The students of Dr. T’s Cyber Security Security Research & Development class will be presenting their Open Source Security Analysis & Improvement Group Projects 7:00-8:00 PM in Civil 213 on April 23.

Group 1: Charles Tullock (team lead), Shaun Wagner, Jonathan Blount
Libpurple is an open source library that provides routines to access popular instant messaging services. It also provides basic options associated with instant messaging clients such as storing passwords and conversation logging. However passwords are stored in a human readable plain text format.

The primary purpose of this project is to create a multiplatform open source plugin that would use the user’s operating system’s security routines to provide secure password storage. Pidgin is our chosen demo application since it has a large user base and is the default messenger on many versions of Linux.

Our plugin provides an interface that each operating system can use to encrypt passwords. Currently we are using KDE and Windows to demonstrate how this plugin can be implemented in multiple operating systems.

Group 2: Derek Ditch (team lead), Dylan McDonald, Justin Miller
Today, users store all varieties of personal information on their computers in the form of address books, e-mail, chat logs, and calendars. When this information is stored in an SQL database, it can be subject to SQL injection attacks. We use Akonadi, the personal information manager for KDE4 and soon Gnome, to illustrate how this type of attack would work. We will then present our query sanitation library, which we call SQLSanitizer, that will help mitigate these types of attacks by ensuring common attack techniques are identified and removed.

This entry was posted on Thursday, April 10th, 2008 at 11:18 am and is filed under Archive. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.