Project Why a Project? This course covers a very large discipline, and ‚ perhaps more so than many other areas of computer science ‚ the discipline of computer security runs through many other areas. Because the class has a very limited amount of time, we will only touch the surface of many topics. The project is to give you an opportunity to explore one of these topics, or some other area or application of computer security that interests you, in some depth. The Ground Rules You may select a project from the list below (in most cases, you will need to refine or limit the suggestions). You may also think of a project on your own. The project can be a detailed research report or survey, or a programming project. In any case, check with me before beginning to be sure it is a reasonable project and no-one else has chosen it. Please select something that interests you! You may work singly or in groups of not more than 4. For a group project, everyone will get the same grade, and I will expect more out of such a project than out of one done by a single student. If you decide to do a group project, please let me know the members of your group. Some Suggestions for Project and Report Topics Ä Malicious logic and biology: how computer worms, viruses, etc. compare to their biological counterparts Ä Security requirements in an academic environment (or another environment; medical environments are a hot topic right now) Ä Automating policy checking (to ensure your computer/site meets a given policy) and/or definition Ä Authenticating users and systems (especially over untrusted networks) Ä Factoring a number Ä Electronic voting machines and computer security Ä Modifying access control mechanisms to the UNIX system (for example, adding rings or capabilities) Ä Rights and amplification of rights in a capability-based system Ä Secure electronic mail: proposed standards Ä Design a program (or set of programs) to break a cipher; for example, a cryptographers¼ toolkit (you will have to narrow this down a great deal) Ä Analyzing and/or testing programs for vulnerabilities (pick a couple as examples) Ä Intrusion detection and incident response (incident response is a new, and very hot, area right now) Ä Write a large (useful) program using the techniques we discussed in class, and argue convincingly why it is „secure¾ (mail server, WWW server, etc.; these may have limited functionality) Ä Analyzing a system¼s or site¼s security Ä Security features of IP version 6 (or ATM, or SSL, or another protocol): how good are they? Ä Comparing Windows NT security tools and UNIX security tools (with respect to functionality, trustworthiness, ease of use, etc.) Ä Developing a security tool (you can pick what you want to write, but please check with me first!) Time Line You must turn in the following. Use the handin program to submit electronic copies, as described in the All About Homework handout. January 23, 1998 Project selected; if it is a group project, please name the members of the group. February 20, 1998 Design or outline completed. March 18, 1998 Project completed.