...
Josh Hodosh <jo21979@mit.edu>, Philip Marquardt <ph22824@mit.edu>, Michael Specter <mi22536@mit.edu>, Frank Moda <fr21205@mit.edu>: Examine the security of NFC in Android mobile phones with respect to the digital wallet. Exploit any potential vulnerabilities and offer mitigation techniques.
...
Madars Virza <madars@mit.edu>: I would like to add a polymorphic backend to LLVM, which could be used to generate deeply watermarked code. Alternatively I would like to work on the PKI problem by implementing additional kinds of notaries for Convergence like SSL Observatory-based notary (currently there is only a perspectives-type notary).
Frank Moda <fr21205@mit.edu>: I am potentially interested in implementing single-signon protocols in zoobar, using Resin taint-tracking in zoobar, or perhaps a security related project in Android (looking for group with more specific idea).
Mikhail Kazdagli <kazdagli@mit.edu>: I'd like to use IntelPIN's binary instrumentation to implement emulation mechanism for unmodified binaries. This feature should allow to analyze dynamic behavior of x86 code, and if it reveals suspicious behavior, this security system should block its execution.
Chris Calabrese <cbreezy@mit.edu>: Possibly working with the Android operating system and writing/analyzing some cool exploits to take advantage of the security model and any implementation flaws in a particular version of the software.
Joe Colosimo <colosimo@>: Hardware side-channel attacks. I'm interested in looking at some basic cryptography libraries for Atmel AVR microcontrollers and potentially exploiting them through side-channel attacks. Existing papers point to these kinds of vulnerabilities as being very real and very measurable. Between measuring timing (which is usually very precise with microcontrollers) and current (which can help mitigate preventions to timing attacks through spinlooping), data should be extractable from the controller. This has applications in embedded devices that have secret keys inside them.
Stefan Gimmillaro <stefang@mit.edu>: Interested in exploring PHP/MYSQL vulnerabilities; creation automatic testing of php websites to search for common exploits. Also interested in p2p data encryption.