hayretdin Bahsi [[File:Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8638CyberResearch2019-09-18T10:53:51Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Master Thesis Process and Supervising - Hayretdin Bahsi [[Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8637CyberResearch2019-09-18T10:53:32Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Master Thesis Process and Supervising - Hayretdin Bahsi [[:Media:Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8636CyberResearch2019-09-18T10:52:46Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Master Thesis Process and Supervising - Hayretdin Bahsi [[:File:Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8635CyberResearch2019-09-18T10:52:05Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Master Thesis Process and Supervising - Hayretdin Bahsi [[File:Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8634CyberResearch2019-09-18T10:51:25Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Theses Supervising - Hayretdin [[File:Thesis_Process_and_Supervising.pdf]]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=CyberResearch&diff=8633CyberResearch2019-09-18T10:50:10Z<p>Hayretdin: /* 17 Sept */</p>
<hr />
<div>Planning for the research group meeting on '''Tuesday's at 1400 in ICT-411.'''<br />
<br />
Presentations from previous weeks are located here https://gitlab.cs.ttu.ee/cybersec/weekly/wikis/home and are accessible for CyberResearch group only<br />
<br />
<br />
<br />
<br />
<br />
== 03 Sept ==<br />
<br />
Meeting Eesti Energia representatives<br />
<br />
*overview of our group, capabilities<br />
*overview of Eesti Energia structure, processes etc.<br />
*collaboration possibilities<br />
<br />
<br />
== 10 Sept ==<br />
<br />
Kieren Lovell - Cambridge Summerschool Spearphishing attack<br />
<br />
And guest lecturers from Brno university Lukáš Hellebrandt and Ondřej Hujňák - overview of their research, potential collaboration<br />
<br />
== 17 Sept ==<br />
<br />
Internal Comms: after Curr.Dev.Days and onwards - Martha & Kristi<br />
<br />
Theses Supervising - Hayretdin [File:Thesis_Process_and_Supervising.pdf]<br />
<br />
== 24 Sept ==<br />
<br />
Kelly O’Brien from Embry-Riddle University (USA) - topic TBD<br />
<br />
== 1 Oct ==<br />
<br />
Risto Vaarandi - Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: a Case Study<br />
<br />
<br />
== 5 Nov ==<br />
<br />
Anna-Maria Osula</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Fail:Thesis_Process_and_Supervising.pdf&diff=8632Fail:Thesis Process and Supervising.pdf2019-09-18T10:46:58Z<p>Hayretdin: </p>
<hr />
<div></div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8529Thesis2019-09-06T07:08:49Z<p>Hayretdin: /* From Bernhards Blumbergs */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8528Thesis2019-09-06T07:05:27Z<p>Hayretdin: /* Submission to Reviewer */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review one week before the final submission deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8527Thesis2019-09-06T07:03:34Z<p>Hayretdin: /* Thesis Defence Overview */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The reviewer will review your thesis and give you feedback. Expect that you should receive the review about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the review feedback into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enrol yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via the email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8526Thesis2019-09-06T07:00:36Z<p>Hayretdin: /* Registration and submission of problem statement and research design document */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The opponent will review your thesis and give you feedback. Expect that you should receive the review from your opponent about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the feedback items into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via email account that you defined in TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8525Thesis2019-09-06T06:46:55Z<p>Hayretdin: /* Thesis Defence Overview */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following a 4-semester study plan and aim to defend in the May period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally, the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, it is highly recommended to have an idea about your topic and have discussed this with your supervisor.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as a registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. As the thesis submission deadline is around the third week of April (for students aiming to defend in January, this deadline is early December), please, plan to finish your work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor, you should then make a decision if your work is ready to be submitted for May defence (or if you need more time and prefer to submit for a January defence). The opponent will review your thesis and give you feedback. Expect that you should receive the review from your opponent about a week before the final deadline. You can continue to update your work until the final submission date. You can and should, however, incorporate the feedback items into the final copy of your thesis and defence presentation. This will allow you to make modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15-minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15-minute presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document having a length up to 10 pages. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for May defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8524Thesis2019-09-06T06:32:55Z<p>Hayretdin: /* Important Deadlines for May 2020 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: 11 December 2019<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4-semester study plan and aim to defend in the June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8523Thesis2019-09-06T06:24:02Z<p>Hayretdin: /* From the Tartu University thesis topic registry */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4-semester study plan and aim to defend in the June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
You can check the possible cyber security-related topics from the following link:<br />
https://comserv.cs.ut.ee/ati_thesis_offers/<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8522Thesis2019-09-06T06:23:20Z<p>Hayretdin: /* From the Tartu University thesis topic registry */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4-semester study plan and aim to defend in the June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
Tou can check the possible cyber security-related topics from the following link:<br />
[https://comserv.cs.ut.ee/ati_thesis_offers/]<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8521Thesis2019-09-06T06:21:39Z<p>Hayretdin: /* From the TUT IT office */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4-semester study plan and aim to defend in the June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From the Tartu University thesis topic registry ====<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8508Thesis2019-09-04T06:39:02Z<p>Hayretdin: /* Thesis info for Cyber Security students */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
== Important Deadlines for May 2020 Defence ==<br />
* Submission of the problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have a supervisor from TTU but want to defend their theses in Tartu University in order to fulfil the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to the reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending an MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview of the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4-semester study plan and aim to defend in the June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8437Thesis2019-06-12T07:53:47Z<p>Hayretdin: /* From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@taltech.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8436Thesis2019-06-12T07:52:21Z<p>Hayretdin: /* From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8435Thesis2019-06-12T07:07:26Z<p>Hayretdin: /* From Kaie Maennel, Tallinn University of Technology */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management <br />
<br />
Strategic Topics<br />
<br />
* High-level information flows and reporting mechanisms among the major entities of national cyber security governance structures<br />
* Maturity models for the analysis of national cyber security capability<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Stefan Sütterlin, Tallinn University of Technology & Østfold University College ====<br />
(stefan.sutterlin@hiof.no)<br />
<br />
- cognitive science and performance in cyber defence<br />
<br />
- human factors in cyber security<br />
<br />
- cyberpsychology<br />
<br />
- decision-making<br />
<br />
- cognitive biases<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8425Thesis2019-06-05T08:36:23Z<p>Hayretdin: /* Thesis info for Cyber Security students */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: 17 June 2019 [https://ained.ttu.ee/course/view.php?id=258 via ained]<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management <br />
<br />
Strategic Topics<br />
<br />
* High-level information flows and reporting mechanisms among the major entities of national cyber security governance structures<br />
* Maturity models for the analysis of national cyber security capability<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8353Thesis2019-05-09T06:04:00Z<p>Hayretdin: /* Important Deadlines for May 2019 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
== Important Deadlines for January 2020 Defence ==<br />
* Submission of problem statement and research design document: TBD<br />
* Submission of the thesis to the reviewer: TBD<br />
* Submission of the final version of the thesis: TBD<br />
* OIS declaration: TBD<br />
* Defences: TBD<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management <br />
<br />
Strategic Topics<br />
<br />
* High-level information flows and reporting mechanisms among the major entities of national cyber security governance structures<br />
