CS378 Assignment 4

Due: Wednesday, March 6, 2012.

The Assignment

Hopefully, by now you have thought about your project topic. It's time to get started on the project in earnest. By March 6, you should do the following:
  1. Reserve your project topic with Dr. Young.

  2. Assemble your team of 3 or 4 total students. If you have a strong preference for working alone, please rethink that. There's not enough time for all of the presentations if many students work alone or in pairs. Inform Dr. Young of the composition of your team.

  3. Create and submit a document containing the following:

    1. a short but informative description (a few paragraphs) describing your project topic and why it is relevant to this class; and

    2. at least five resourses you have found (on-line or otherwise) that you will use as sources for your project research. List them with descriptions in the form of an annotated bibliography. If the resources are on-line resources, be sure that you include a URL. Use good citation style.
Understand that the topic you choose has to support a sizable research paper and an interesting presentation. In general, the paper will be around 5 pages for each member of your team. If your team has four members, your paper will be around 20 pages. So, don't pick something trivial or so focused that you can't imagine producing that.

Possible Topics

The following are some possible topics for your CS378 project. You'll write a paper on the topic and prepare a "poster" as if you were presenting at a conference or symposium. There are many examples of such posters around ACES. Here's an example: poster example..

The topics below are simply suggestions. You are free to define your own topic or to revise one of these. You are encouraged to find a topic relating to CyberWarfare, but you don't have to do so. However, your topic must deal with a substantive issue in information assurance and security and must be approved by Dr. Young. You will be submitting a report on the topic and preparing a "poster presentation" on your topic.

No two groups may choose the same topic, though topics may be related. So if you find one of the following attractive, stake your claim early. There is more than enough material for a book on any one of the following topics, but some likely will require more digging than others.

If you are feeling somewhat ambitious, Prof. Shmatikov often posts lists of topics for projects for his security classes. You might look there for additional ideas: Prof. Shmatikov's courses.

If you are interested in a topic that has been taken, but lists "open to teaming" let me know and I'll arrange communication for you.

  1. Buffer Overflows (Taken: Jay Isaacks, James Debo, Michael Madden, Zesen Huang)
  2. Drones (Taken: Eric Thompson, Jasper Sone, Robert Shook, Oliver Wu, Angel Luu)
  3. Full Disclosure and Hacker Ethics (Taken: Charles Neill, Jeremy Shapiro and David Anderson)
  4. Honeynets (Taken: Brian Allen, Simin Chen, Kevin Kinney, Ann Zhu, Ashley McCrory)
  5. Defensive cyberweapons (Taken: Karan Sangani, Michael Porras, James Wei, Terry Liang, Chan-Tang Hsu)
  6. Security/Cyberwarfare and Cloud Computing (Taken: Marcella Nguyen, Michelle Mandel, and Jared Straub)
  7. The automation paradox (Taken: S E Schoolfield)
  8. Tor and onion routing (Taken: David Mis, Comyar Zaheri, Arturo Lemus, Kendall Ahrendsen)
  9. Hardware Rootkits (Taken: Bulat Bazarbayev, Chris Renke, Mike Wham)
  10. Analysis of the effects of one of the regs (HIPAA, SOX, GLBA, etc)
  11. Anonymous Networks
  12. Anonymous Hacker Group (Taken: Anthony Cargile, Ben Dodson, Julius Tran, Austin Hooper)
  13. Anti-virus software
  14. Behavioral (zero touch) authentication
  15. Biometric Authentication (Taken: Alek Anwar Merani, Cameron Rison, Cade Parker, Shane Fisette)
  16. Bluetooth Security
  17. Careful analysis of a specific malware attack
  18. China vs. Google (Taken: Carlos Urrutia, Francisco Garcia, Luis Santos)
  19. Cross Site Scripting (Taken: Sanket Sunil Joshi, Alex Ng Dehe, Tuan Pham, Duy Quang Nguyen)
  20. Cyberwarfare (Taken: Ross Gayler, Jorge Prado)
  21. Cyber Espionage: State v. State, State v. Industry - History, Tools, and Impact (Taken: Janek Lehr and Lisa Lippe)
  22. Data retention rules for ISPs
  23. Economics of Spam
  24. Educating Youth on Cyber Security (Taken: Emil Dides, Bryan Vuong, Kevin Jacoby, Ross Shwarts, Connor Bowman, Fletcher Edington)
  25. Electronic Currency (Taken: Raul Cardenas, Branden Chaisorn, Dimitri Gonzalez, Andrew Downing)
  26. Electronic voting
  27. Format String Attacks
  28. Hackers Toolkits
  29. Homomorphic encryption
  30. Host-based Intrusion Detection
  31. Integer Overflows
  32. Inter-domain routing
  33. Internet censorship (Taken: Olga Saprycheva, Prschita, Rebecca Carrender)
  34. Jail-breaking mobile devices (Taken: Susannah Elaine Kosty, Kelly Wilson, Khuong Thai, and Hyunchel Kim)
  35. LFI's and php-injected JPEGs
  36. Mobile/smart phone security (Taken: Dan Forbes, Guy Hawkins, Benjamin Bowley-Bryant, David Joseph)
  37. Model Checking for Protocols (Taken: Chris Hitte, Simon Doty, Joseph Ellyson)
  38. Network-based Intrusion Detection
  39. Password Generation
  40. Passwords and User Authentication
  41. Phishing and pharming
  42. Post-Quantum Crypto
  43. Proof-Carrying Code
  44. Quantum Cryptography
  45. RFID Tags
  46. Race Conditions
  47. Random Number Generators
  48. Randomness
  49. SAML
  50. SQL Injection Attacks
  51. SSL and TLS (Taken: Phillip Pham, Alex Chiu, Nam Nguyen, Andy Hsu)
  52. Security Planning Tools
  53. Security Policy Languages (KeyNote, XACML, etc.)
  54. Security and Cookies
  55. Security on Distributed Object Platforms
  56. Side Channel Attacks
  57. Single Sign-on
  58. Smartcard Security
  59. Some aspect of laptop security
  60. Something relating to cyberwarfare
  61. Stuxnet
  62. TEMPEST
  63. Taint Tracking
  64. The Internet "kill switch" controversy
  65. The Java Security Model
  66. The Trusted Computing Controversy
  67. Titan Rain or similar attack
  68. VOIP Security
  69. WIFI Security
  70. Weakness in AES
  71. Whitelisting and blacklisting as security techniques
  72. Bluetooth Security
  73. Case Study of IA in Small Business
  74. Catfishing
  75. Cell phone security
  76. Cybergeddon: Is it Possible?
  77. Cyberwar Rules of Engagement
  78. Google's new privacy policy
  79. Hackerspace Global Grid
  80. Hacking and some aspect of critical infrastructure
  81. Hacking automobiles (Taken: Jose Fernandez, Adam Soto)
  82. Information Censorship in China
  83. Internet ID
  84. Mesh networking
  85. Metasploit (Taken: Paulo Alcantara, Ricky (Chuyu) Zhou)
  86. Net Neutrality controversy (Taken: Evan Carr, Jenny Xu, Henri Sweers, Adrian Maceiras)
  87. Networks and Crypto
  88. New Malware attacks on cell phones
  89. Operation Aurora
  90. Organized Cyber Crime
  91. Privacy and the government
  92. Removable storage security
  93. Same-Origin Policy
  94. Social engineering
  95. Son of Stuxnet
  96. Terrorism using Social Media
  97. U.S. Cyber Command
  98. Web Browser security (Taken: Justin Cheng)
  99. Wifi security
  100. Others will be added as I think of them.