Erinevus lehekülje "Thesis" redaktsioonide vahel

Allikas: Kursused
Mine navigeerimisribale Mine otsikasti
1. rida: 1. rida:
 
=Thesis info for Cyber Security students=
 
=Thesis info for Cyber Security students=
== Submission for 2016 January ==
 
Ms Elena Vaarmets (ICT-429, thesis@cs.ttu.ee) will collect the thesis materials on 05 January:
 
* two paper copies of the thesis
 
* a lisence ([http://ttu.ee/public/e/en/studying/studying_information/Loputood_lihtlitsents-EN.pdf pdf]); signed on paper
 
* a pdf version of the thesis
 
* the metadata (see below) and abstract of the thesis in electronic form
 
* More info [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/it-studies/graduation-3/ here].
 
  
Metadata:
+
== Overview ==
* Title (in Estonian, EST):
+
 
* Title (in English, ENG):
+
Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area.  This page gives a rough overview over the process, but details should be discussed with your supervisor. Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester you should have an idea about your topic and you should have discussed this with your supervisor.
* Author:
+
 
* Supervisor(s):
+
It is recommended that you take the literature review seminar ([https://courses.cs.ttu.ee/pages/ITX8040 '''ITX8040''' and '''ITX8230''']) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway, and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.
* Defence date: 18.01.2016
+
 
* Language of the thesis: ENG
+
The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase the research hypothesis (the question you aim to address/solve in your thesis) will be refined/changed.  You should aim to have a solid research hypothesis (or research question) fixed and agreed with your supervisor during the 3rd semester, ideally well before December (assuming a regular 4 semester study-plan).  You will have to register for defence in [https://ained.ttu.ee/course/view.php?id=18 TUT-Moodle] system (see more information below).
* University (EST): Tallinna Tehnikaülikool
+
 
* University (ENG): Tallinn University of Technology
+
The next step in the process would be conducting the research.  Please reserve sufficient time for this, as this is going to be the main contribution of your thesis.  Plan to finish this work early to mid-April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent.  Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence).  For students planning to defend in June, expect the deadline to submit your thesis for review, to be around early May.  For students aiming to defend in January, expect early December.  The opponent will review your thesis and give you feedback.  Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent.  You can and should, however, include them in the final defence presentation.  Expect that you should receive the review from your opponent about a week or two before the final deadline.  This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.
* Faculty (EST): Infotehnoloogia teaduskond
+
 
* Faculty (ENG): Faculty of Information Technology
+
At the final submission deadline, you will have to hand-in two printed hard-copies of your thesis.  On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence.
* Institute (EST): Arvutiteaduse instituut
+
 
* Institute (ENG): Department of Computer Science
+
Below some more detailed information.
* Chair (EST): Küberkriminalistika ja küberjulgeoleku keskus
+
 
* Chair (ENG): Centre for Digital Forensics and Cyber Security
+
Good luck!
* Keywords (EST):
+
 
* Keywords (ENG):
 
  
== Deadlines for 2016 spring ==
 
* TBD. Check the time-line section below for general guidance.
 
* After the thesis defense, please visit the Dean's Office for more information about final formalities
 
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]
 
  
== Topic and advisor ==
+
== Important Deadlines for 2016 June Deference ==
Every student must have an advisor when writing the thesis. The advisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the advisor's duty to correct spelling mistakes or formatting errors - they will point such things out, but the responsibility remains with the student. Before a thesis will be accepted for defence, the advisor has to agree that it is of sufficient quality.
+
* Registration: 01 February 2016
 +
* Submission to reviewer: TBD (expect early May)
 +
* Submission of final copy: TBD (expect end of May)
 +
* Defences: TBD (expect early June)
  
Almost any professor and lecturer you have met in your curriculum can act as an advisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have an advisor not related to the university, but he can act only as a co-advisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-advisor. All (co-)advisors must have at least a Master's degree.
 
  
When refining a topic idea, make sure it has a clear connection with cyber security.
+
== Time-line considerations ==
  
== Potential supervisors ==
+
The following is just a rough guideline, but should give a view how far in the process you should be roughly by what time.
  
* [https://maennel.net Olaf Maennel] - big data forensics, serious games, aviation related cyber security projects, human-factors / cyber-security related psychological problems, network security / network monitoring, insider threads, active & passive measurements, IPv6 & IPv4 and address sharing technologies.
+
==== June defence ====
* Rain Ottis - national cyber security, serious games in cyber security, cyber security exercises
 
* Risto Vaarandi - log collection and analysis, event correlation, network monitoring, security monitoring. Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.
 
* Toomas Lepik - forensics, malware, anti-malware
 
* Hayretdin Bahsi - Cyber security of industrial control systems, security monitoring, cyber situational awareness, cyber threat intelligence, information sharing, organizational security issues (e.g. security in supply chain management, security operation centres), national cyber security governance (e.g national cyber security policies, national cyber security capabilities)
 
* Tiia Sõmer
 
* Truls Ringkjob - various
 
* Jüri Kivimaa - IT security economics, security cost optimization
 
* Bernhards Blumbergs - network security, exploit development, advanced threats, security evasion, IPv6
 
* Aleksandr Lenin: quantitative security risk analysis, security modelling (attack process graphs), security modelling patterns (e.g. attack patterns), analysis of strategic interactions of malicious decision makers, security games (game theory), security decision making and optimization, fuzzy metrics for security, fuzzy decision making and control, fuzzy security analysis, algorithms for security analysis (development, optimization, benchmarking), enhancing ISKE by integrating other analysis tools into the ISKE tool, social aspects of security (modeling and analysing social engineering attacks).
 
