Term Project

Why a Project?

This course covers a very large discipline, and - perhaps more so than many other areas of computer science - the discipline of computer security runs through many other areas. Because the class has a very limited amount of time, we will only touch the surface of many topics. The project is to give you an opportunity to explore one of these topics, or some other area or application of computer security that interests you, in some depth.

The Ground Rules

You may select a project from the list below (in most cases, you will need to refine or limit the suggestions). You may also think of a project on your own. The project can be a detailed research report or survey, or a programming project. In any case, check with me before beginning to be sure it is a reasonable project and no-one else has chosen it. Please select something that interests you!

Some Suggestions for Project and Report Topics

• Malicious logic and biology: how computer worms, viruses, etc. compare to their biological counterparts
• Security requirements in an academic environment (or another environment; medical environments are a hot topic right now)
• Automating policy checking (to ensure your computer/site meets a given policy) and/or definition
• Authenticating users and systems (especially over untrusted networks)
• Factoring a number
• Design and implement a firewall with specific properties and features
• Electronic voting machines and computer security
• Modifying access control mechanisms to the UNIX system (for example, adding rings or capabilities)
• Rights and amplification of rights in a capability-based system
• Secure electronic mail: proposed standards
• Design a program (or set of programs) to break a cipher; for example, a cryptographers' toolkit (you will have to narrow this down a great deal)
• Analyzing and/or testing programs for vulnerabilities (pick a couple as examples)
• Intrusion detection and incident response (incident response is a new, and very hot, area right now)
• Write a large (useful) program using the techniques we discussed in class, and argue convincingly why it is "secure" (mail server, WWW server, etc.; these may have limited functionality)
• Analyzing a system's or site's security. (We have a DG/UX system available that is "highly secure" and would be a good one to attack ...)
• Security features of IP version 6 (or ATM, or SSL, or another protocol): how good are they?
• Comparing Windows NT security tools and UNIX security tools (with respect to functionality, trustworthiness, ease of use, etc.)
• Developing a security tool (you can pick what you want to write, but please check with me first!)
• Attacking systems; how, who, why, and so forth

What Is Due

Please submit the following on the dates indicated:

1. due date: October 13, 1999; weight: 10% of project score
   Pick your team member(s), if anyone other than you. Submit a web page with your team members, a one-line title of your project, and a short description. If you're doing a paper, state the theme and why you chose it. If you're doing a programming project, state the problem you want to solve and the requirements for a solution.
2. due date: October 29, 1999; weight: 30% of project score
   Submit a detailed plan for your project (and any team member changes) to the web page you already submitted. If you're doing a paper, you need to send a detailed outline, plus enough background and references to convince me you can turn this into a good, solid term paper. If you're doing a programming project, you need to have a set of specifications and a design document, and show that your program will solve the problem you are tackling.
3. due date: December 10, 1999; weight: 60% of project score
   Submit your completed project. You need not submit a web page for this.

In all cases, use the handin program as described in All About Homework. If a team has multiple members, only one need submit the material, but the names of all team members must be on the submission.

I will post all web pages off the class web page (follow the projects link). Sample pages for the first two parts will be available.