Computer+Systems+and+Networks

=__Computer Systems and Networks__=

This page has three main sections:

• Use this to find out which member of staff has the right expertise to supervise the type of project that you want to do. Carry out some research into your topic, and then arrange to meet the relevant member of staff to discuss further.
 * Staff Interests** shows a list of members of staff in the subject group, and some keywords which identify their areas of interest.

Some titles of projects that have been recently supervised by lecturers in the group
 * Recent Projects**

• These are presented by staff member in alphabetical order. You should note that these project ideas are designed to give students guidelines on their area of work and to help them develop a firm basis for an actual project. If you are interested in a project idea, do some background research into the topic before you make an appointment to discuss it with a potential supervisor.
 * Project Ideas**



Staff Interests

 * Dr Ahmed Al-Dubai, D31 Networking, Communication algorithms, Protocols.
 * Prof Bill Buchanan, C63 Cloud Computing/Virtualisation, ASP.NET, .NET 3.5/4.0 (especially WPF - XAML, WWF, WCF and CardSpace), e-Health, RFID, Security (especially IDS, Encryption/Authentication, and ID Management Systems), Digital Forensics, Simulators/Emulators, Modelling Packages, Wireless Systems, and Educational Frameworks.
 * Jim Jackson, D53 General Internet technologies, Content Management Systems (php/mySQL/Joomla). Multimedia content delivery, Networks, Network protocols, Network security, Wireless technologies. Data acquisition/sensing.
 * Alistair Lawson, C38. Programming Projects and Data Analytics Projects related to Security and Digital Forensics, to Distributed Computing, and Sensor Systems. Social Media Analysis, Recommender Systems. Social Network Modelling and Analytics. Natural Language Processing (text and speech), including sentiment analysis,
 * Robert Ludwiniak, C65 Networking, Routing protocols, QoS, IPv6, Mobile IP, Security, Wireless.
 * Dr Imed Romdhani, C64 Networking, Communication algorithms, Mobile IP, Protocols
 * Dr Gordon Russell, room C65. Interests include Windows and Linux administration, Network services, Computer and Network Forensics, Cisco technologies, Virtualisation of computers and networks, Teaching technologies, and Security and hacking.
 * Mr Brian Davison, C56 Application of IT to energy generation and use. Smart cities. Mobile applications. Design of standalone Internet nodes. Internet of Things
 * Dr Elias Ekonomou, applied computer security for e-Health, online and wireless applications, preferably with a focus on authentication (identity management), performance and human factors
 * Dr Petra Leimich, room C49. Interests include Digital Forensics, Computer and Information Security, Big Data.

**Recent Projects**

 * Dr Ahmed Al-Dubai
 * 1) Maintaining Q.O.S for Multimedia Services on Wireless networks
 * 2) A Defence Mechanism Against Malicious Network Anomalies
 * 3) Investigating the energy efficiency aware protocols in wireless sensor networks
 * 4) Energy-Efficiency in Wireless Mesh Networks
 * Prof Bill Buchanan
 * 1) Next Generation Visual Interface for Networking Simulations
 * 2) An Evaluation of power consumption in cloud infrastructure
 * 3) Next Generation Authentication Infrastructures with Role-based Security for Cloud Computing
 * Jim Jackson
 * 1) Congestion Avoidance Algorithms in Ad-Hoc Wireless Networks
 * 2) Dynamic Sensing and Analysis of Bicycle Crank Motion
 * 3) Practical Digital Authentication
 * Alistair Lawson,
 * 1) Social Media Network Analysis
 * 2) Sentiment Analysis of Tweets
 * 3) Python Tool for Critical Analysis of Android Privacy
 * Robert Ludwiniak,
 * 1) Critical evaluation of Intrusion Prevention System in Virtual Network
 * 2) Critical Evaluation of Forensic Tools for an Android Device
 * 3) Critical Evaluation of Security in BGP Protocol
 * Dr Imed Romdhani
 * 1) Quality of Service in Mobile Vehicular Networks
 * 2) Evaluation of the Openflow Switch
 * 3) An Analysis of Wireless Encryption Methods
 * Dr Gordon Russell
 * 1) A cloud-based VoIP Teaching Environment
 * 2) Teaching Network Wiring Techniques using Interactive Animations
 * 3) Using Virtualisation to Provide Malware Protection
 * Brian Davison
 * 1) Location verification for mobile applications
 * 2) Ad-hoc networking on the Raspberry Pi
 * 3) Universal mobile interface design for Internet of Things
 * Shancang Li
 * 1) One-time Password (OTP) authentication in the Internet of things
 * 2) Lightweight security solutions for the Internet of things
 * 3) AES-Based Lightweight Authenticated Encryption
 * 4) Secure remote communication protocol between Arduinos
 * Dr Petra Leimich
 * 1) An Investigation into Hadoop forensic procedure
 * 2) Visualization of Android mobile application location data
 * 3) Generation of cryptographically sound random numbers with hardware
 * 4) File carving mp3 and image file fragments