* Mauno Pihelgas - system monitoring, network monitoring, IDS/IPS systems, insider threat detection
 
  
== Proposed topics ==
+
* September, October, November: conduct your '''literature review''' and work on formulating a clear research hypothesis.
 +
* No later than early December:  Have your research hypothesis/problem statement well formulated and written-up. (For June 2017 defences, a 2-page summary needs to be submitted via [https://ained.ttu.ee/course/view.php?id=18 Moodle]). 
 +
* December, January, February:  Complete the '''research work''' of the thesis. 
 +
* 1 February 2016: Indicate in [https://ained.ttu.ee/course/view.php?id=18 Moodle] that you want to defend and submit a 2-page summary of your research hypothesis. (NB: This only applies to June 2016 defences - future defences have earlier deadlines) 
 +
* March to Early/Mid-April: Focus only on writing-up and polishing.  Every student is different, but past experience shows that over 1+ month is needed to finish the writing process. 
 +
* Early to Mid-April:  send a copy to your supervisor.  Agree the dates with your supervisor, but expect that it might take a week or two for your supervisor to comment on your work.  Plan also for time to address the comments from your supervisor.
 +
* Early May: submit to thesis to reviewer. 
 +
* Mid-May receive review and have about 1-2 weeks time to address comments.
 +
* End of May/early June:  submission of final thesis.  This is a university deadline, and is the ultimate hard deadline to submit your thesis.
 +
* Early June defence 
  
The topics below are offered by potential (co-)supervisors. The list is updated as new offers emerge.
+
==== January defence (no summer vacation, if you plan a vacation adjust the dates accordingly)====
  
==== From the TUT IT office ====
+
* April, May, June: conduct your '''literature review''' and work on formulating a clear research hypothesis.
Infrastructure
+
* Not later than 1 July:  Have your research hypothesis/problem statement well formulated and written-up.  This must be submitted to OIS, you will received feedback.
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs
+
* July, August, September:  Complete the '''research work''' of the thesis. 
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs
+
* Early to Mid-November:  send a copy to your supervisor.  Agree the dates with your supervisor, but expect that it might take a week for your supervisor to comment on your work.  Plan also for time to address the comments from your supervisor.
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs
+
* Early December: submit to thesis to reviewer. 
 +
* Mid-December receive review and enjoy christmas/new year time to address comments, you will still have to declare your intention to defend in January in OIS.   
 +
* Early January:  submission of final thesis.  This is a university deadline, and is the ultimate hard deadline to submit your thesis.
 +
* January defence
  
Development
 
* electronic door signs, room calendars, etc.; Thomas Lepik
 
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik
 
* integrating last generation BMS (Building Management System); Thomas Lepik
 
* the student view of OIS (usability, security, re-design); Enn Rebane
 
  
  
==== From Olaf Maennel, Tallinn University of Technology, olaf.maennel@ttu.ee ====
+
== Topic and supervisor ==
 +
Every student must have an supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.
  
* '''Please contact me for topics.''' Below only brief overview over some example topics: 
+
Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/about-faculty-2/departments/department-of-computer-science-2/ leading institute] of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.
* big data & big data forensics.
 
* serious games/auto-configured cyber security exercises:
 
** [http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p113.pdf i-tee] by Margus Ernits 
 
* aviation related cyber security projects:
 
** [https://en.wikipedia.org/wiki/Future_Air_Navigation_System FANS] security and secure protocols.
 
** Drones who deliver the mail every morning and fly between houses in the university.
 
* psychological & cognitive cyber security questions
 
* network security, network monitoring: 
 
** we try to break the university it-infrastructure (with approval from the IT-department). 
 
* insider threads, intrusion detection.
 
* measurements (active & passive):
 
** what type of traffic do we have on TOR?
 
** can we phish spear phishers?
 
* IPv6 & IPv4 and address sharing technologies.
 
  
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====
+
When refining a topic idea, make sure it has a clear connection with cyber security.
* Topic: On-the-fly encryption for car DVR
 
Task: Implement on-the-fly encryption functionality for Prestigio car DVR (by patching publicly available firmware - possibly by hooking write calls).
 
Use of hybrid encryption is recommended, however, implementation of scrambling (e.g., XORing with a fixed key) might already be considered success.
 
Describe the threat model, how it was done and how to use it.
 
  
* Topic: Parallel tallying for Estonian i-voting
+
== Potential supervisors & proposed topics ==
Task: Describe security risks that could be reduced if election observers would be allowed to perform vote verification and counting using their computers. Propose changes to the i-voting procedures and develop parallel tallying reference implementation and test data set. Analyse new risks introduced and propose counter measures.
+
 +
The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.
  
* Topic: Perfect Secrecy for TLS
+
==== From Tanel Alumäe, Institute of Cybernetics ====
Task: Create an Internet Draft proposing a TLS cipher suite or extension that would ensure perfect secrecy using one-time pad. Develop a proof-of-concept patch for OpenSSL/mod_ssl and Firefox. Analyze the security and usability, describe the use cases.
+
* Eestikeelse telefonikõne automaatne transkribeerimine
 +
Task: Töö sisuks on kõnetuvastussüsteemi loomine, mis suudaks võimalikult hästi transkribeerida eestikeelset inimestevahelist spontaanset telefonikõnet. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist.
  
* Topic: TLS Session Resumption and ID card Authentication
+
* Võtmesõnade otsimine eestikeelsest telefonikõnest
Task: Study how TLS session resumption is implemented in browsers. Measure and compare the performance improvement TLS session resumption provides. Measure the performance impact if the TLS client certificate authentication is performed using a smart card.
+
Task: Töö käigus luuakse süsteem, mis suudab kiiresti leida inimestevahelisest eestikeelsest sponaansest telefonikõnest kohti, kus suure tõenäosusega esineb sõna mingist võtmesõnade hulgast. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist. Töö teiseks väljakutseks on erinevate võtmesõnaotsingu meetodite testimine.
  
