Project Ideas for MSc Information Security

Please help me... I am looking for project ideas for my dissertation. currently doing an MSc in Information Security. I have the following ideas and would appreciate some comments or relevant projects for my disertation.

Thanks



PROJECT 1: Feasibility study for the implementation of secure email for a multinational company.

This will include the following:

Compare the various technologies for securing of email.

Implementing a PKI and creating a certificate authority for the company

Outline the process of creating and distributing public keys and storage of the CA private key, key management issues likely to be faced.

Make recommendations of the technology to use based on the feasibility study.




PROJECT 2: Legal issues in the implementation of a honey-pot


What a honey pot is? Who uses it and what value can be derived from its use on a commercial basis? Can the use of honey-pots have legal bearings and if so in what circumstances.



PROJECT 3: Investigating methods for reducing SPAM email

Unsolicited email is becoming a problem in electronic communications. Even though single messages easily can be classified and deleted by the receiver, the aggregate effect when receiving many spam messages becomes quite expensive. Part of the problem of SPAM is the difference between the cost of sending emails for the sender as compared to the receiver. The sender pays a fixed (low) price to send messages, while the reciever pays a very low price per email received. Thus the sender only needs a few successful emails (i.e. emails that lead to some transactions) of the large number of email sent to warrant the spam, and the sender is encouraged to include as many addresses as possible in his advertisement. Obviously, this is the opposite of what the receiver would like.

There are several methods in fighting spam. Some are built on signature analysis of the message, other on Bayesian techniques. Some let the user filter the email by himself, while other try to implement a site-wide solution.

False Positives
Even though these systems are tuned to the mail traffic of each particular user, there is a risk of false positives (normal email classified as spam) and false negatives (spam classified as regular email). The potential cost of false negatives can be low, and can be measured as a ratio of the number of correctly classified spam messages. However, the cost of false positives can be very high. Hence many users manually verify the classification to make sure they do not miss a potentially valuable (business-related, personal) email. The manual verification significantly reduces the usefulness of the spam classifier.

By increasing the cost for the sender for sending emails, we can arguably discourage them from spam emails; there would be a disincentive to include as many addresses as possible for each advertisement email. For example, when a message is classified as spam (by any method at the receiver's end) the system can send a message to the sender informing him or her that their message will only be read after they have spent some time or money.

Solving a problem (by spending a few seconds) is cheap for the sender, and does not exclude anyone as long as the problem is "easy" for humans. However, it does not reimburse the receiver for the time spent reading the email. In some cases a monetary compensation would be more suitable.

Example Project
The thesis work could be a survey of spam classification systems and an analysis how they work and what is required of the user (technical knowledge, continual updating of the system). The work could also implement a simple prototype of a cost-based system built around a "hard" problem.


PROJECT 4: A Study to Determine the Performance of a Wireless Information System in hospitals/operating theatres

The hospital operating theatre is a vibrant environment and the Information System procedures associated with this environment must be timely and accurate. The performance standards of an operating theatre environment should be kept at very high levels in order to guarantee efficient use of time associated with various procedures of operations. Due to various constraints such as shortage of training provided to nursing staff who could use Information Systems in an operating theatre environment, the current levels of performance in an operation theatre environment is questioned in many studies. This level of performance has resulted in medical errors and hence the safety of patients. The proposed study aims to address issues associated with information flow in an operating theatre environment in terms of timeliness and accuracy. To achieve this, a wireless module of an operation theatre will be mimicked. Once the wireless module is developed, a comparison will be made between this new system and existing system to measure the possible benefits in data entry time, data communications time and accuracy. The introduction of wireless technology into this scenario is hoped to bring about more timely and accurate information delivery and therefore reduce costs.