Professor Bill Buchanan
Our current work is focused on Cloud-based infrastructures for security, e-Health and digital forensics. Some previous project are here Outline: [] || [] ||
 * ~ **Title:** || **Disk Triage with Forensic Sampling for Disk Images** ||
 * ~ **Outline:** || Normally it can take many hours to image a disk for forensic analysis. Simson Garfinkel, though, has proposed a method where it is possible to sample parts of a disk and determine the overall disk structure, such as for the amount of encrypted content on a disk image. The aim of this project is to implement this technique on a range of disk systems, such as for NTFS and mobile devices, in order to determine the basic structure of the disk, including the amount of encrypted content on a disk.
 * ~ **Deliverables:** || * Literature Review around Disk Triage, Disk Scanning, Identification of file types, and so on.
 * Design of a method for random scanning of disk fragments.
 * Implementation of a random scan of a disk.
 * Evaluation of the results for a range of devices. ||
 * ~ **Required Resources:** || AFFLIKB Tools:
 * ~ **Skills sets:** || .NET or scripting. ||


 * ~ **Title:** || **Forensic Sampling of Disk Content on a per fragment basis for content** ||
 * ~ **Outline:** || Often digital signatures are created for an image or movie based on a hash of the complete file. Unfortunately it is time consuming to thus read every sector on a disk, and build up the complete file. Also an image or movie may have been deleted, along with one of more of its fragments, so it is never possible to build up the complete hash signature. A new proposed method is to create a hash signature table based on the disk fragments, so that a random sample of the disk fragments can be checked against this hash table. This would allow for a basic triage of the disk. ||
 * ~ **Deliverables:** || * Literature Review around disk fragmentation, disk and fragment hashing.
 * Design of a method for reading disk fragments and creating one or more hash signature related to content.
 * Implementation of the sampling system.
 * Evaluation of the results for the detection of a range of files to detect, which are fragment onto a range of disks and devices. ||
 * ~ **Required Resources:** || AFFLIKB Tools:[] ||
 * ~ **Skills sets:** || .NET or scripting. ||


 * ~ **Title:** || **Creation of Dynamic Instances within a Cloud-based Infrastructure** ||
 * ~ **Outline:** || This project aims to dynamically create digital forensics instances based on a scripted range of requirements, such as for static activities and for dynamic ones.

Outline paper || Evalation of the performance impact on resources. ||
 * ~ **Deliverables:** || Dynamic instances created based on a script.
 * ~ **Required Resources:** || * VMware vSphere Hypervisor (ESXi).
 * vCenter Cloud management infrastructure.
 * Flexiant Cloud Infrastructure. ||
 * ~ **Skills sets:** || * Integration of tools.
 * ESXi API/Xen
 * Evaluation.
 * Virtualisation.
 * Scripting and/or ASP.NET ||


 * ~ **Title:** || **Evaluation of a Dynamic Digital Forensics Evaluation Test (D-FET) Platform** ||
 * ~ **Outline:** || This project aims to evaluate the performance of digital forensics tools. These tools aim to detect the presence of trails of evidence, such as for the presence of illicit images and the determination of user accounts from a host, along with measuring key quality metrics, such as true-positives, and false-positives, it also should measure operational performance, such as for the speed of success, CPU utilization and memory usage. This is used to determine the basic footprint of the package-under-test.

The project will use VMware vSphere Hypervisor (ESXi) within the vCenter Cloud management infrastructure, which provides a cluster environment, and supports the creation and instantiation of a well-defined virtual test operation system.

Outline paper ||
 * ~ **Deliverables:** || A range of experiments which provide evaluation metrics for digital forensics tool. ||
 * ~ **Required Resources:** || * VMware vSphere Hypervisor (ESXi).
 * vCenter Cloud management infrastructure.
 * Flexiant Cloud Infrastructure. ||
 * ~ **Skills sets:** || * Integration of tools.
 * Evaluation
 * Virtualisation.
 * Scripting and/or ASP.NET ||


 * ~ **Title:** || **Next Generation Authentication Infrastructures with Role-based Security for Cloud Computing** ||
 * ~ **Outline:** || This project will investigate the enhanced protocols such as SAML, WS-* to produce next generation identity management systems which integrate with role-based security for cloud-based services.

More info: Here ||
 * ~ **Deliverables:** || * Investigation of Authentication Infrastructure and the usage of the WS-* infrastructure.
 * Design on an role-based system with identify management.
 * Implementation of an integration authentication infrastructure with services provided from the cloud, and role-based security applied to these.
 * Evaluation of the performance of the infrastructure. ||
 * ~ **Required Resources:** || This project will require a standard Windows/Linux environment, typically through a virtual environment. ||
 * ~ **Skills sets:** || * Systems integration.
 * Server/service configuration.
 * ASP.NET. ||

and/or
 * ~ **Title:** || **Dynamic Performance Evaluation of Intrusion Detection Systems (IDS)**
 * Dynamic Performance Evaluation of Intrusion Prevension Systems (IDS)** ||
 * ~ **Outline** || This project will investigate the performance of IDS in relation to their actual true-positive rate for a range of network conditions, and assess how well they cope with different types of network traffic.