 
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====
 
==== From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee ====
  
I classified my interested topics as technical, organizational and strategic ones. I listed some interesting  
+
Interested topics are classified as technical, organizational and strategic. Below are listed some interesting  
topics I have in my mind. If you already have specific topics, we can discuss them and decide to work  
+
topics. If you already have specific topics, we can discuss them and decide to work  
 
together.   
 
together.   
  
129. rida: 101. rida:
 
* Maturity models for the analysis of national cyber security capability
 
* Maturity models for the analysis of national cyber security capability
  
==== TREsPASS project ====
+
==== From Bernhards Blumbergs ====  
* Research project: [http://www.trespass-project.eu/ Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security]
+
* network security
The project is also suitable for PhD research, following the completion of the Master's studies.
+
* exploit development,
Contacts: Dr Peeter Laud, Dr Jan Willemson, Aleksandr Lenin.
+
* advanced threats
 +
* security evasion,
 +
* IPv6
 +
 
 +
==== From Aivo Kalu, Cybernetica AS ====
 +
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga
 +
 
 +
==== From Jüri Kivimaa, Tallinn University of Technology ====
 +
* IT security economics
 +
* security cost optimization
  
 
==== From Aleksandr Lenin, Cybernetica AS. ====
 
==== From Aleksandr Lenin, Cybernetica AS. ====
142. rida: 123. rida:
 
aleksandr.lenin@cyber.ee
 
aleksandr.lenin@cyber.ee
  
 +
* Aleksandr Lenin: quantitative security risk analysis, security modelling (attack process graphs), security modelling patterns (e.g. attack patterns), analysis of strategic interactions of malicious decision makers, security games (game theory), security decision making and optimization, fuzzy metrics for security, fuzzy decision making and control, fuzzy security analysis, algorithms for security analysis (development, optimization, benchmarking), enhancing ISKE by integrating other analysis tools into the ISKE tool, social aspects of security (modeling and analysing social engineering attacks).
 +
 +
'''''[[Aleksandr_Lenin_MSc_Thesis_topics|Click here for a list and details]].'''''
 +
 +
==== From Toomas Lepik, Tallinn University of Technology ====
 +
 +
* forensics
 +
* malware
 +
* anti-malware
  
'''''[[Aleksandr_Lenin_MSc_Thesis_topics|A list of topics to offer]].'''''
+
==== From [https://maennel.net Olaf Maennel], Tallinn University of Technology, olaf.maennel@ttu.ee ====
  
==== From Aivo Kalu, Cybernetica AS ====
+
I am only able to supervise students, who are taking my '''Research Methods''' course as well.
* Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga
+
* big data & big data forensics.
 +
* serious games/auto-configured cyber security exercises:
 +
** [http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p113.pdf i-tee] by Margus Ernits 
 +
* aviation related cyber security projects:
 +
** [https://en.wikipedia.org/wiki/Future_Air_Navigation_System FANS] security and secure protocols.
 +
** drones who deliver the mail every morning and fly between houses in the university.
 +
* psychological & cognitive cyber security questions
 +
* network security, network monitoring: 
 +
** we try to break the university it-infrastructure (with approval from the IT-department). 
 +
* insider threads, intrusion detection.
 +
* measurements (active & passive):
 +
** what type of traffic do we have on TOR?
 +
** can we phish spear phishers?
 +
* IPv6 & IPv4 and address sharing technologies.
 +
 
 +
==== From Rain Ottis, Tallinn University of Technology ====
 +
 
 +
* national cyber security
 +
* serious games in cyber security/cyber security exercises
 +
 
 +
==== From Arnis Paršovs, University of Tartu, arnis@ut.ee ====
 +
 
 +
* Topic: On-the-fly encryption for car DVR
 +
Task: Implement on-the-fly encryption functionality for Prestigio car DVR (by patching publicly available firmware - possibly by hooking write calls).
 +
Use of hybrid encryption is recommended, however, implementation of scrambling (e.g., XORing with a fixed key) might already be considered success.
 +
Describe the threat model, how it was done and how to use it.
 +
 
 +
* Topic: Parallel tallying for Estonian i-voting
 +
Task: Describe security risks that could be reduced if election observers would be allowed to perform vote verification and counting using their computers. Propose changes to the i-voting procedures and develop parallel tallying reference implementation and test data set. Analyse new risks introduced and propose counter measures.
 +
 
 +
* Topic: Perfect Secrecy for TLS
 +
Task: Create an Internet Draft proposing a TLS cipher suite or extension that would ensure perfect secrecy using one-time pad. Develop a proof-of-concept patch for OpenSSL/mod_ssl and Firefox. Analyze the security and usability, describe the use cases.
 +
 
 +
* Topic: TLS Session Resumption and ID card Authentication
 +
Task: Study how TLS session resumption is implemented in browsers. Measure and compare the performance improvement TLS session resumption provides. Measure the performance impact if the TLS client certificate authentication is performed using a smart card.
 +
 
 +
==== From Mauno Pihelgas ====
 +
* system monitoring
 +
* network monitoring
 +
* IDS/IPS systems
 +
* insider threat detection
 +
 
 +
==== From Jaan Priisalu, Tallinn University of Technology ====
 +
 
 +
* TBD
 +
 
 +
==== From Truls Ringkjob ====
 +
 
 +
* various
 +
 
 +
==== Tiia Sõmer ====
 +
 
 +
Currently no topics on offer.
 +
 
 +
==== From Risto Vaarandi, Tallinn University of Technology ====
  
==== From Tanel Alumäe, Institute of Cybernetics ====
+
* log collection and analysis
* Eestikeelse telefonikõne automaatne transkribeerimine
+
* event correlation
Task: Töö sisuks on kõnetuvastussüsteemi loomine, mis suudaks võimalikult hästi transkribeerida eestikeelset inimestevahelist spontaanset telefonikõnet. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist.
+
* network monitoring
 +
* security monitoring.  
 +
'''Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.'''
  
