Term Project

Why a Project?

This course covers a very large discipline, and - perhaps more so than many other areas of computer science - the discipline of computer security runs through many other areas. Because the class has a very limited amount of time, we will only touch the surface of many topics. The project is to give you an opportunity to explore one of these topics, or some other area or application of computer security that interests you, in some depth.

The Ground Rules

You may select a project from the list below (in most cases, you will need to refine or limit the suggestions). You may also think of a project on your own. The project can be a detailed research report or survey, or a programming project. In any case, check with me before beginning to be sure it is a reasonable project and no-one else has chosen it. Please select something that interests you!

You may work individually, or in groups of up to 4 people (if you want to have more than 4, please come see me). Of course, the larger the group, the more we will expect from it!

Some Suggestions for Project and Report Topics

• Malicious logic and biology: how computer worms, viruses, etc. compare to their biological counterparts
• Security requirements in an academic environment (or another environment; medical environments are a hot topic right now)
• Automating policy checking (to ensure your computer/site meets a given policy) and/or definition
• Authenticating users and systems (especially over untrusted networks)
• Factoring a number
• Design and implement a firewall with specific properties and features
• Electronic voting machines and computer security
• Modifying access control mechanisms to the UNIX system (for example, adding rings or capabilities)
• Rights and amplification of rights in a capability-based system
• Secure electronic mail: proposed standards
• Design a program (or set of programs) to break a cipher; for example, a cryptographers' toolkit (you will have to narrow this down a great deal)
• Analyzing and/or testing programs for vulnerabilities (pick a couple as examples)
• Intrusion detection and incident response (incident response is a new, and very hot, area right now)
• Write a large (useful) program using the techniques we discussed in class, and argue convincingly why it is "secure" (mail server, WWW server, etc.; these may have limited functionality)
• Analyzing a system's or site's security. (We are making arrangements to have access to an "intrusion tolerant" system, and the designers would love to see if anyone can defeat or evade the mechanisms. Ask for details!)
• Security features of IP version 6 (or ATM, or SSL, or another protocol): how good are they?
• Comparing Windows NT security tools and UNIX security tools (with respect to functionality, trustworthiness, ease of use, etc.)
• Developing a security tool (you can pick what you want to write, but please check with me first!)
• Attacking systems; how, who, why, and so forth

What Is Due

Please submit the following on the dates indicated:

1. Project selection: due date: January 22, 2003; weight: 10% of project score
   Pick your team member(s), if anyone other than you. Submit a web page with your team members, a one-line title of your project, and a short description. If you're doing a paper, state the theme and why you chose it. If you're doing a programming project, state the problem you want to solve and the requirements for a solution. A template for the web page will be available on January 15 on MyUCDavis.
2. Project design: due date: February 5, 2003; weight: 30% of project score
   Submit a detailed plan for your project (and any team member changes) to the web page you already submitted. If you're doing a paper, you need to send a detailed outline, plus enough background and references to convince me you can turn this into a good, solid term paper. If you're doing a programming project, you need to have a set of specifications and a design document, and show that your program will solve the problem you are tackling. Again, a template for the web page will be available on January 29 on MyUCDavis.
3. Project: due date: March 14, 2003; weight:60% of project score
   Submit your completed project. You need not submit a web page for this.

In all cases, submit the project to MyUCDavis as described in All About Homework. If a team has multiple members, only one need submit the material, but the names of all team members must be on the submission.