CS378 Assignment 4

Due: Friday, March 2, 2012.

The Assignment

Hopefully, by now you have thought about your project topic. It's time to get started on the project in earnest. By March 2, you should do the following:
  1. Reserve your project topic with Dr. Young. You don't have to do that if your name is already listed with a topic on the topics list.

  2. Decide whether you are going to do the project alone or with a partner. Please strongly considering doing it with a partner. Inform Dr. Young of that unless you've already done so.

  3. Create and submit a document containing the following:

    1. a short but informative description (a few paragraphs) describing your project topic and why it is relevant to this class; and

    2. at least four resourses you have found (on-line or otherwise) that you will use as sources for your project research. List them with descriptions in the form of an annotated bibliography. If the resources are on-line resources, be sure that you include a URL. Use good citation style.

Possible Topics

The following are some possible topics for your CS378 project. You'll write a paper on topic and prepare a "poster" as if you were presenting at a conference or symposium. There are many examples of such posters around ACES. Here's an example: poster example..

The topics below are simply suggestions. You are free to define your own topic or to revise one of these. However, your topic must deal with a substantive issue in information assurance and security and must be approved by Dr. Young. You will be submitting a report on the topic and preparing a "poster presentation" on your topic.

You are strongly encouraged to work with one other student on the project.

No two groups may choose the same topic, though topics may be related. So if you find one of the following attractive, stake your claim early. There is more than enough material for a book on any one of the following topics, but some likely will require more digging than others.

If you are feeling somewhat ambitious, Prof. Shmatikov often posts lists of topics for projects for his security classes. You might look there for additional ideas: Prof. Shmatikov's courses.

If you are interested in a topic that has been taken, but lists "open to teaming" let me know and I'll arrange communication for you.

  1. Tor and onion routing (Taken: Ahmad Khan and Baldemar Silva)
  2. SQL Injection Attacks (Taken: Anil Krishnan and Dino Camingue)
  3. Hackers Toolkits (Taken: Namsu Kim and Dave Sackmary)
  4. Wifi security (Taken: Hsiao Chung and Jennifer Nguyen)
  5. Jail-breaking mobile devices (Taken: Scott Rumsey and Anirudh Sridhar)
  6. Social engineering (Taken: Blake Gilstrap (open to teaming))
  7. Security/Cyberwarfare and Cloud Computing (Taken: Jiawei Guo (open to teaming))
  8. Stuxnet (Taken: Brad Burlage and Adam Creaney)
  9. Web Browser security (Taken: George Kim Wang and Nick Blazier)
  10. China vs. Google (Taken: Xavier Beynon and Rianna Richardson)
  11. RFID Tags (Taken: Kristina Gin and Hyon Choe)
  12. Net Neutrality controversy (Taken: Alejandro Weibel)
  13. Case Study of IA in Small Business (Taken: Ignacio Robles)
  14. Cybergeddon: Is it Possible? (Taken: Aamer Husain and Maanul Shrivastava)
  15. Bluetooth Security (Taken: Steven Cahail and Cole Stewart )
  16. Internet censorship (Taken: Leber Perez and Adan Saenz)
  17. Cell phone security (Taken: Matt Beltran and Kirk Wilkinson)
  18. Electronic voting (Taken: Michael Tarng and Joseph Shield)
  19. Hacking automobiles (Taken: Candice Groce and James Royal)
  20. The Internet "kill switch" controversy (Taken: Mariel Maldonado and Jessica Vargas)
  21. Terrorism using Social Media (Taken: Daniel Flores and Alejandro Morales)
  22. Electronic Currency (Taken: Daniel Finan and Miguel Roman)
  23. VOIP Security (Taken: Jesus Hernandez)
  24. Organized Cyber Crime (Taken: Robert Hammond)
  25. Google's new privacy policy (Taken: Dan Jackson)
  26. Information Censorship in China (Taken: Samantha Salinas and Charrealle Robinson)
  27. Post-Quantum Crypto (Taken: Aaron J Gardner and Thuc-Vy Nguyen)
  28. SSL and TLS (Taken: Hyun Jeong)
  29. U.S. Cyber Command (Taken: Ryan Jurgensen)
  30. Password Generation (Taken: Jimmy Moon)
  31. SAML
  32. Defensive cyberweapons
  33. Hackerspace Global Grid
  34. Mesh networking
  35. Privacy and the government
  36. Hacking and some aspect of critical infrastructure
  37. The automation paradox
  38. Internet ID
  39. Metasploit
  40. Homomorphic encryption
  41. Data retention rules for ISPs
  42. Titan Rain or similar attack
  43. Careful analysis of a specific malware attack
  44. Son of Stuxnet
  45. LFI's and php-injected JPEGs
  46. Weakness in AES
  47. Some aspect of laptop security
  48. Side Channel Attacks
  49. Behavioral (zero touch) authentication
  50. Full Disclosure and Hacker Ethics
  51. Something relating to cyberwarfare
  52. Cyberwar Rules of Engagement
  53. The Java Security Model
  54. Smartcard Security
  55. Integer Overflows
  56. Buffer Overflows
  57. Race Conditions
  58. Randomness
  59. Honeynets
  60. Security on Distributed Object Platforms
  61. The Trusted Computing Controversy
  62. Single Sign-on
  63. Proof-Carrying Code
  64. Passwords and User Authentication
  65. Anti-virus software
  66. Cross Site Scripting
  67. Security and Cookies
  68. Taint Tracking
  69. Format String Attacks
  70. Host-based Intrusion Detection
  71. Network-based Intrusion Detection
  72. Security Planning Tools
  73. Security Policy Languages (KeyNote, XACML, etc.)
  74. TEMPEST
  75. WIFI Security
  76. Phishing and pharming
  77. Random Number Generators
  78. Inter-domain routing
  79. Biometric Authentication
  80. Anonymous Networks
  81. Quantum Cryptography
  82. Whitelisting and blacklisting as security techniques
  83. Analysis of the effects of one of the regs (HIPAA, SOX, GLBA, etc)
  84. Economics of Spam
  85. Removable storage security
  86. Operation Aurora
  87. Same-Origin Policy
  88. Networks and Crypto
  89. Others will be added as I think of them.