* Võtmesõnade otsimine eestikeelsest telefonikõnest
+
==== From the TUT IT office ====
Task: Töö käigus luuakse süsteem, mis suudab kiiresti leida inimestevahelisest eestikeelsest sponaansest telefonikõnest kohti, kus suure tõenäosusega esineb sõna mingist võtmesõnade hulgast. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist. Töö teiseks väljakutseks on erinevate võtmesõnaotsingu meetodite testimine.
+
Infrastructure
 +
* Migrating TUT Campus LAN to IPv6; Edgars Zigurs
 +
* Implementing a freeware SIEM solution in TUT; Edgars Zigurs
 +
* Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs
  
 +
Development
 +
* electronic door signs, room calendars, etc.; Thomas Lepik
 +
* VoIP solutions - softphone, integration with existing information systems; Thomas Lepik
 +
* integrating last generation BMS (Building Management System); Thomas Lepik
 +
* the student view of OIS (usability, security, re-design); Enn Rebane
 +
 +
==== TREsPASS project ====
 +
* Research project: [http://www.trespass-project.eu/ Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security]
 +
The project is also suitable for PhD research, following the completion of the Master's studies.
 +
Contacts: Dr Peeter Laud, Dr Jan Willemson, Dr Aleksandr Lenin.
  
 
==== From Estonian Police ====
 
==== From Estonian Police ====
174. rida: 233. rida:
 
The thesis code for IVCM is ITC70LT.
 
The thesis code for IVCM is ITC70LT.
  
General information. Note this is only a rough guidance, and not following this guidance does not imply the thesis cannot be accepted.  However, this general advice is a good idea to follow for a master thesis:
+
General information. The following advice is a good idea to consider for a master thesis:
 
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis
 
* a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis
* 50-100 pages + appendixes if needed
+
* 50-80 pages + appendices if needed
 
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text
 
* Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text
 
* headings are numbered and no more than 3 levels used
 
* headings are numbered and no more than 3 levels used
 +
* Don't forget page numbers
 
* 2 bound hard copies are submitted, you will get one back afterwards. You also have to submit the license agreement granting TUT the right to store and publish the thesis.  
 
* 2 bound hard copies are submitted, you will get one back afterwards. You also have to submit the license agreement granting TUT the right to store and publish the thesis.  
 
* A soft copy of the thesis (in pdf format) and the thesis meta data sheet are sent to thesis@cs.ttu.ee.  
 
* A soft copy of the thesis (in pdf format) and the thesis meta data sheet are sent to thesis@cs.ttu.ee.  
  
'''The [https://courses.cs.ttu.ee/pages/ITX8040 Cyber Defence Seminar] (ITX8040) is designed to provide advice on the thesis requirements and writing process to Cyber Security Master's students.
 
  
 
== Thesis defence ==
 
== Thesis defence ==
190. rida: 249. rida:
  
 
==== Declarations ====
 
==== Declarations ====
In order to catch potential problems early, students are required to indicate their intent to defend (plus topic and advisor info) by the deadline set for each semester. This will be done over e-mail. Selected students will then be assigned a date for an informal pre-defence that is designed to provide them feedback.
+
There are two declaration needed: (1) submit a 2-page research hypothesis via [https://ained.ttu.ee/course/view.php?id=18 Moodle]. (2) declare your intention to submit in OIS.
  
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their advisor. The deadline for handing in the final version of the thesis (hardcopy and softcopy) is typically at least one week before the defence deadline.  
+
The reason for this is to catch potential problems early. About half a year before the defence, the students are required to indicate their intent to defend (plus topic and supervisor info).  See deadlines above set for each semester. Typically this will be around 1 December for June defences, and 1 July for January defences.  You will need to submit this via [https://ained.ttu.ee/course/view.php?id=18 TUT Moodle]. Instructions on how to access the TUT Moodle can be found [https://courses.cs.ttu.ee/pages/Instructions_for_accessing_ained.ttu.ee here]. The course is called "IVCM: Cyber security MSc thesis @ TUT". You'll have to self-enroll yourself in this course.  Feedback on the 2-page research hypothesis write-up should be received within 3-4 weeks.  For more information on how to write this abstract, see the moodle course.  Note that selected students will be assigned a date for an informal pre-defence that is designed to provide them feedback.
 +
 
 +
Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. The deadline for handing in the final version of the thesis (hardcopy and softcopy) is typically at least one week before the defence deadline.  Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence.  
  
 
==== Reviewer ====
 
==== Reviewer ====
Each thesis will be assigned a reviewer. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and advisors may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee.  
+
Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee.  
  
 
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:
 
A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:
206. rida: 267. rida:
  
 
The reviewer will receive a copy of the thesis about a month before the final/hard university deadline for submitting the thesis.  The reason for this is that typically reviewers point typos and small factual mistakes that can be fixed in short time (about a week).  The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version.  The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improve version 6 month later.   
 
The reviewer will receive a copy of the thesis about a month before the final/hard university deadline for submitting the thesis.  The reason for this is that typically reviewers point typos and small factual mistakes that can be fixed in short time (about a week).  The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version.  The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improve version 6 month later.   
 +
 +
== Submission ==
 +
Ms Elena Vaarmets (ICT-429, thesis@cs.ttu.ee) will collect the thesis materials on or before the deadline specified above. The following specifies what you need to submit:
 +
* two paper copies of the thesis
 +
* a lisence ([http://ttu.ee/public/e/en/studying/studying_information/Loputood_lihtlitsents-EN.pdf pdf]); signed on paper
 +
* a pdf version of the thesis
 +
* the metadata (see below) and abstract of the thesis in electronic form
 +
* more info [http://www.ttu.ee/faculty-of-information-technology/faculty-of-information-technology-1/it-studies/graduation-3/ here].
 +
 +
Metadata:
 +
* Title (in Estonian, EST):
 +
* Title (in English, ENG):
 +
* Author:
 +
* Supervisor(s):
 +
* Defence date: 18.01.2016
 +
* Language of the thesis: ENG
 +
* University (EST): Tallinna Tehnikaülikool
 +
* University (ENG): Tallinn University of Technology
 +
* Faculty (EST): Infotehnoloogia teaduskond
 +
* Faculty (ENG): Faculty of Information Technology
 +
* Institute (EST): Arvutiteaduse instituut
 +
* Institute (ENG): Department of Computer Science
 +
* Chair (EST): Küberkriminalistika ja küberjulgeoleku keskus
 +
* Chair (ENG): Centre for Digital Forensics and Cyber Security
 +
* Keywords (EST):
 +
* Keywords (ENG):
 +
 +
NB!  Do not forget that you need to prepare a 15 min presentation for your defence.  This should really not be left to the evening before the defence!
  
