Potential
598-4 Projects
A term project is required in the course. The following are the
deadlines:
-
Feb. 3rd: project proposal due. Earlier submission is encouraged. Acceptance
of the proposal is not guaranteed. I may ask you to think of something
else if the proposal is not interesting enough.
-
Mar. 3rd: A paper that surveys work related to your project and presents
the design of your project.
-
Mar. 24th-Apr. 14th: An in-class project presentation for about 30 minutes.
Let me know the time you would like scheduled after Mar. 15th. This may
include a demo or snapshots from a demo.
-
Final project report is due at the end of classes (or within a few days of it).
Includes as appendices any implementation-related material (e.g., code, how
system was deployed, etc.).
Projects may or may not have an implementation component. A really good design
paper, along with good discussion related work, is preferred compared to
a weak implementation project. The best way to learn about the
security area is to work with a real problem. One example area that
is worth looking at, for example, is to model the security in the DCO environment
and to analyze vulnerabilities in a network such as EECS itself. You
could go further and and design or experiment with deployment of tools to
stop any identified vulnerabilities.
Below are other project ideas to get you thinking.
-
Survey of the work on security models. Since this is a survey project, high
quality paper is expected that is understandable to a general audience and
yet provides a good comparative study and classification of various security
models, along the lines of papers in ACM Computing Surveys.
- A project on security in programming languages
- A project on enforcing either integrity or mandatory access controls
in SELinux.
-
Compare an available cryptographic file system with a standard non-cryptographic
file system in terms of features, ease of use and deployment, sharing of
files among users, and performance. Design and implement a multi-user cryptographic
file system, if necessary, and attempt to make it available to the DCO
community of users. Address any concerns that arise during your deployment
experience. You could also explore network-based cryptographic file systems.
Some work along this line is being done at Microsoft Research. The idea
is to create a file system in which files can be replicated anywhere on
the network, even on public machines. You also want to make sure that encryption
schemes used are such so that reads and updates to the files are fast,
even for random access. Ideally, you want multiple people to be able to
share the files and know who is reading/writing the files (auditing).
-
Some recent work has been done on efficient searching for information in
a cryptographic file system without revealing too much content to the machine
on which the search is carried out (See 2000 IEEE Symposium on Security
and Privacy). Integrate the mechanisms with a cryptographic file system.
- Grid and utility computing is a big deal these days. Identify a
security issue in this model of computing and investigate solutions.
- Peer-to-peer file systems have recently been proposed. Identify a security
issue in these systems and propose solutions.
- Talk to me if you are interested in security in group environments or
multicast security. You may be able to do something related to the
Antigone project in my group.
- Explore database security issues.
- Explore issues in handling DDoS attacks, security of BGP routing protocols,
etc.
-
Many machines are frequently compromised on a network such as EECS every
year. The compromises are often discovered much later after the compromise
and only when other sites complain that a compromised machine is being
used to launch attacks. Do an survey of typical attacks and design solutions
that can help in earlier detection or even prevention of such attacks.
Note that EECS poses a particularly challenging environment since some,
but not all, machines are maintained by graduate students. Tools you may
want to consider as starting point are Tripwire and firewall type tools
(e.g., ipchains), and tcpwrappers.
-
If you are taking another graduate course in EECS that has an intersection
with the security course, it is acceptable to come up with a more ambitious
project that satisfies the requirements of both courses. You must have
an OK from instructor of the other course as well as me. For example, a
possible joint project between EECS 684 and this course would be to explore
the problem of security in publish-subscribe systems or security in database
systems.
-
Explore the problem of securing logs and doing some analysis for EECS machines.
Logs are often the first thing that intruders try to clean up to hide their
tracks. One solution would be a secure log server, for example. Try to
address any potential problems there -- such as denial-of-service attacks
on the log server by making it run out of disk space.
-
Explore the problem of securing the wireless network in EECS. What are
the current vulnerabilities? Can you show that vulnerabilities can be exploited?
What can be done to address the problems?
-
Design (or integrate existing) tools to scan for vulnerabilities in the
installed software (e.g., on EECS) or network services. There are several
tools already available: tiger, crack, SATAN, SAINT, tripwire, etc., for
some types of vulnerabilities. However, new bugs continue to be found,
thus ideally requiring updates to scanning software -- similar to those
for virus detectors. Compare available scanning tools and make them more
user-friendly (including integrating them) for use by system administrators.
-
Design tools to detect for scans on the machine for vulnerabilities and
possibly limit the effectiveness of the scans.
Examples of projects from last offering:
Modification of inode structure in Linux to support
detection of tampering of file integrity and to ensure confidentiality.
A solution to the 802.11 wireless ethernet security that fixes the
vulnerability in WEP, while maintaining compatibility.
A service to establish ad-hoc VPNs among mobile machines.
Analysis of security vulnerabilities in a Linux-based virtual machine.
Analysis of vulnerablities in DCO and a feasibility analsis for
deploying security-related tools for deployment within EECS (this project actually
led to lots of changes within EECS).