Previous IDS project. Previous IPS project. ||
 * ~ **Deliverables:** || * Investigation of IDS (/IPS) systems, and their performance impact.
 * Investigation of evaluation tools for traffic playback and performance metric generation.
 * Design of a range of experiments for the evaluation.
 * Implementation of the tools for experiments.
 * Implementation of the experiments.
 * Evaluation results on the performance impact, especially for missing data under stress loadings. ||
 * ~ **Required Resources:** || * Standard Windows PC (possibly in a virtual environment).
 * Snort or other IDS/IPS systems. ||
 * ~ **Skills sets:** || * Server/Service configuration,
 * Tool generation,
 * .NET or scripting.
 * IDS configuration. ||

= =

Jim Jackson
To check the status of my projects and project ideas refer to: [|http://www.soc.napier.ac.uk/~jimj/#Projects] __Dynamic Sensing and Analysis of Bicycle Crank Motion__ Outline : The School of Life sciences has equipment for measuring and analysing the torque a training cyclist applies to the bicycle crank throughout each revolution. This is achieved via embedded strain gauges. (see http://www.srm.de/englisch/index.html ) The current system also measures crank angular velocity but is much less accurate, being derived from a simple once-per-revolution timing signal. It is proposed that a system is developed to monitor the rotation of the crank much more accurately. This project will develop a reliable method of measuring and recording the angular velocity of the crank derived from suitable optical sensors feeding into a DataTaker DT80 logger. (see: http://www.datataker.com/ ) DELIVERABLES : The final deliverable would be a suite of logging applications created using DeLogger or LabView. These applications would support sports scientists recording training sessions. REQUIRED RESOURCES : DataTaker DT80 and support software. Optical sensors (4 off), Shaft encoder. All available from project originator. see http://www.soc.napier.ac.uk/~jimj/#Projects Skillsets: Primarily a practical project which will involve the development of a method for timing recurring events and processing these in a suitable format for the end user.

__Motion Sensing Using Low-cost Accelerometers__ Outline : The concept of motion sensing as a computer input method is now very familiar due to the Wii Remote. The Wii Remote uses small accelerometer chips in the device to detect motion in 3 axes. This project will investigate the possibilities of using such chips to monitor and record movement. DELIVERABLES : The final deliverable would be a hardware/software interface which would be used to measure the motion sensitivity and accuracy possible which these low-cost devices. REQUIRED RESOURCES : Accelerometer chips (Memsic MXR9500G/M) available from supervisor. Simple analogue interface device, to be sourced. see [|http://www.soc.napier.ac.uk/~jimj/#Projects] Skillsets: Primarily a practical project which will involve the development of a method for interfacing to hardware and acquiring data. Possibly some graphics and geometry translations required.

**Alistair Lawson**

 * 1) __ Big Data Analytics for Cyber Security & Forensics __
 * 2) __ Social Network Analysis and Modelling for Cyber Security & Forensics __

Dr Gordon Russell
__Web Server Architectures__ Outline:

Service providers all around the internet offer users access to web resources and cloud-based technology controlled and accessed via the web browser. At the provider's end, they is usually managed with a one of the many web servers available. Each web server has its own features, fanbase, and weaknesses. Often the selection of a server is almost an automatic process, and on a Linux platform the instinctive selection is almost certainly to choose Apache. But this may not be the optimum choice, and this is especially true as the internet migrates to new technologies, such as WebSockets, a push for general use of HTTPS, SPDY, http tunnels, etc. Most web servers also have a variety of configuration options, and again it is typical to run servers using default configurations... at least until something goes wrong!

The Linuxzoo architecture has been developed using a popular web server, Apache. This has largely been used with the default configuration. The Apache process model has evolved over the last few years, and includes different process engines and a variety of configurations, some of which may make Apache perform better. There are also alternative web servers, such as NGINX and lighttpd. It is certainly not clear which platform, or combination of platforms, could offer the best architecture to the Linuxzoo platform. It is expecially challenging, as Linuxzoo has evolved around some undocumented aspects of Apache, and also uses custom software for features which other platforms now support natively (such as websockets). The Linuxzoo system also provides very long-lived TCP connections, which are used to support remote desktop technologies. It certainly seems likely that this current configuration is nearing its limits, and that alternatives need to be explored to support the site and provide scope for future developments.

A possible focus statement for this project could be "Can web server architectures be built using modern components to outperform traditional designs in a reliable, flexible, manageable, resilient, efficient, and cost-effective way?".