* Maturity models for the analysis of national cyber security capability<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdinhttp://courses.cs.taltech.ee/w/index.php?title=Thesis&diff=8322Thesis2019-05-02T07:41:11Z<p>Hayretdin: /* Important Deadlines for May 2019 Defence */</p>
<hr />
<div>=Thesis info for Cyber Security students=<br />
== Important Deadlines for May 2019 Defence ==<br />
* Submission of the final version of the thesis: 13 May 2019 [https://ained.ttu.ee/course/view.php?id=228 via ained]<br />
* OIS declaration: 13 May 2019<br />
* Bring one paper copy of the thesis (with a cover hard or soft) on May 20th to Siiri Taveter in ICT-429 at between 10-12 and 13-16<br />
* Defences: 27-30 May 2019<br />
<br />
The procedure for thesis defence is set by TTU regulations. The students who have supervisor from TTU but want to defend their theses in Tartu University in order to fulfill the minimum credit requirements will follow the first two steps (registration and submission of problem statement and submission to reviewer) as given above. However, OIS declaration, submission of final version and defence should be done according to the deadlines and procedures of Tartu University.<br />
<br />
== Thesis Defence Overview ==<br />
<br />
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. This overview part is given according to the assumption that you are following 4 semester study plan and aim to defend in June period. If you want to defend in January, then you can adjust the planning phases accordingly.<br />
<br />
Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester, you should have an idea about your topic and you should have discussed this with your supervisor.<br />
<br />
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway (e.g., see [https://web.stanford.edu/class/cee320/CEE320A/POD.pdf here]), and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.<br />
<br />
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase, the problem statement (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid problem statement fixed and agreed with your supervisor during the 3rd semester, ideally well before December.<br />
<br />
In early December, you should submit a problem statement and research design document (please, find the details, below). Sending this document is considered as registration to the defence that will take place in next term. <br />
<br />
The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expected deadline to submit your thesis for review, to be around late April. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final copy of your thesis and defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.<br />
<br />
At the final submission deadline, you will have to submit your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence. <br />
<br />
Below some more detailed information. <br />
<br />
Good luck! <br />
<br />
=== Registration and submission of problem statement and research design document ===<br />
Each student is required to submit a problem statement and research design document. '''The document must include your name, student number, and also the name of thesis and supervisor''' (and co-supervisor, if exists).<br />
<br />
About half a year before the defence, the students are required to indicate their intent to defend by this document. See deadlines above set for each semester. Typically this will be around Early December for June defences, and Mid June for January defences. You will need to submit this via the TTU Moodle link given in "important deadlines" section of relevant defence period. You'll have to self-enroll yourself in that link. Instructions on how to access the TTU Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. Feedback on the problem statement and research design document should be received within 3-4 weeks via TTU Moodle.<br />
<br />
The document should include very brief answers to below questions in two or three pages.<br />
<br />
• What is the research problem/hypothesis/question?<br />
<br />
• What are the goals of the study?<br />
<br />
• Why is this study important?<br />
<br />
• What are the possible outcomes of the study?<br />
<br />
• What are the limitations and key assumptions of the study?<br />
<br />
• What is missing in the literature?<br />
<br />
• Which methodologies will be used for solving the problem and validation of the study?<br />
<br />
This document is evaluated according to the following criteria:<br />
<br />
Whether the author<br />
<br />
• has a well-defined problem statement,<br />
<br />
• successfully presents the significance of the problem,<br />
<br />
• knows the literature and the limits of existing solutions,<br />
<br />
• have thought about possible methods,<br />
<br />
• have thought about how to validate the proposed solution,<br />
<br />
• brings a novelty to the literature.<br />
<br />
You can find detailed information about research methods [https://courses.cs.ttu.ee/pages/Research_Method here.]<br />
<br />
=== Submission to Reviewer ===<br />
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee. <br />
<br />
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:<br />