 
==== The defence procedure ====
 
==== The defence procedure ====
211. rida: 300. rida:
  
 
The defence procedure for each student consists of the following steps:
 
The defence procedure for each student consists of the following steps:
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the advisor(s) and reviewer.
+
* the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.
 
* the student presents his or her thesis in 15 minutes.
 
* the student presents his or her thesis in 15 minutes.
 
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.
 
* the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.
 
* the student answers questions from the committee.  
 
* the student answers questions from the committee.  
 
* the student answers questions from the audience.
 
* the student answers questions from the audience.
* the advisor gives his or her opinion of the thesis and recommends a grade.
+
* the supervisor gives his or her opinion of the thesis and recommends a grade.
  
NB! The recommended grades by the reviewer and the advisor are not binding to the committee, who makes the final decision.
+
NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.
  
== Time-line considerations ==
 
  
The following is just a rough guideline, but should give a view on how far in the process the students should be roughly by what time.  
+
* After the thesis defence, please visit the Dean's Office for more information about final formalities.
 +
* [http://lab.cs.ttu.ee/theses Upload your thesis if you would like to have it public]
  
==== June defence====
 
 
* September, October, November: conduct your '''literature review''' and work on formulating a clear research hypothesis.
 
* No later than early December:  Have your research hypothesis/problem statement well formulated and written-up.
 
* December, January, February:  Complete the '''research work''' of the thesis. 
 
* March:  Declare your thesis (see declarations above ) and just focus on writing-up and polishing.  Every student is different, but past experience shows over 1+ month is needed to finish the writing process.  Informal '''pre-defences''' will also be held in March/April time.
 
* Early to Mid-April:  send a copy to your supervisor.  Agree the dates with your supervisor, but expect that it might take a week for your supervisor to comment on your work.  Plan also for time to address the comments from your supervisor.
 
* Early May: submit to thesis to reviewer. 
 
* Mid-May receive review and have about 1-2 weeks time to address comments.
 
* End-May/early June:  submission of final thesis.  This is a university deadline, and is the ultimate hard deadline to submit your thesis.
 
* Early June defence 
 
 
NB!  Do not forget that you need to prepare a 15 min presentation for your defence.  This should really not be left to the evening before the defence!
 
 
 
==== January defence (no summer vacation, if you plan a vacation adjust the dates accordingly)====
 
 
* April, May, June: conduct your '''literature review''' and work on formulating a clear research hypothesis.
 
* No later than early July:  Have your research hypothesis/problem statement well formulated and written-up.
 
* July, August, September:  Complete the '''research work''' of the thesis. 
 
* October:  Declare your thesis (see declarations above) and just focus on writing-up and polishing. Every student is different, but past experience shows over 1+ month is needed to finish the writing process.  Informal '''pre-defences''' will also be held in October/November time.
 
* Early to Mid-November:  send a copy to your supervisor.  Agree the dates with your supervisor, but expect that it might take a week for your supervisor to comment on your work.  Plan also for time to address the comments from your supervisor.
 
* Early December: submit to thesis to reviewer. 
 
* Mid-December receive review and enjoy christmas/new year time to address comments. 
 
* Early January:  submission of final thesis.  This is a university deadline, and is the ultimate hard deadline to submit your thesis.
 
* January defence
 
 
NB!  Do not forget that you need to prepare a 15 min presentation for your defence.  This should really not be left to the evening before the defence!
 
  
 
== Useful links ==
 
== Useful links ==

Redaktsioon: 17. jaanuar 2016, kell 20:01

Thesis info for Cyber Security students

Overview

Writing and defending a MSc thesis is an important part of the Cyber Security curriculum, as it shows that you can go deep into a specific cyber security research area. This page gives a rough overview over the process, but details should be discussed with your supervisor. Generally the process should start during the first year, by finding a topic-area of interest and by identifying a suitable supervisor. At the end of the second semester you should have an idea about your topic and you should have discussed this with your supervisor.

It is recommended that you take the literature review seminar (ITX8040 and ITX8230) in the 3rd semester. The purpose of this seminar is two-fold: (a) you need to do a literature review for your thesis anyway, and (b) learning from others about research-papers they have read for their thesis broadens your overall horizon and should help you in discussing challenges you are facing in your own literature review.

The purpose of the literature review is that you obtain a good understanding of the state-of-the-art research in your selected area of research. Typically during this reading phase the research hypothesis (the question you aim to address/solve in your thesis) will be refined/changed. You should aim to have a solid research hypothesis (or research question) fixed and agreed with your supervisor during the 3rd semester, ideally well before December (assuming a regular 4 semester study-plan). You will have to register for defence in TUT-Moodle system (see more information below).

The next step in the process would be conducting the research. Please reserve sufficient time for this, as this is going to be the main contribution of your thesis. Plan to finish this work early to mid-April, so that your supervisor can review your thesis, give you feedback and you have time to address the feedback before your thesis is being sent to the reviewer/opponent. Jointly with your supervisor you should then make a decision if your work is ready to be submitted for June defence (or if you need more time and prefer to submit for a January defence). For students planning to defend in June, expect the deadline to submit your thesis for review, to be around early May. For students aiming to defend in January, expect early December. The opponent will review your thesis and give you feedback. Clearly, you will be allowed to continue working on your thesis, but keep in mind any results or insights that you produce during that time won't be visible to your opponent. You can and should, however, include them in the final defence presentation. Expect that you should receive the review from your opponent about a week or two before the final deadline. This will allow you to make minor modifications, e.g., fix some typos or clarify some sections, which the reviewer pointed out.

