I had this nice litte chat with my promotor an hour ago, where we discussed different topics for my thesis.
I prepared 2:
1) The impact of malware on the network (prevention, detection, treatment)
2) Advancement of security in Linux (The objective would be to discuss the advancements of security in linux. It would include things such as SELinux, GRsec, SSP, ...)
As I was thinking that he'd like the first best (considering it has to be academic and I haven't seen much papers on that subject), I elaborated that more. Now, when I told him my subject, he said it had been done before, but that if I really wanted, I could write on it as well.
Though, he clearly stated that he liked the second topic better and that it would be a better subject to write on.
Now the problem is, that I have absolutely no idea what I'm getting into. He was talking about a "do"-thesis, where I'd take a book like "Oreilly's Unix and Internet Security", apply those techniques on my box and discuss the outcomes. Without doubt, it probably means getting into the tiny little details of Access Control, sandboxes, SSP and probably even the linux kernel.
Though I feel fairly confident about my linux skills (i.e. I don't consider myself a newbie anymore), I'm still not sure what I'm up against.
Can anyone point me out the possible difficulties that lie in that field.
Thanks in advance...
I prepared 2:
1) The impact of malware on the network (prevention, detection, treatment)
2) Advancement of security in Linux (The objective would be to discuss the advancements of security in linux. It would include things such as SELinux, GRsec, SSP, ...)
As I was thinking that he'd like the first best (considering it has to be academic and I haven't seen much papers on that subject), I elaborated that more. Now, when I told him my subject, he said it had been done before, but that if I really wanted, I could write on it as well.
Though, he clearly stated that he liked the second topic better and that it would be a better subject to write on.
Now the problem is, that I have absolutely no idea what I'm getting into. He was talking about a "do"-thesis, where I'd take a book like "Oreilly's Unix and Internet Security", apply those techniques on my box and discuss the outcomes. Without doubt, it probably means getting into the tiny little details of Access Control, sandboxes, SSP and probably even the linux kernel.
Though I feel fairly confident about my linux skills (i.e. I don't consider myself a newbie anymore), I'm still not sure what I'm up against.
Can anyone point me out the possible difficulties that lie in that field.
Thanks in advance...