Possible Deliverables:
 * An understanding of current web server solutions and architectural approaches.
 * An analysis of current and future needs of a complex service provider (such as LinuxZoo).
 * A testbed to explore system performance.
 * An evaluation of one or more implementations, in terms of reliability, flexibility, efficiency, cost, etc.

Required Resources: A computer you own which can build a test environment.

Skill Buzzwords: Linux, Apache, NGINX, proxying, security, DDOS, WebSockets.

__Virtualised Infrastructure__ Outline:

With the continued development of cloud computing, providers have now started to offer the option of moving entire infrastructures into the cloud, rather than just computing nodes and basic networking. This allows complex architectures to migrate to the cloud, supporting a variety of "whole solution" architectures to be visualized. This offers some significant advantages over more basic cloud systems, as now the infrastructure can be scaled to faster systems, and migrated around the cloud environment to maintain maximum availability. As part of supporting visualized infrastructures, a number of companies have started to supply visualized router components to run in the cloud. One of the first systems to be marketed in this area is the Cisco 1000V, although competitors are appearing, such as the vEOS. Normal Linux virtual machines can also offer router and switch capabilities in such architectures, though the maintainance of such things is probably greater than a focused commercial solution. Linux does have some advantages, especially if you are willing to trade Linux true visualization (such as using kvm/qemu) for the relatively new Linux Containers paradigm. Which solution is best is however open to speculation.

A possible focus statement for this project could be "Can visualized infrastructure components compete effectively against physical devices to offer a reliable, flexible, manageable, resilient, efficient, and cost-effective solution in cloud-based architectures?".

Possible Deliverables:
 * An understanding of current physical device approaches to supporting visualization, as well as the growth of visualization of infrastructure.
 * An analysis of current and future needs of a visualized infrastructure provider.
 * A test-bed to explore system performance.
 * An evaluation of one or more implementations, in terms of reliability, flexibility, efficiency, cost, etc.

Required Resources: A computer you own which can build a test environment.

Skill Buzzwords: Linux, Cisco, Virtualisation.

__Cloud Security in Linux__ OUTLINE : With the development of cloud computing as a general concept, many developers have jumped onto the bandwagon and produced products to provide virtualised machines in a managed environment. Most of these are focused on implementations where the users and administrators are trusted. However for teaching purposes an environment which strictly controls what users can do is more appropriate where students are the users or administrators. Cloud systems for teaching is a large market, so some developers have adapted their normal environments to appeal to this sector, but a fresh look at the security requirements may produce a better product. Linuxzoo is my virtual computing environment, and it was developed with student users in mind. It has strict security in place already to protect students from making silly or damaging errors to the Linuxzoo system and the internet. However its security can always be improved. This project will consider the current requirements of cloud environments for student use, evaluate the current competition, and consider the current security in place already in linuxzoo. It will then identify new or additional approaches to enhancing security. This could be adding an additional security ring to linuxzoo (such as SELinux), producing a security audit of the current layered firewalls of linuxzoo and rewriting this, moving from SUID technology to process capabilities (another "new thing" in linux), or better dynamic monitoring and response systems to fix problems as they appear. The focus statement could be: "Can a layered security model for cloud management environments be tuned for the use of student controlled virtual machines, so that security, reliability, flexibility, and performance can be maintained or enhanced?" DELIVERABLES : • Investigating current student cloud environments, perform a requirements analysis, evaluate linuxzoo security. • Propose and theoretically evaluate new security measures for linuxzoo. • Implement those features and perform an evaluation of their usefulness, accuracy, and performance. REQUIRED RESOURCES : All resources needed are available on linuxzoo. SKILLSETS : Linux, security, networking, scripting

__Cloud storage technologies__ Outline: Linuxzoo provides students with virtual machines on demand, effectively providing a cloud computing environment. Currently the disks used by each virtualisation is held on local storage on each node of linuxzoo. This naturally means there is lots of data duplication, which is hard to manage efficiently. More importantly, it means that students must keep running their virtual machines on the same node, or else they will not be able to access any changes they have made to their virtual disks. This project involves the evaluation of technologies to allow linuxzoo (and other cloud technologies) to share their virtual disk storage over a network. Commercially some solutions involve considerable expense, such as iSCSI and high performance disk farms. However this project is focused on high performance for low cost. Possible solutions include automated file mirroring, NFSv4, or GlusterFS. Look at http://[] for some ideas. Once solutions are identified, one or more should be implemented and evaluated, either in a private cloud or in linuxzoo. Once the ideal solution is selected, real-world evaluation should take place in linuxzoo using the live environment. The focus statement could be: "Can the flexibility and reliability of linuxzoo be enhanced using different filesystem management techniques, while maintaining performance and functionality?" Access to the linuxzoo development environment. Linux, networking, virtual machines, evaluation techniques.
 * Deliverables:**
 * Analysis of the needs that virtualised technologies have for storage.
 * Review and evaluate current technologies.
 * Initial analysis of the technogies, focusing in on 1 or 2 solutions.
 * implementation selection and evaluate.
 * Required Resources**:
 * Skillset:**

