Public defence in Computer Science, M.Sc. (Tech) Siddharth Rao
Title of the doctoral thesis: Analyzing Communications and Software Systems Security
Doctoral student: Siddharth Rao
Opponent: Prof. Chris Mitchell, Royal Holloway University of London, England
Custos: Prof. Tuomas Aura, Aalto University School of Science, Department of Computer Science
Thesis available for public display 10 days prior to the defence at: https://aaltodoc.aalto.fi/doc_public/eonly/riiputus/
Siddharth Rao's doctoral thesis analyzes the security of several information systems that are part of our day-to-day lives, such as software applications on the desktop and in the cloud, mobile communication networks, and hardware security modules. The focus is on the security of communication channels within these systems. We analyze a broad spectrum of communication types, from inter-process communication and virtual private networks to 3GPP mobile networks and API-based communication. The analysis reflects the points of view of system design, evolving threat landscapes, software implementation, and human factors. The overall goal is to provide an understanding of the design choices and processes that improve the system's security or may lead to vulnerabilities.
The contributions of this thesis include a novel adversary model to study local communication inside a computer, a conceptual framework to study mobile communications systems, the discovery of several new types of security vulnerabilities in networks and software, and an analysis of the usability issues software developers face. Our research provides new information on security vulnerabilities, creates awareness, and helps industry and developers address the issues. This thesis shows that analyzing the security of communications and software systems benefits from employing various approaches. The discovery of new classes of security vulnerabilities and the increased understanding of the attacks discussed in the thesis contribute to designing more robust and secure systems.
The research results from the thesis have been presented at top-tier academic conferences and well-known hacker venues such as DEFCON and Blackhat. They have also been communicated to the software developers and vendors by following responsible disclosure. During the research, the author has participated in civil-society investigations that uncovered security attacks against mobile phone users in the wild. The defenses and mitigations discussed in the publication contribute to best-practice guidelines and roadmaps for secure communication systems development. The threat modeling framework for mobile communication has started an industry-wide effort on such frameworks. These examples demonstrate the impact of academic research on industry and society.
Doctoral theses in the School of Science: https://aaltodoc.aalto.fi/handle/123456789/52