Thesis proposals
TEACHING PORTAL
Home
Created with Raphaël 2.1.0
Student services
Created with Raphaël 2.1.0
Thesis proposals

Ricerca CERCA
  KEYWORD

Identifying Security and Privacy Issues in Application Permissions within Microsoft Office 365 and Teams

keywords CYBERSECURITY, PRIVACY

Reference persons MARCO MELLIA

External reference persons Nikhil Jha - Postdoc Nikhil.jha@polito.it
Alberto Verna - PhD student - alberto.verna@polito.it
Enrico Venuto - Cybersecurity reference person of Polito IT systems

Research Groups DAUIN - GR-04 - DATABASE AND DATA MINING GROUP - DBDMG, SmartData@PoliTO, Telecommunication Networks Group

Thesis type EXPERIMENTAL RESEARCH

Description Abstract:
The widespread adoption of Microsoft Office 365 and Teams has revolutionized collaboration and productivity across organizations. However, the growing integration of third-party applications into these platforms raises significant concerns about security and privacy. Applications often request extensive permissions that can potentially expose sensitive organizational data to misuse or breaches. This thesis aims to systematically identify, analyze, and propose mitigations for potential security and privacy issues arising from the permissions requested by applications within Office 365 and Teams. By doing so, the research will contribute to safer practices in enterprise application management and inform policy decisions.

Problem Statement:
While Office 365 and Teams provide robust productivity features, their ecosystem of third-party applications introduces risks through excessive or unclear permission requests. These permissions can include access to emails, files, chat data, and user profiles, potentially exposing sensitive organizational data to unauthorized access or leaks. Current studies and industry practices do not sufficiently address the full scope of these risks, leaving organizations vulnerable. This thesis seeks to fill that gap by identifying potential security and privacy issues and recommending best practices to mitigate them.

Research Objectives:
1 - Identify Security Risks: Analyze the types of permissions commonly requested by applications in Office 365 and Teams and assess their potential misuse. This will be done using the data of the Politecnico di Polito Office365 subscription which includes more than 5000 active accounts.
2 - Privacy Concerns: Evaluate how application permissions can lead to privacy violations, both at an individual and organizational level.
3 - Vulnerability Assessment: Conduct a case study of selected applications to uncover real-world examples of excessive or misused permissions.
4 - Countermeasures: Develop guidelines and tools for organizations to assess and manage application permissions effectively.

Methodology:

1 - Literature Review: Analyze existing research on application security, privacy in enterprise platforms, and permission management frameworks.
2 - Data Collection and analysis:
- Gather data on permissions requested by a representative sample of Office 365 and Teams applications.
- Survey IT administrators and end-users to understand their perspectives on permission management.
3 - Risk Analysis:
- Use threat modeling to evaluate the risks associated with identified permissions.
- Apply static and dynamic analysis tools to scrutinize application behavior.
4 - Case Studies: Conduct detailed analyses of specific applications to identify vulnerabilities or exploit scenarios.
5 - Propose Solutions: Develop a framework or set of tools for evaluating and mitigating risks related to application permissions.

To grasp the applications that are currently linked to one's account, you can can https://myapplications.microsoft.com and refer to
https://support.microsoft.com/en-us/account-billing/edit-or-revoke-application-permissions-in-the-my-apps-portal-169be2b4-ee26-4338-aea8-d19bb2f329ee

Required skills - Solid knowledge of cybersecurity principles
- Solid programming skills
- Preferential: knowledge of how to interact with Microsoft Office and Teams platform programmatically

Notes - student with average grade of 27/30 or higher will be preferred


Deadline 06/06/2026      PROPONI LA TUA CANDIDATURA