* short description of the thesis<br />
* strengths and weaknesses of the thesis<br />
* recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.<br />
* at least three questions that can be asked during the defence.<br />
<br />
Based on the student's performance at the defence the reviewer may change the recommended grade.<br />
<br />
The reviewer will receive a copy of the thesis about two-three weeks before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point out the typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improved version in the next defence period.<br />
<br />
=== OIS declaration===<br />
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence. If you will defend your thesis in Tartu University, then you should do your OIS declaration to their systems according to their deadlines.<br />
<br />
=== Submission of Final Copy===<br />
<br />
Each student will submit the pdf version of the thesis, the relevant thesis metadata and licence information via moodle course page link given in "important deadlines" section of relevant defence period. Please complete the steps 1, 2 and 3 of the thesis submission on this page. <br />
<br />
In addition to submission of above materials via Moodle, one paper copy of your thesis will be collected before defence, which you will get back after defence. The details will be announced one or two weeks before the deadline. <br />
<br />
If you will defend your thesis in Tartu University, then you should submit final copy according to the procedures and deadlines of Tartu University. <br />
<br />
<br />
NB! Do not forget that you need to prepare a '''15 min presentation for your defence'''. This should really not be left to the evening before the defence!<br />
<br />
=== The defence procedure ===<br />
On the day of defence, students will present their theses according to the announced schedule. Generally, the results will be announced at the end of the day.<br />
<br />
The defence procedure for each student consists of the following steps:<br />
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.<br />
* the student presents his or her thesis in 15 minutes.<br />
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.<br />
* the student answers questions from the committee. <br />
* the student answers questions from the audience.<br />
* the supervisor gives his or her opinion of the thesis and recommends a grade.<br />
<br />
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.<br />
<br />
* After the thesis defence, please visit the Dean's Office for more information about final formalities.<br />
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]<br />
<br />
== Formal Requirements and recommendations ==<br />
<br />
Until further notice, please use the formatting guide from the School of Information Technologies (link to the guide is given [https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ here]). Please note that you will have to change the title page as of 01.01.2017:<br />
* write "School of Information Technology" instead of "Faculty of Information Technology"<br />
* write "Department of Software Science" instead of "Department of Computer Engineering".<br />
<br />
The thesis code for IVCM is ITC70LT.<br />
<br />
The following advices can be considered for a master thesis<br />
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis<br />
* 50-80 pages + appendices if needed<br />
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text<br />
* Headings are numbered and no more than 3 levels used<br />
* Don't forget page numbers<br />
<br />
== Topic and supervisor ==<br />
Every student must have a supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.<br />
<br />
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.<br />
<br />
When refining a topic idea, make sure it has a clear connection with cyber security.<br />
<br />
== Potential supervisors & proposed topics ==<br />
<br />
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.<br />
<br />
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====<br />
<br />
I am interested in various topics which can be categorized as technical, organizational and strategic. If you already have specific topics in your mind, we can discuss them and decide to work together. <br />
<br />
Technical Topics<br />
<br />
* Application of machine learning and data mining methods to the following cyber security problems: Malware detection, botnet identification, intrusion detection in SCADA or IoT systems and extraction of cyber threat intelligence <br />
<br />
* Cyber security of Industrial Control or IoT systems: Development of a security testbed, honeypots, intrusion detection systems, digital forensics issues <br />
<br />
* Situational Awareness and Cyber Threat Intelligence: Impact of cyber threats on business processes, sophistication analysis of cyber attacks, cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence <br />
<br />
Organizational Topics<br />
<br />
* Cyber insurance<br />
* Security operation center (SOC) models<br />
* Case studies for the improvement of SOC processes such as threat monitoring, incident handling, or vulnerability management <br />