__Forensic Test Image Generation Tools__ Outline: In order to allow students to experiment with computer forensic tools there is a requirement to prepare suitable computer disk images. These images need to contain interesting datasets which can be used as exercises, such as supporting various data recovery techniques, or contain complex browsing histories which could form the basis of tutorials related to the building of user timelines. Currently these images are often built using virtual machine, where the lecturer performs a number of tasks (such as surfing a number of websites, reading some email, or downloading some files). Each task usually is made to appear to happen at different times by rebooting the virtual machine frequently with a different system clock setting. Building such images can be time-consuming, but having a large variety of images to hand would make forensic tutorials more interesting and varied. In particular, it would be nice to be able to attempt the same question multiple times, and each time have to use a different disk image generated automatically for that question. This project considers the problems of dynamically generating forensic disk images suitable for practical exercises. These images need to be pseudo-realistic, while being relatively small (so they fit easily within a learning environment and can be easily manipulated) as well as fast to generate. They should also be arranged so they are fast to analyse (as realistic images could take hours to analyse while tutorial sessions tend to be much shorter). Some work has already been done ( [] ) in defining a description language to define what each image should contain, as well as some work done to build disk images automatically. The next step is to take this work forward and produce something more complete. A possible focus statement for this project could be "Can computer disk images be generated dynamically and rapidly to form the basis of interesting challenges for those learning digital forensic techniques, while retaining realism and maximising performance?". Deliverables Required Resources: A linux-based development environment. Skill Buzzwords: Perl, Linux, Digital Forensics, Disk Partitioning, Filesystems.
 * Investigate dynamic image generation techniques and useful tools, along with the requirements of image content in terms of educating users.
 * Build an image generation command.
 * Build test images automatically.
 * Evaluate the dynamically generated images in terms of their usefulness to teaching

__Javascript Telnet/SSH__ Outline: Over recent years there has been a move for applications to run directly from browsers, rather than have executable programs which need to be installed on each computer. An example of this is gmail, which provides an excellent email interface which can be used by a browser running javascript. The benefits of browser based products are their immediacy, and also that they require less trust of the developer or publisher from the user. Linuxzoo has a javascript telnet interface, which allows users to telnet to machines booked in linuxzoo. It is a true vt102 emulation, and requires only a browser and javascript on the clients machine. However, it is really a hybrid, and the telnet system really runs on the server with only screen updates and keystrokes passing between the browser and the server. This project is to write a new javascript telnet or ssh system, so that telnet is (almost) completely implemented in the client side. There should be a minimum of code running on the server (which is still required to manage the tcp sockets and for some simple buffering). One possible route is to make use of HTML5 and websockets. Websockets are javascript-based TCP connections, and linuxzoo already has support for these server-side. The focus statement could be: "Can a JavaScript based telnet client be written for web browsers to replace client-installed executables, while maintaining usability, reliability, security, and fidelity?" Deliverables: Required Resources: Access to linuxzoo or another suitable deployment environment. Skillset: Telnet protocol, javascript, asynchronous communications, networking.
 * Evaluation of the requirements of remote access clients, the move to browser based clients, the telnet (or ssh) protocol itself, and how telnet can be implemented in javascript.
 * Implement a javascript telnet or ssh application
 * Evaluate its performance and effectiveness
 * Perform a 2nd development cycle, tuning the performance.
 * Evaluate the usability

__Visual Network Wiring Emulator__ Outline: When users are wiring up devices in the real world they are often working with standard wiring technologies, such as crossover cables, patch panels, router sockets, and PC network cards. However when users are wiring up in a virtual environment they are generally restricted to wiring in terms of a topography diagram, or in other abstract terms. This project is to look at constructing a high-realism interface for users, which presents an interface which more accurately represents a real world wiring mechanism. This should capture realistic concepts, which could include the physics of wires, wires becoming twisted together, wires hiding behind other wires, wire types, socket orientation, etc. This would allow the user to, for instance, practice wiring exercises in a virtualised environment in a way that when presented with a real-world wiring closet they would be immediately able to construct complex topologies as well as understand and adapt current configurations. A useful exercise would be to take this virtual interface and connect it to a number of tutorial exercises, and evaluate users as they complete various networking tasks. This could also involve a comparison between virtual exercises and physical wiring exercises. The focus statement could be: "Can realistic virtualisation of complex physical network wiring offer an equivalent or better experience for learning network maintainance techniques that physical topology wiring exercises which use real equipment, while remaining cost effective, reliable, and appropriate?" Deliverables Required Resources: A development PC (e.g. the JKCC), physical access to cabinet wiring technologies (e.g. C27) Skill Buzzwords: Javascript, physics, virtual reality techniques, canvas, software development, Cisco.
 * Investigate the physical attributes of building a network wiring infrastructure.
 * Construct a virtual-reality style emulation of a networking cabinet.
 * Build some interesting educational tutorials
 * Evaluate the tutorials, environment, and student learning in comparison to real-world hardware.

