University projects

In this section I will present the projects that I have worked on as a student at Aalborg University, Denmark. If you want to contact me regarding any of my projects, feel free to contact me.

1. Semester

Evil Files

Written in collaboration with 6 other students.

Abstract: This project has worked on the subject of malicious files. The primary focus of the project has been malicious PDF-files. This focus was determined through an analysis of the most used attacked file types today. To fully understand the problem and the technical difficulties regarding this subject, terms like heap spraying, buffer overflows etc. has been investigated. Moreover this newly gathered information has created the base for creating a program which is able to decode PDF-files and scan for malicious content, with a special focus on heap sprays constructed in JavaScript. The problem of this project has been partially solved technically, and the effects onto society have been considered.

2. Semester

Passwords

Written in collaboration with 6 other students.

Abstract: The increasing amount of passwords and the requirements to the complexity of passwords in society is a problem. In this project we attempt to create a solution to the problem, by analyzing various aspects of password remembrance and software    protection. The problem analysis led us to the problem that the general population is unaware of the security aspects of using passwords. To solve this problem, we created a password manager program, with a special login technology. The goal of  the program is to take the security aspect from the user to the program. In the end we conclude that our solution is a step on the way, but that it does not completely solve the problem. The best solution would be to enlighten the population about passwords, and make them more aware about various security aspects.

3. Semester

Kvissel-Ravnshøj Idrætsforening

Written in collaboration with 6 other students.

Abstract: This report is made in collaboration with Kvissel Ravnshøj Idrætsforening (KR-IF). KR-IF had a information-distribution problem regarding information.  Through the analysis of the problem, we arrived at a problem formulation, and used it to make object-oriented diagrams and sketches, that led us to make a web application to help communication between the members and the administrative staff.

4. Semester

Candid – Programming language for home automation control

Written in collaboration with 4 other students.

Abstract: This report documents the need for providing programmers with a simplified way to write control software for Homeport. The programming language Candid is documented and presented, as a way to fullfill this need. The report documents the implementation of a compiler for Candid, which is implemented using ANTLR. Tests of the compiler, show that it can generate valid Lua code.

5. Semester

Platform Independent Peer-To-Peer Network For Indoor Collaborative Localization

Written in collaboration with 4 other students.

Abstract: For indoor navigation the GPS system cannot be used. Instead, we get an indoor position. For iOS and Windows Phone, indoor WiFi positioning is not currently possible. We created an Android application, which is using Bluetooth to share locations with other platforms, through a generic message passing network protocol. We describe how to port the network protocol to iOS and Windows Phone. This allows cross-platform collaborative localization. The network is designed to be communication technology independent. We show that it is possible to make a collaborative localization between iOS, Android and Windows Phone.

6. Semester (Bachelor Project)

Multidimensional Sequential Pattern Mining in the BagTrack Project

Written in collaboration with 3 other students.

Abstract: Baggage mishandling in the aviation industry is very expensive for the airlines,
and involves a lot of frustration for the passengers. To solve this problem, this
article propose an approach to find causes for baggage mishandling in airports.
This is done by constructing sequence databases based on RFID tracking, and
flight information from airports. This paper performs sequential pattern mining
to find sequential patterns, that leads to baggage being mishandled. This paper
develop an unsupervised global discretization method SupportMerge, which is
used to discretize the time durations to intervals, for optimizing the amount of
patterns found by the sequential pattern mining process. This paper transform
the RFID tracking data and flight information into multiple sequence databases.
A new method is presented called FkMdSeq, which is able to combine multiple
sequence databases into a single sequence database, which can be mined multi-
dimensionally, using the sequential pattern mining algorithm PrefixSpan. Using
this method this paper performs multidimensional sequential pattern mining,
on the transformed data in several ways by experimenting with tunable pa-
rameters. To reason about the validity of the mishandled patterns found, this
paper calculates the confidence of patterns leading to baggage mishandling.
The patterns found can be used in the aviation industry to optimize their bag-
gage management. We conduct experiments where we find patterns that leads
to baggage mishandling, these patterns are analyzed to find the results of the
transformations.
In the experiments, we have tested our tool chain using two different tests,
both run with the same configurations. Using a run configuration based on the
knowledge gained from the tuning section we presented two patterns that give
reasons for baggage mishandling. The section was closed with a discussion of
the results, showcasing issues with the approach used.

7. Semester

Unified Modelling of Outdoor and Indoor Space

Written in collaboration with 1 other student.

Abstract: Graph models are widely used for representing the topology of both outdoor and indoor space. However, most existing models neglect the intersection between O-Space and I-Space, only allowing for computations such as shortest-path and nearest-neighbour queries in either O-Space or I-Space, separately. In this, paper we present two different outdoor-indoor space models allowing queries to operate on both spaces. The first model keeps the distinct nature of the two spaces intact by having explicit connections between outdoor and indoor space. The second model abstracts this distinction away, and provides a uniform model of OI-Space. Both models allow for boolean constraints to be added to edges, which represents doors and roads in order to block access, for example on a specific time of day, or if the user has insufficient access to a particular area. We present algorithms for computing the shortest-path, between two geographical points. The algorithms ensure that all constraints put upon the model is taken into account, making it simple to define new types of constraints, as only a boolean result is needed by the algorithm. Evaluation of the algorithms show that future work in the area of optimisation is still desirable for both algorithms, in addition to experimentation with other location-based operations, such as nearest-neighbour search.

8. Semester

Applying Transfer Learning to a Consumer-Grade Brain-Computer Interface

Written in collaboration with 6 other students.

Abstract: In this project we investigate the applicability of transfer learning techniques to data collected using the consumer-grade Emotiv EPOC EEG headset. We based our research on the well-recognised P300 scenario and conducted three P300 experiments using the OpenViBE software for the acquisition of data. For transfer learning we adapt a regularised CSP framework and evaluate selected regularised CSP algorithms proved to be well-performing in other BCI settings. We also suggest two modifications for an existing regularised CSP algorithm. The modification is that we apply the Riemannian distance to compute the similarity between subjects, in terms of the distance between their covariance matrices. The results of these approaches are shown to improve the classification accuracy using small training set sizes, and therefore also the calibration time of the system.

9. Semester (pre-specialisation)

Securing Web Applications

Download report

Abstract: Securing web applications is difficult, and often developers are unaware of the lacking security. Here different vulnerabilities are presented, and how they can be prevented in the PHP programming language; namely SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Code Injection and HTTP Header Injection.
The problem of securing web application plugins when a secure core is present, and how to stop plugins from affecting the core if they are vulnerable is presented, along with proposed solutions. Additionally, proposals for how to ensure some security level is presented.

10. Semester (Specialisation, Master Thesis)

Detecting Incorrect WordPress Plugin Function Usage

Download Thesis

Abstract: This thesis presents the problem of incorrectly using either PHP build-in or homemade functions for WordPress plugin development. WordPress itself is created in a secure way, and vulnerabilities are quickly corrected. This is not the case for plugins, where there can be a multitude of vulnerabilities. WordPress supplies functions for correctly sanitisation of data, along with connecting to databases. WordPress allows the core functionality to be changed by using filters and actions, and if a developer forgets to close a filter this can have security and correctness implications.
A proof-of-concept solution using the nuXmv Model Checker on a WordPress plugin model for finding incorrect function usage and open filters is presented. Tests of the tool show that it is still clear that this is a proof-of-concept solution.