ECS 235 Projects

Goal Research projects are a major requirement of this course. You will do original research on a problem of interest in computer security to advance the state of the art. Be ambitious! Aim for publishable results in prestigious security conferences, such as:

• IEEE Symposium on Security and Privacy
• USENIX Security Symposium
• ACM Conference on Computer and Communications Security
• Network and Distributed System Security Symposium

Teams You will form a group of 2-3 people. Although I will not categorically rule out solo teams, I expect that working in groups will allow you to tackle more substantial research issues. You may use the class mailing list to find project partners, or I may help you find a partner.

Topics I will evaluate projects on the quality of their research in computer security. I expect that most projects will fall into one of two categories:

• Design. Design projects will usually attempt to solve some interesting problem by proposing a design, implementing a prototype, and evaluating the proposed system architecture based on the prototype.
• Attack (or analysis). Attack projects might, for example, study some previously-proposed implementation technique, existing system, or class of systems; evaluate its security properties; find flaws or strengths in it; and provide new insight into how to build secure systems.

Your project topic should be relevant to computer security in some way, but I will interpret this requirement broadly. I encourage you to be creative in identifying valuable problems. You are welcome to tie your project with your current research or with your project in another class.

Please come to talk to me about your project ideas. Here are some example topics to give you a feeling of potential projects. Although you are welcome to choose from these topics, you are in no way limited to them.

Project proposals, due Friday, 10/21. Choose your project topic and discuss it with me. Form your project team. Set up a web page with the name of your project, team members, and your proposal. Your proposal should briefly describe the problem, the related work, your approach, the expected results, and your schedule. Email me the title and URL of your project and your team members using the following template:

Midterm report, due Friday, 11/18. Your report should define the problem, your approach, your progress, and your plan for the rest of the project.

Poster session, Thursday, 12/8, 9-10:30am, 1065 Kemper. You will present a poster of your project to your classmates as well as other faculty and students, including possibly your advisor.

Project report, due Friday, 12/16. Write a conference-style paper describing the problem, your approach, your results, the merits and shortcomings of your approach compared to the past work on the problem. Discuss how to improve your approach or future work on the problem.

Software security

• Develope libraries to perform some key operations more securely in Java, such as erasing secrets from memory without relying on garbage collection, finely managing filesystem permissions to protect resources and avoid race conditions, etc. And these may be just the tip of the iceburg
• Investigate the abilities and shortcomings of source code analysis in detecting malicious code. People who plant backdoors may make an effort to disguise their work from human eyes, but a source code analyzer sees the code in a different way. Of course, it is possible to fool both humans and tools, but can source code analysis be used to make the bad guy's job harder? Look at samples from the malicious vote counting contest.
• How can source code analysis be used to repair certain classes of vulnerabilities? Easy case: format string vulnerabilities. What other categories of vulnerabilities can be repaired automatically? If automatic repair is not possible, how specific can the tool's advice be on fixing the problem? Write a tool that uses source code analysis to suggest fixes.

New attacks People have devised ingenious ways to attack systems, such as:

• Cellphone Security
• Keyboard Acoustic Emanations Revisited
• Exploiting Open Functionality in SMS-Capable Cellular Networks
• Mapping Internet Sensors with Probe Response Attacks
• Remote physical device fingerprinting

Can you find new security weaknesses in any widely-deployed system?

Malware defense Improve the state of the art malware defense.

• Static detection: How to detect polymorphic or encrypted malware more reliably?
• Dynamic detection: People have built sandboxes for detecting malicious program behavior at runtime. However, it is very difficulty to write a specification of malicious behavior for each application. How to overcome this difficult?

Virtual machines for security Recently, software has become available to implement a virtual machine for modern operating systems (e.g., Windows). This seems to provide a powerful mechanism for executing dangerous actions in an isolated environment. Does this idea work, and if so, how can we best take advantage of virtual machine techniques? Can we evaluate the security of, say, the VMWare virtual machine against malicious attempst to harm the host OS? Or, is there any better way to structure the the virtual machine implementation to isolate the security-critical functionality and thereby make the TCB simpler and easier-to-verify?

Security auditing Audit a widely-used and under-scrutinized open-source package that is security-critical. Report on your experiences and lessons. How would you re-structure/re-implement the system to make it more robust? What tools would have made your auditing task easier? How effective are existing tools?

Defenses against phishing Phishing is a social as much as technical problem. Still, are there any technical defenses or deterrents one might be able to deploy?

Enforcing resource bounds on malicious code Can we use proof-carrying code techniques to ensure that malicious code never exceeds a fixed resource bound? For instance, we might insist that it terminate within a given number of clock cycles; we could insert checks to a global timer whereever we cannot prove a satisfactory upper bound on the running time of the program, and omit the checks in regions (e.g., acyclic control-flow graphs) where we can verify statically that the time bound will not be exceeded.

Verifiable distributed computation The Internet is a vast resource of idle machines; we might like to harness these spare CPU cycles by offloading our lengthy computations to other computers. But in any such distributed setting, how do we know that the result that comes back is the correct one we wanted? Careful engineering combined with some recently-proposed cryptographic techniques might go a long way here in solving some cases of interest.

Security of peer-to-peer systems Peer-to-peer systems (e.g., Gnutella, Kazaa) have been a hot topic recently. You might study the security challenges inherent in peer-to-peer systems, either by proposing techniques for building secure peer-to-peer systems, or by analyzing an existing peer-to-peer system.

Formal modelling of security systems Build a formal model of some aspect of a security system, and rigorously evaluate its properties. For instance, you might look at the state machine associated with a TCP/IP stack, and model how the various network events can affect the state. You could build a formal model of actual behavior by working from the OS source code or by exhaustively testing the possibilities. Then you might build a formal model of intended behavior -- e.g., by working from the RFC, or by formalizing that there should be no LAND attacks (for instance) -- and you would check whether the specification matches the verification. Or, you might build a second model from a second operating system, compare where their behavior differs, and study whether this has any consequences for how to write portable security code. Such models might also be useful for intrusion detection as well.