__Social Issues with Online Learning Environments__ Outline Over recent years there has been a push towards online learning approaches to education. Now some modules or even whole courses can be taken remotely. Even students who are studying locally on attendance-based courses may prefer to read material in their own time and work on practical sessions at home, rather than attend physical events in the University. However there are many advantages to onsite education which cannot easily be emulated using online techniques. This project is particularly interested in the social advantages gained by sitting with peers in practical sessions. Not only is their active communication, but there is an element of competition (e.g. "have you finished question 3 yet?") which is largely missing in online education. This project aims to investigate techniques to enhance the learning of active students who are non-attending. One particular area of investigation is the use of comparative analysis tools, where student performance is compared against their peer group. Thus students can get instant feedback on their study methods, such as "you put in 2 hours less this week than the average student", and "you are 7 questions behind the average student". This could also be used to highlight students who are struggling to the tutor, who could then attempt to contact such students using electronic means (e.g. email or Skype). Additionally study-skill suggestions could be made to each student in a supportive way, such as "you seem to work better on tuesday evenings", or "the study pattern you are following suggests you need to schedule 8 hours next week", or perhaps "The work you put in last week suggests you have doubled your efforts since the week before... well done.". Of concern with such automation is the "creepy" feeling which it could generate. Students dont want to be spied on, or be mothered, so care has to be taken to ensure that the outcome of the exercise is largely positive and not off-putting. The focus statement could be: "Can behaviour analysis techniques be used in online learning environments to promote better student performance through the use of supportive, formative, personalised, and acceptable continuous automated feedback?" Deliverables: Required Resources: Consideration of the ethical issues, as well as ethical clearance. Skillset: Social aspects of distance learners, ethics, javascript, statistic skills, spreadsheets.
 * Consideration of the social aspects which distance learning students would find useful.
 * Analysis of the available data and identification of useful techniques and feedback opportunities.
 * Design and implement a system to generate student feedback.
 * Evaluate the effect of the feedback on a study group.

__Cisco Phone emulation environment__ Outline Cisco phones are expensive, as is the router needed to make practical exercises work. Cisco do offer a software emulation of their phone (SoftPhone), which runs in Windows. This project is to investigate a completely software-based environment where students can learn about cisco phone technology. Possible implementations could involve softphone running on windows emulated in vmware, plus callmanager express running in an emulated cisco router using dynamips. This project would evaluate this approach, and build tutorials to allow students to learn about the configuration. The focus statement could be: "Can the use of phone emulation software within an integrated learning environment help support VoIP education in terms of usability, flexibility and reliability?" Deliverables: Required Resources: Appropriate IOS and software, access to virtual machines. Skillset: Understanding of Cisco configurations, virtual machines, preparing tutorials, evaluating user experience.
 * Experimentation with softphone in virtual machines
 * Experimentation with callmanager in virtual machines
 * Investigation into areas of voip requiring tutorial material.
 * Build a tutorial environment
 * Write tutorials
 * Evaluate the effectiveness of this approach to teaching.

=__Brian Davison__=

**Title :** Universal Interface for Internet of Things

 * Applicable Programmes : Software Engineering, Systems & Networks**
 * Style** : Software development using, for example, C on Linux

Outline:
The Internet of Things will make a huge number of location-based services available and it will be important to have a simple means of accessing them. The main concept behind projects in this area is that a mobile device should be able to discover available services automatically and present the user with an appropriate user interface. This presents a whole range of more specific problems that individual projects could explore:


 * Standardised service description possibly based on SNMP - how can a device communicate its available services to a mobile application?
 * Interaction with available services possible using COAP - how can a mobile application send requests to a device?
 * Security/priority control - what mechanisms can be used to determine who has control over a particular device or service at any one time?
 * etc.

The Raspberry Pi is a cheap computer based on the Intel Atom processor and Arduino is a range of cheap microprocessor boards for system prototyping. Competitor products also exist. Because of their low price and small footprint they have potential as an alternative to embedded control systems or systems based on expensive programmable logic controllers (PLCs). These devices can be used to simulate a network of real-world devices as a test and prototyping environment.

Aims :
The aims this project are :
 * Identify one particular aspect of the Universal Interface concept for investigation
 * Design a simulation scenario
 * Implement the required hardware and software components
 * Design and carry out an appropriate evaluation on the resulting prototype

Title : Smart plug

 * Applicable Programmes : Software Engineering, Systems & Networks**
 * Style** : Integration of hardware sensors, wireless communications and application development

Outline:
There are many small monitoring units available which allow users to keep track of the electricity use in their homes. However, these units are typically limited to the total energy use of the dwelling and cumulative totals. This means that users are unable to see the breakdown of their energy use by appliance or room, for example. Neither can they see their detailed energy use over time. This project would involve the development of a smart plug containing a sensor (such as a Hall effect sensor) and a wireless transmitter. The project would also require the development of a receiving application for PC which would capture the data from a set of smart plugs and present that information to the user. Because of the dual nature of this project, it may be suitable for splitting between two students, one concentrating on the hardware and communications and the other on the development of the application.