At the final submission deadline, you will have to hand-in two printed hard-copies of your thesis. On the day of defence, you are expected to give a 15 minute presentation of your work, followed by Q&A from the opponent, committee, supervisor & audience. Make sure you prepare your 15 min presentation well, this should not be left for the evening before the defence.

Below some more detailed information.

Good luck!


Important Deadlines for 2016 June Deference

  • Registration: 01 February 2016
  • Submission to reviewer: TBD (expect early May)
  • Submission of final copy: TBD (expect end of May)
  • Defences: TBD (expect early June)


Time-line considerations

The following is just a rough guideline, but should give a view how far in the process you should be roughly by what time.

June defence

  • September, October, November: conduct your literature review and work on formulating a clear research hypothesis.
  • No later than early December: Have your research hypothesis/problem statement well formulated and written-up. (For June 2017 defences, a 2-page summary needs to be submitted via Moodle).
  • December, January, February: Complete the research work of the thesis.
  • 1 February 2016: Indicate in Moodle that you want to defend and submit a 2-page summary of your research hypothesis. (NB: This only applies to June 2016 defences - future defences have earlier deadlines)
  • March to Early/Mid-April: Focus only on writing-up and polishing. Every student is different, but past experience shows that over 1+ month is needed to finish the writing process.
  • Early to Mid-April: send a copy to your supervisor. Agree the dates with your supervisor, but expect that it might take a week or two for your supervisor to comment on your work. Plan also for time to address the comments from your supervisor.
  • Early May: submit to thesis to reviewer.
  • Mid-May receive review and have about 1-2 weeks time to address comments.
  • End of May/early June: submission of final thesis. This is a university deadline, and is the ultimate hard deadline to submit your thesis.
  • Early June defence

January defence (no summer vacation, if you plan a vacation adjust the dates accordingly)

  • April, May, June: conduct your literature review and work on formulating a clear research hypothesis.
  • Not later than 1 July: Have your research hypothesis/problem statement well formulated and written-up. This must be submitted to OIS, you will received feedback.
  • July, August, September: Complete the research work of the thesis.
  • Early to Mid-November: send a copy to your supervisor. Agree the dates with your supervisor, but expect that it might take a week for your supervisor to comment on your work. Plan also for time to address the comments from your supervisor.
  • Early December: submit to thesis to reviewer.
  • Mid-December receive review and enjoy christmas/new year time to address comments, you will still have to declare your intention to defend in January in OIS.
  • Early January: submission of final thesis. This is a university deadline, and is the ultimate hard deadline to submit your thesis.
  • January defence


Topic and supervisor

Every student must have an supervisor when writing the thesis. The supervisor's role is to provide guidance on topic selection and research methods, as well as to give feedback on your work. It is not the supervisor's duty to correct spelling mistakes or formatting errors - they may point such things out, but the responsibility remains with you. Before a thesis will be accepted for defence, the supervisor has to agree that it is of sufficient quality.

Almost any professor and lecturer you have met in your curriculum can act as an supervisor of your thesis. Some of them have some open problems suitable for doing research and writing a thesis, but many may not have a topic to offer right away. It is usually more helpful to have an initial idea of a topic of your thesis and ask someone with interests in the related field to advise you. You can have a supervisor not related to the university, but he can act only as a co-supervisor and you need to agree to somebody related to the curricula or the leading institute of the curriculum to be an official co-supervisor. All (co-)supervisor must have at least a Master's degree.

When refining a topic idea, make sure it has a clear connection with cyber security.

Potential supervisors & proposed topics

The topics below are offered by potential (co-)supervisors (in alphabetical order). The list is updated as new offers emerge.

From Tanel Alumäe, Institute of Cybernetics

  • Eestikeelse telefonikõne automaatne transkribeerimine

Task: Töö sisuks on kõnetuvastussüsteemi loomine, mis suudaks võimalikult hästi transkribeerida eestikeelset inimestevahelist spontaanset telefonikõnet. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist.

  • Võtmesõnade otsimine eestikeelsest telefonikõnest

Task: Töö käigus luuakse süsteem, mis suudab kiiresti leida inimestevahelisest eestikeelsest sponaansest telefonikõnest kohti, kus suure tõenäosusega esineb sõna mingist võtmesõnade hulgast. Süsteem implementeeritakse kasutades olemasolevat kõnetuvastusmootorit. Kõnemudelite treenimiseks kasutatakse suurt hulka käsitsi transkribeeritud telefonikõnesid. Töö suurimaks väljakutseks on treeningkorpuses olevate kõnetranskriptsioonide joondamine helisignaalidega, et võimaldada telefonikõne-spetsiifiliste mudelite treenimist. Töö teiseks väljakutseks on erinevate võtmesõnaotsingu meetodite testimine.

From Hayretdin Bahsi, Tallinn University of Technology, hayretdin.bahsi@ttu.ee

Interested topics are classified as technical, organizational and strategic. Below are listed some interesting topics. If you already have specific topics, we can discuss them and decide to work together.

Technical Issues

  • Security of Industrial Control Systems (ICSs)

Development of an ICS security testbed, ICS honeypots, attacks targeting ICS, intrusion detection systems in ICS, event correlation systems in ICS, forensics issues in ICSs.

