Cyber Security Thesis: Monitoring and Preventing Sub Domain Takeover at IKEA Sweden


At IKEA we are building, integrating, and using software to solve complex problems. To fulfill our IKEA vision: “a better everyday life for the many people” we need to make sure that the software we create and use must be safe, for both our customers and co-workers. Creating secure software is essential for the success of any digital company. However, security does not always have the priority it requires and many teams struggles to fit it into their daily work.

There are multiple causes for why we are not building adequately secure software and are some of the perceived problems:

  • Security activities are time consuming and limited in impact.
  • We cannot automate enough of security
  • On the data we do have, we do not act accordingly.

Cyber Security at IKEA would like to work with two master's thesis student, to explore some of the topics we lie awake at night wondering about.

Sub Domain Takeover

With the increasing adoption of cloud services, new security threats are continuously being introduced. Cloud hosting providers offer a number of services for easily creating and deploying new resources, which requires new techniques for managing and securing them. One particular vulnerability, that is prominent across organizations today is subdomain takeover. A subdomain takeover is made possible when a domain name points to a cloud resource that no longer exists and is available for someone else to claim it. We refer to these domains as orphans. The result of a successful subdomain takeover could lead to further critical vulnerabilities which are very difficult to detect.


Finding the right goals, is part of the thesis work, but here are some examples what we think is a good start:

  • Research the state of the art subdomain takeover countermeasures offered by the major cloud providers (gcp, aws, azure, alibaba, yandex).
  • Define fingerprinting methods for identifying when a subdomain has been taken over.
  • Implementation of a monitoring software to alert when a subdomain is orphaned.


We believe that you are interested and curious about both software and security. To succeed, we think some of the following qualifications are met:

  • Software development experience developing some sort of digital product.
  • Experience of serverless cloud infrastructure.
  • Understanding of software architecture
  • Understanding of risk management and the challenges of creating secure software
  • An interest in pursuing a career in Cyber Security.
Attention: Often you need a pre-approval from your university or study counselor, to ensure that projects or thesis found on SH Karriär will be accepted as part of your education. Please contact the right entity in due time to ensure that you're picking the right project.