Title : Standalone Internet node

 * Applicable Programmes : Software Engineering, Systems and Networks**
 * Style** : Software development or network simulation

Outline:
There are many parts of the world without reliable network coverage where a standalone Internet node relying on wireless networking and solar power would provide a solution. However, there are many problems associated with this idea. Some are to do with the management of the communications between the nodes which must cope with network reconfiguration as nodes go down or are added. A project in this area might take a simulation approach to investigate the performance of candidate communication protocols in a range of possible situations. Alternatively, a prototyping approach could be taken to implement a robust network using actual hardware (probably Raspberry Pi).

=__ Dr Elias Ekonomou __=

Cloud backup systems like DropBox have an issue with allowing encrypted files and keep a large number of previous versions available to the users. Assume a 1MB word document to which one character is changed and then uploaded to the backup server, if the service is unencrypted then 1 byte (plus metadata) will be stored as a "change" to the base document in the cloud. However, if the document was encrypted, then the whole 1MB would be completely different and it would have to be stored again. In this project, the student should:
 * Incremental cloud storage for encrypted files **
 * Investigate and showcase the need nor cloud storage and indeed encrypted cloud storage
 * Investigate any solution to this problem and/or showcase that the problem exists
 * Design a mechanism for keeping encrypted yet incremental changes with as small a penalty as possible - it will probably have to include different strategies for different kinds of files
 * Select an existing open-source cloud-backup solution to work with, after evaluating for suitability
 * Improve the selected solution by implementing the encryption strategy
 * Show how it decreases the amount of storage required by encrypted files by comparing it against an existing open-source cloud backup platform
 * If possible, commit the code back to the open-source project or fork it to a new one

__**Dr Petra Leimich**__
Unless specified otherwise, all project suggestions are targeted at students in Cybersecurity, though they may be suitable for students from other programmes with an interest in digital forensics.

__**Project Area: In-cloud / Distributed File System Forensics (e.g. Hadoop)**__ Cloud Security issues and the unsuitability of existing digital forensics methods to cloud environments are among the main reasons cited against adopting the use of cloud services, many of which are underpinned by the Hadoop distributed file system (HDFS). While HDFS can be thought of as a distributed database, its architecture differs fundamentally from traditional database management systems. Traditional "acquire-everything" forensics methods are unsuitable for HDFS. An honours project last year carried out initial work in developing and testing a suitable forensic method for Hadoop. The project concluded that the methodology suggested would be scalable for Hadoop forensic scenarios, but that further research is required. This new honours project could take several routes to further the research, for example (1) carrying out more extensive testing of the method, (2) further development of the method to produce a workable methodology for outsourced Hadoop implementations, where the machines are not physically accessible to the investigator, (3) exploration / design of automated tools to underpin the method which could make use of MapReduce or other platforms, (4) continued analysis of the HDFS architecture, reporting on the forensic implications. Initial bibliography: Meyer, G., & Stander, A. (2015). Cloud computing: The digital forensics challenge. Proceedings of Informing Science & IT Education Conference (InSITE) 2015, 285-299. http://Proceedings.InformingScience.org/InSITE2015/InSITE15p285-299Meyer1562.pdf Martini B, Choo K-KR. (2014) Distributed filesystem forensics: XtreemFS as a case study. Digital Investigation 11:295-313. Harrison, J. 2015. Forensic Investigation of the Hadoop Distributed File System in a Simulated Data Breach Scenario. Honours project. Abertay University (Available from Petra Leimich)

__**Project area: Restoring partial streamed media files from fragments **__
Audio and video files could potentially provide valuable evidence in criminal investigations. However, there are many situations where only parts of these files may be available to an investigator, for example when only some packets of a file stream have been captured, or when a file has recovered after deletion, but has been partially overwritten. Given that the available fragments may not contain the file header which contains file type and dimension information, traditional file carving tools are unlikely to work in such situations. An honours project carried out last year found that fragments of mp3 audio files could be identified using frame headers and that these frames could then be re-assembled into a playable audio file. However, the method suffered from false positives and was not fully tested or automated. This new project will further develop the work carried out, and/or consider different types of media files (e.g. mp4). Initial Bibliography: Poisel, R. Tjoa, S. Tavolato, P. 2011. Advanced File Carving Approaches for Multimedia Files. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, volume: 2, number: 4, pp. 42-58. Available from: @http://isyou.info/jowua/papers/jowua-v2n4-3.pdf Maguire, H (2015). File Carving Mp3 Fragments. Honours project. Abertay University (available from Petra Leimich)