<br />
Strategic Topics<br />
<br />
* High-level information flows and reporting mechanisms among the major entities of national cyber security governance structures<br />
* Maturity models for the analysis of national cyber security capability<br />
<br />
==== From Bernhards Blumbergs ==== <br />
* network security<br />
* exploit development, <br />
* advanced threats <br />
* security evasion, <br />
* IPv6<br />
<br />
==== From Aivo Kalu, Cybernetica AS ====<br />
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga<br />
<br />
==== From Jüri Kivimaa, Tallinn University of Technology ====<br />
* IT security economics<br />
* security cost optimization<br />
<br />
==== From Aleksandr Lenin, Cybernetica AS. ====<br />
<br />
TBA<br />
<br />
==== From Toomas Lepik, Tallinn University of Technology ====<br />
<br />
* forensics<br />
* malware <br />
* anti-malware<br />
<br />
==== From Birgy Lorenz, Tallinn University of Technology ====<br />
birgy.lorenz@ttu.ee<br />
<br />
* human factors in cybersecurity<br />
* cyber awareness and training (kindergarten, schools, laypersons)<br />
* cybersecurity young talents skills and its development and testing<br />
* women in cybersecurity<br />
<br />
==== From Mika Kerttunen, Tallinn University of Technology ====<br />
* Mathematical modeling of critical infrastructure protection: priorities and decision-making<br />
* From table-top to lap-top: The objectives, methods, and conduct of operational level cyber security exercises<br />
* International attribution council <br />
* Public-private partnerships<br />
* Military cyber defence<br />
<br />
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====<br />
<br />
No slots available anymore. Accepting next students only who are working towards January '''2020''' (or later) defences.<br />
<br />
==== From Rain Ottis, Tallinn University of Technology ====<br />
<br />
* national cyber security<br />
* serious games in cyber security/cyber security exercises<br />
<br />
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====<br />
* eID<br />
* PKI<br />
* TLS<br />
* Smart cards<br />
<br />
==== From Mauno Pihelgas ==== <br />
* system monitoring<br />
* network monitoring<br />
* IDS/IPS systems<br />
* insider threat detection<br />
<br />
==== From Jaan Priisalu, Tallinn University of Technology ====<br />
<br />
* TBD<br />
<br />
==== Tiia Sõmer ==== <br />
<br />
Currently no topics on offer.<br />
<br />
==== From Kaie Maennel, Tallinn University of Technology ====<br />
(kaie.maennel@ttu.ee)<br />
<br />
- cyber awareness and hygiene<br />
<br />
- cyber security learning and teaching (e.g., serious games, cyber defense exercises, etc.)<br />
<br />
- learning analytics in cyber security training context<br />
<br />
- human factors in cyber security<br />
<br />
==== From Eneken Tikk, Tallinn University of Technology ====<br />
* Technical and organizational implementation of the GDPR <br />
* Monetization of personal data <br />
* Economics of cybersecurity (the cost of implementation relative to the anticipated and evidenced gains) <br />
* Cyber insurance<br />
* Non-military strategies for national and international cybersecurity<br />
* Legal aspects of cybersecurity<br />
<br />
==== From Risto Vaarandi, Tallinn University of Technology ====<br />
<br />
* log collection and analysis<br />
* event correlation<br />
* network monitoring<br />
* security monitoring <br />
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''<br />
<br />
==== From the TUT IT office ====<br />
Infrastructure<br />
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs<br />
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs<br />
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs<br />
<br />
Development<br />
* electronic door signs, room calendars, etc.; Thomas Lepik<br />
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik<br />
* integrating last generation BMS (Building Management System); Thomas Lepik<br />
* the student view of OIS (usability, security, re-design); Enn Rebane<br />
<br />
==== From Estonian Police ====<br />
* Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).<br />
<br />
* Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).<br />
<br />
* Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.<br />
<br />
* P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.<br />
<br />
* Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.<br />
<br />
* Ask Rain Ottis for a POC on these topics.<br />
<br />
== Useful links ==<br />
[https://drive.google.com/file/d/0B7yq33Gize8ydEh5X0NxeWtZc3c/edit ITX8040 Thesis advice slides]<br />
<br />
[https://www.ttu.ee/faculties/school-of-information-technologies/it-studies/thesis-and-graduation-9/thesis-formatting-5/ Format requirements of a thesis (TTU)]<br />
<br />
[http://www.lib.ttu.ee/dbs/abaasid.asp Databases, books, research papers accessible from the TTU network]<br />
<br />
[https://courses.cs.ttu.ee/pages/Research_Method An Overview of Research Methods]<br />
<br />
[https://courses.cs.ttu.ee/pages/Defended_thesis_cyber Previously Defended Theses]</div>Hayretdin