Internship Programmes
 
Embedded Systems Automated Vulnerability Assessment Tool

Discipline: Computer Engineering / Computer Science/ Electrical Engineering preferred

Project Description:
Background.  Black box testing of embedded systems is important for security risk assessment.  Fuzzing is a vulnerability test process where the inputs of an application are tested with random data to identify bugs that needs to be fixed.

Objectives.  This project aims to develop a black-box testing framework based on fuzzing techniques for the embedded devices.  In particular, we are keen to apply fuzzing as automated test for embedded devices that uses TCP/IP-based application level protocols.  Corrective remedies for identified vulnerabilities could then be developed.

Potential benefits for the intern

1) Hands-on exposure to distributed control systems which are commonly used in real-world critical infrastructure.
2) Understanding security concerns & mitigating measures of real-time control systems.
3) Opportunities to apply computer science techniques concepts (e.g. data-mining, machine-learning techniques) to real life problem.
4) Deserving candidates who successfully demonstrate the concepts/prototype would be funded to attend a relevant overseas/local conference.

Pre-requisite:
Non-technical
- Natural sense of curiosity, like to spend time outside curriculum requirements to explore how things work.
- Self-driven to learn things that are not taught
- Strong independent thinking

Technical
- Familiarity with TCP/IP network programming
- Knowledge of embedded system development & testing
- Good skills in C, PERL or other system programming language