  • Situational Awareness and Cyber Threat Intelligence

Analysis and comparison of cyber threat information sharing protocols, privacy preserved sharing of cyber threat intelligence, generation of threat profiles out of cyber exercises, situational awareness outputs for tactical and strategic layers of organizations,requirement analysis of nationwide cyber awareness system

Organizational Issues

  • Framework for providing security in supply chain management
  • Security framework for information sharing with third party entities
  • Analysis of security operation center models

Strategic Issues

  • High-level information flows and reporting mechanisms among the major entities of national cyber security governance
  • Maturity models for the analysis of national cyber security capability

From Bernhards Blumbergs

  • network security
  • exploit development,
  • advanced threats
  • security evasion,
  • IPv6

From Aivo Kalu, Cybernetica AS

  • Pilveteenuste ohuanalüüs ja võrdlus ISKE-ga

From Jüri Kivimaa, Tallinn University of Technology

  • IT security economics
  • security cost optimization

From Aleksandr Lenin, Cybernetica AS.

Contact e-mails:

aleksandr.lenin@ttu.ee

aleksandr.lenin@cyber.ee

  • Aleksandr Lenin: quantitative security risk analysis, security modelling (attack process graphs), security modelling patterns (e.g. attack patterns), analysis of strategic interactions of malicious decision makers, security games (game theory), security decision making and optimization, fuzzy metrics for security, fuzzy decision making and control, fuzzy security analysis, algorithms for security analysis (development, optimization, benchmarking), enhancing ISKE by integrating other analysis tools into the ISKE tool, social aspects of security (modeling and analysing social engineering attacks).

Click here for a list and details.

From Toomas Lepik, Tallinn University of Technology

  • forensics
  • malware
  • anti-malware

From Olaf Maennel, Tallinn University of Technology, olaf.maennel@ttu.ee

I am only able to supervise students, who are taking my Research Methods course as well.

  • big data & big data forensics.
  • serious games/auto-configured cyber security exercises:
  • aviation related cyber security projects:
    • FANS security and secure protocols.
    • drones who deliver the mail every morning and fly between houses in the university.
  • psychological & cognitive cyber security questions
  • network security, network monitoring:
    • we try to break the university it-infrastructure (with approval from the IT-department).
  • insider threads, intrusion detection.
  • measurements (active & passive):
    • what type of traffic do we have on TOR?
    • can we phish spear phishers?
  • IPv6 & IPv4 and address sharing technologies.

From Rain Ottis, Tallinn University of Technology

  • national cyber security
  • serious games in cyber security/cyber security exercises

From Arnis Paršovs, University of Tartu, arnis@ut.ee

  • Topic: On-the-fly encryption for car DVR

Task: Implement on-the-fly encryption functionality for Prestigio car DVR (by patching publicly available firmware - possibly by hooking write calls). Use of hybrid encryption is recommended, however, implementation of scrambling (e.g., XORing with a fixed key) might already be considered success. Describe the threat model, how it was done and how to use it.

  • Topic: Parallel tallying for Estonian i-voting

Task: Describe security risks that could be reduced if election observers would be allowed to perform vote verification and counting using their computers. Propose changes to the i-voting procedures and develop parallel tallying reference implementation and test data set. Analyse new risks introduced and propose counter measures.

  • Topic: Perfect Secrecy for TLS

Task: Create an Internet Draft proposing a TLS cipher suite or extension that would ensure perfect secrecy using one-time pad. Develop a proof-of-concept patch for OpenSSL/mod_ssl and Firefox. Analyze the security and usability, describe the use cases.

  • Topic: TLS Session Resumption and ID card Authentication

Task: Study how TLS session resumption is implemented in browsers. Measure and compare the performance improvement TLS session resumption provides. Measure the performance impact if the TLS client certificate authentication is performed using a smart card.

From Mauno Pihelgas

  • system monitoring
  • network monitoring
  • IDS/IPS systems
  • insider threat detection

From Jaan Priisalu, Tallinn University of Technology

  • TBD

From Truls Ringkjob

  • various

Tiia Sõmer

Currently no topics on offer.

From Risto Vaarandi, Tallinn University of Technology

  • log collection and analysis
  • event correlation
  • network monitoring
  • security monitoring.

Application for supervision requires passing the Cyber Defense Monitoring Solutions course with grade 4 or 5.

From the TUT IT office

Infrastructure

  • Migrating TUT Campus LAN to IPv6; Edgars Zigurs
  • Implementing a freeware SIEM solution in TUT; Edgars Zigurs
  • Campus WiFi quality and signal strength modeling (3D); Edgars Zigurs

Development

  • electronic door signs, room calendars, etc.; Thomas Lepik
  • VoIP solutions - softphone, integration with existing information systems; Thomas Lepik
  • integrating last generation BMS (Building Management System); Thomas Lepik
  • the student view of OIS (usability, security, re-design); Enn Rebane

TREsPASS project

The project is also suitable for PhD research, following the completion of the Master's studies. Contacts: Dr Peeter Laud, Dr Jan Willemson, Dr Aleksandr Lenin.

From Estonian Police

  • Vaatlustarkvarade EnCase ja Autopsy võrdlus (selgituseks, et Autopsy on EnCase analoog, kuid tasuta. Vajalik oleks täpne analüüs, et mida Autopsy võimaldab ja mida mitte võrreldes EnCase ja/või FTKga).
  • Erinevate suhtlustarkvarade (WhatsApp, Viber, FB Messenger, Skype jt) jäljed mobiiltelefonides ja nende analüüsimine (selgituseks, et üldjuhul loovad suhtlustarkvarad mingi andmebaasi vestlustega ka telefoni, kas see on krüpteeritud või mitte? Osad vestlused XRY tuvastab, aga millistel juhtudel? Millised võimalused oleks neid faile nö käsitsi uurida?).
  • Tõendiahela kirjeldamine elektrooniliste tõendite fikseerimisel (chain of custody)/Elektroonilise sisu erikohtlemine asitõendi vaatlusel/Digitaaltõendite vaatluse kord – erinevate riikid analüüs ja võrdlus.
  • P2P võrkudes lastest ebasündsate piltide levitajate tuvastamine/P2P võrkudes illegaalse internetisisu levitajate tuvastamine.
  • Koolituskava väljatöötamine uurijale/menetlejale, kes puutub kokku digitaalsete tõenditega- erinevate riikide praktika võrdlus.
  • Ask Rain Ottis for a POC on these topics.