__**Project Area: On-Cloud forensics: Forensics-as-a-service **__ One of the main challenges for digital forensics is the ever-increasing scale of investigations, putting pressure on the acquisition, storage and analysis of exponentially growing volumes of data. This project will investigate whether, and how, cloud services could facilitate digital forensics in providing storage and / or analysis tools that are sufficiently scalable. This could use, for example, the Hadoop Distributed File System, which is optimised for a small number of very large "documents" and offers MapReduce, a software framework for the parallel processing of massive amounts of unstructured data. Initial bibliography: <span style="font-family: Arial,Helvetica,sans-serif;">Wen, K. et al. 2013. Forensics-as-a-Service (FaaS): Computer Forensic Workflow Management and Processing Using Cloud. 4th International Conference on Cloud Computing, GRIDs, and Virtualization. 4: pp.208-214. https://www.thinkmind.org/download.php?articleid=cloud_computing_2013_8_40_20185

<span style="font-family: Arial,Helvetica,sans-serif;">Lee J. and Un S. 2012 Digital forensics as a service: a case study of forensic indexed search. In: ICT Convergence (ICTC), 2012. International Conference. Jeju Island, Korea October 15-17 2012.pp. 499–503. <span style="font-family: Arial,Helvetica,sans-serif;">Roussev, V. et al. 2009. A cloud computing platform for large-scale forensic computing. In: G. Patterson and S. Shenoi. eds. Advances in digital forensics V, IFIP advances in information and communication technology. 5th ed. 2009, pp. 201-214. http://link.springer.com.ezproxy.napier.ac.uk/chapter/10.1007/978-3-642-04155-6_15.

__**<span style="font-family: Arial,Helvetica,sans-serif;">Project Area: Similarity / Fuzzy hashing **__ <span style="font-family: Arial,Helvetica,sans-serif;">One of the main problems with using hashes to compare files for forensic investigations is that even a one bit difference between two files usually creates completely different hashes. The aim of similarity preserving or fuzzy hashing is that it should highlight nearly identical files (for example photos that have been resized or cropped), for example, for blacklisting purposes. There are many possible project directions in this area. Good maths skills are required.

__**<span style="font-family: Arial,Helvetica,sans-serif;">Project area: Automated RAM Acquisition / Analysis for SQLi protection -Enhanced Database Security and Forensics **__ <span style="font-family: Arial,Helvetica,sans-serif;">This is a group of possible projects, the focus could be on acquisition or analysis respectively. Requires good database knowledge. <span style="font-family: Arial,Helvetica,sans-serif;">While security mechanisms such as network intrusion detection systems can be very effective, few of these help protect the data in a database against insiders or against data theft carried out through SQL SELECT statements. Database management systems such as SQL Server typically store records of SELECT statements only in RAM. This project will further develop work carried out by a recent project which established the traces of SQL injection that can be found in RAM in several example scenarios using the open source DBMS Postgres. It concluded that if RAM was to be captured and analysed periodically then SQL injection has the potential to be detected quicker. However, this requires that the RAM dump is analysed in near-real time, which in turn requires automated analysis tools. RAM capture can be an intrusive process and depending on the method used, it may even overwrite data. <span style="font-family: Arial,Helvetica,sans-serif;">A project focusing on acquisition could seek to develop automated RAM capture software which could reside within the database server system. The software should not affect the efficiency of the ongoing database operations and, ideally, would be "forensically sound" in ensuring that the capture itself would not change any of the data held in RAM. <span style="font-family: Arial,Helvetica,sans-serif;">There are many RAM analysis tools already available but these do not necessarily work in relation to abuse of privileges and SQL injection. For example, Volatility was unable to identify the attacks simulated previously because no malicious processes or backdoor were used or created. An analysis approach could be to create a blacklist that contains known SQL injection attack tools and typical SQL injection query statements. By applying this to the memory dump, the known good or bad raw data can be filtered out which would then be subjected to scrutiny, effectively acting like a signature based IDS. <span style="font-family: Arial,Helvetica,sans-serif;">McDonald, C. 2015. Enhanced Database Security With RAM Forensics. Honours Project. Abertay University. (Available from Petra Leimich) <span style="font-family: Arial,Helvetica,sans-serif;">Ligh,M. et.al.2014. ”The Art of Memory Forensics”. [Online] John Wiley & Sons. <span style="font-family: Arial,Helvetica,sans-serif;">Vomel,S and Stuttgen,J. 2013. An evaluation platform for memory acquisition software. Digital Investigation. 10: pp. S30-S40 <span style="font-family: Arial,Helvetica,sans-serif;">Schatz, B. 2007. BodySnatcher: Towards reliable volatile memory acquisition by software. Digital Investigation. 4:pp. S126-S134 <span style="font-family: Arial,Helvetica,sans-serif;">Santos, R. et al. 2014. Approaches and challenges in database intrusion detection. ACM SIGMOD Record. 43(3): pp.36-47