Possible Presentation Topics

Dr. Bill Young
CS378: Information Assurance and Security
Spring Semester, 2013

The following are some possible topics for your CS378 project. You'll write a paper on topic. The topics below are simply suggestions. You are free to define your own topic or to revise one of these. However, your topic must deal with a substantive issue in information assurance and security and must be approved by Dr. Young. You will be submitting a report on the topic and preparing a "poster presentation" on your topic.

You are strongly encouraged to work with a team of up to 4 students on the project.

No two groups may choose the same topic, though topics may be related. So if you find one of the following attractive, stake your claim early. There is more than enough material for a book on any one of the following topics, but some likely will require more digging than others.

If you are feeling somewhat ambitious, Prof. Shmatikov often posts lists of topics for projects for his security classes. You might look there for additional ideas: Prof. Shmatikov's courses.

  1. Defensive cyberweapons
  2. Hackerspace Global Grid
  3. Mesh networking
  4. Privacy and the government
  5. Hacking automobiles
  6. Hacking and some aspect of critical infrastructure
  7. Terrorism using Social Media
  8. The automation paradox
  9. Internet ID
  10. Cybergeddon: Is it Possible?
  11. Security/Cyberwarfare and Cloud Computing
  12. Metasploit
  13. Homomorphic encryption
  14. New Malware attacks on cell phones
  15. The Internet "kill switch" controversy
  16. Jail-breaking mobile devices
  17. Data retention rules for ISPs
  18. Titan Rain or similar attack
  19. Careful analysis of a specific malware attack
  20. Stuxnet
  21. Son of Stuxnet
  22. LFI's and php-injected JPEGs
  23. Weakness in AES
  24. Some aspect of laptop security
  25. Side Channel Attacks
  26. Behavioral (zero touch) authentication
  27. Full Disclosure and Hacker Ethics
  28. Internet censorship
  29. China vs. Google
  30. Something relating to cyberwarfare
  31. Cyberwar Rules of Engagement
  32. Net Neutrality controversy
  33. The Java Security Model
  34. Smartcard Security
  35. Integer Overflows
  36. Buffer Overflows
  37. Mobile/smart phone security
  38. Race Conditions
  39. Randomness
  40. Honeynets
  41. Security on Distributed Object Platforms
  42. The Trusted Computing Controversy
  43. Bluetooth Security
  44. RFID Tags
  45. VOIP Security
  46. Electronic Currency
  47. Single Sign-on
  48. Proof-Carrying Code
  49. SSL and TLS
  50. Password Generation
  51. Passwords and User Authentication
  52. SQL Injection Attacks
  53. Anti-virus software
  54. Electronic voting
  55. Cross Site Scripting
  56. Security and Cookies
  57. Taint Tracking
  58. Format String Attacks
  59. Host-based Intrusion Detection
  60. Network-based Intrusion Detection
  61. Security Planning Tools
  62. Security Policy Languages (KeyNote, XACML, etc.)
  63. TEMPEST
  64. WIFI Security
  65. Phishing and pharming
  66. Random Number Generators
  67. Inter-domain routing
  68. Hackers Toolkits
  69. Biometric Authentication
  70. Anonymous Networks
  71. Quantum Cryptography
  72. Whitelisting and blacklisting as security techniques
  73. Analysis of the effects of one of the regs (HIPAA, SOX, GLBA, etc)
  74. Information Censorship in China
  75. Economics of Spam
  76. Removable storage security
  77. Social engineering
  78. Organized Cyber Crime
  79. Operation Aurora
  80. Same-Origin Policy
  81. Networks and Crypto
  82. Post-Quantum Crypto
  83. Catfishing
  84. Others will be added as I think of them.
Podcast: The Benefits of Risk There’s an odd and terrifying notion in systems engineering called “the automation paradox.” It was tacitly in the news this month when Popular Mechanics magazine published a controversial analysis of the June 2009 crash of Air France Flight 447. Transcripts from the cockpit voice data recorder show that two copilots who were at the helm while the captain was taking a break didn’t know what to do when the plane’s autopilot system disengaged. Apparently, they had never been trained to fly the aircraft in manual mode. Autopilot has seeped into cars and trucks, too, in the form of cruise control designed to maintain a safe distance between vehicles, and curve control aimed at keeping a car on the road if a driver takes a turn too quickly. Despite these and other innovations, the number of deaths from car crashes has remained stubbornly fixed at about 42 000 a year in the United States alone. “Techwise Conversations” host Steven Cherry talks with Robert N. Charette, a 20-plus-year veteran of systems engineering, risk management, and the development of large-scale software-intensive systems, about whether we would be safer overall if we just turned over the driving task to machines and accepted a few deaths due to software. Read more. Japan and defensive cyberweapons: www.yomiuri.co.jp/dy/national/T120102002799.htm