Formal Requirements and recommendations

Until further notice, please use the formatting guide (.zip) from the Computer Engineering Department. Please note that you will have to change the title page to read "Department of Computer Science", adding "TUT Centre for Digital Forensics and Cyber Security" on the following line.

The thesis code for IVCM is ITC70LT.

General information. The following advice is a good idea to consider for a master thesis:

  • a title page, an author declaration, an annotation in English and Estonian, a list of contents, and references are required in the thesis
  • 50-80 pages + appendices if needed
  • Times New Roman (or similar), font size 12, 1.5 spacing used for the ordinary text
  • headings are numbered and no more than 3 levels used
  • Don't forget page numbers
  • 2 bound hard copies are submitted, you will get one back afterwards. You also have to submit the license agreement granting TUT the right to store and publish the thesis.
  • A soft copy of the thesis (in pdf format) and the thesis meta data sheet are sent to thesis@cs.ttu.ee.


Thesis defence

The thesis defence is typically held in early June. Alternate thesis defence dates can and have been offered (for example, January).

The procedure for thesis defence is set by TUT regulations.

Declarations

There are two declaration needed: (1) submit a 2-page research hypothesis via Moodle. (2) declare your intention to submit in OIS.

The reason for this is to catch potential problems early. About half a year before the defence, the students are required to indicate their intent to defend (plus topic and supervisor info). See deadlines above set for each semester. Typically this will be around 1 December for June defences, and 1 July for January defences. You will need to submit this via TUT Moodle. Instructions on how to access the TUT Moodle can be found here. The course is called "IVCM: Cyber security MSc thesis @ TUT". You'll have to self-enroll yourself in this course. Feedback on the 2-page research hypothesis write-up should be received within 3-4 weeks. For more information on how to write this abstract, see the moodle course. Note that selected students will be assigned a date for an informal pre-defence that is designed to provide them feedback.

Before a student can proceed to the thesis defence, they have to declare the thesis topic in OIS and get approval from their supervisor. The deadline for handing in the final version of the thesis (hardcopy and softcopy) is typically at least one week before the defence deadline. Please pay careful attention to the OIS declaration deadline, as without this you will not be permitted to attend the defence.

Reviewer

Each thesis will be assigned a reviewer or sometimes called opponent. The reviewer must have at least a Master's degree and relevant knowledge or experience in the field of the thesis topic, and they must not have a conflict of interest (such as being members in the same research group). Students and supervisor may recommend reviewer candidates, but the final assignment will be done by the thesis defence committee.

A reviewer will provide written feedback (typically about two pages) on the thesis. The review should cover the following points:

  • short description of the thesis
  • strengths and weaknesses of the thesis
  • recommended grade (0-5, where 0 is a failing thesis and 5 is an excellent thesis) based on the clarity of the problem and the solution, complexity of the problem, suitability of the chosen solution, proper execution of the solution, and the proper formatting and language use in the thesis.
  • at least three questions that can be asked during the defence.

Based on the student's performance at the defence the reviewer may change the recommended grade.

The reviewer will receive a copy of the thesis about a month before the final/hard university deadline for submitting the thesis. The reason for this is that typically reviewers point typos and small factual mistakes that can be fixed in short time (about a week). The student will receive the review 1-2 weeks before the final university deadline and therefore is able to address some of the comments before submitting the final version. The student can also still decide not to submit the thesis this round, but rather work on improving the quality and then submit an improve version 6 month later.

Submission

Ms Elena Vaarmets (ICT-429, thesis@cs.ttu.ee) will collect the thesis materials on or before the deadline specified above. The following specifies what you need to submit:

  • two paper copies of the thesis
  • a lisence (pdf); signed on paper
  • a pdf version of the thesis
  • the metadata (see below) and abstract of the thesis in electronic form
  • more info here.

Metadata:

  • Title (in Estonian, EST):
  • Title (in English, ENG):
  • Author:
  • Supervisor(s):
  • Defence date: 18.01.2016
  • Language of the thesis: ENG
  • University (EST): Tallinna Tehnikaülikool
  • University (ENG): Tallinn University of Technology
  • Faculty (EST): Infotehnoloogia teaduskond
  • Faculty (ENG): Faculty of Information Technology
  • Institute (EST): Arvutiteaduse instituut
  • Institute (ENG): Department of Computer Science
  • Chair (EST): Küberkriminalistika ja küberjulgeoleku keskus
  • Chair (ENG): Centre for Digital Forensics and Cyber Security
  • Keywords (EST):
  • Keywords (ENG):

NB! Do not forget that you need to prepare a 15 min presentation for your defence. This should really not be left to the evening before the defence!

The defence procedure

On the day of defence, students will be heard according to the announced schedule. Generally, the results will be announced at the end of the day.

The defence procedure for each student consists of the following steps:

  • the committee Chairman announces the name of the student, the topic of the thesis, and the names of the supervisor(s) and reviewer.
  • the student presents his or her thesis in 15 minutes.
  • the student answers the reviewer's questions and the reviewer recommends a grade. This recommendation may differ from the preliminary recommendation, based on how successful the defence was.
  • the student answers questions from the committee.
  • the student answers questions from the audience.
  • the supervisor gives his or her opinion of the thesis and recommends a grade.

NB! The recommended grades by the reviewer and the supervisor are not binding to the committee, who makes the final decision.



Useful links

ITX8040 Thesis advice slides

Some advice and requirements for writing a thesis in UT

Some advice and requirements for writing a thesis in TUT (in Estonian)

Databases, books, research papers accessible from the TTU network