CS294-28 Network Security Projects

General information

Your term project should address a research issue in network security, interpreted broadly (it need not be a topic discussed in class). Most projects will fall into one of the following general categories:

1. Analysis. Undertake a substantive analysis/assessment of security issues for a given network system. For example, to what degree does Skype expose its users to remote compromise? Preserve their privacy? Admit misuse of the system to aid in denial-of-service attacks? What is its trust model? What steps could be taken to strength Skype in this regard? What can you say about the expected efficacy of those steps?
   It needn't be an application nor involve end systems; you can consider schemes relevant to other layers of the networking stack, or that concern infrastructure/internal components.
2. Measurement. Empirically explore and characterize a network security issue. For example, under what circumstances and to what degree do nodes in the Tor anonymizing network alter the content that passes through them?
3. Development. Devise and analyze (or possibly implement) a new mechanism or technique. For example, this could be a new way to protect servers from application-level denial-of-service attacks, or a new detector for some type of malicious activity.
4. Test. Take a result in the literature and undertake a meaningful reproduction of it to assess to what degree you obtain the same results, and why.
5. Attack. Develop a new threat. Assess its efficacy, countermeasures/defenses, and likely "arms race" evolution.
6. Research. Conduct a deep, thoughtful literature survey of a particular area in network security. Assess the strengths and weaknesses of the published results in the area, delimit the boundaries of the state of the art, and frame avenues for future work.

I encourage you to find a topic of interest to you; feel free to be creative in selecting a project topic. You're welcome to pick a topic that is connected to your current research, and I'm happy to discuss possible topics with you in advance.

Preferably you should work in a team of two, though individual projects are okay too. Team projects will be held to a somewhat higher standard. If you want to work in a team larger than two, first talk with me about why this is appropriate and how the work will be divided.

The process

1. Write a concise (approximately 1 page) project proposal that clearly states the problem you will be solving, the key challenges for new research, and your plan of attack (including milestones and dates). If there are any special resources you might need, flag these. Mention any relevant papers of which you are already aware.

   The project proposal is due the evening of Wednesday Feb 20.

2. Put together a related work writeup. This writeup should reflect a solid grounding in the literature relevant for your project, written in a style similar to the related work sections in the papers we've been reading. For each item of previous related work, briefly discuss the contributions of the paper, its relevance to your undertaking, and (if appropriate) in what ways it differs from your effort.

   The related work writeup is due the evening of Friday Mar 21.

3. Write up a short status report explaining what work you have completed, what remains, and any open issues (such as problems you haven't figured out how to solve or additional resources you require.

   The status report writeup is due the evening of Wednesday Apr 16.

4. Possible class presentation. I haven't decided yet but am considering devoting the last one or two class lectures to presentation and discussion of the projects. If so, these would be on Monday May 12 and possibly also Friday May 9.

   Finally, a project report will be due on Wednesday May 14, at noon. It is possible that I will alter this date a few days, but if so that will be for the entire class; no individual exceptions or extensions will be granted.

The final report

You are expected to write a technical paper, in the style of a conference submission, on the research you have done. State the problem you're addressing, motivate why it is an important or interesting problem, present your research thoroughly and clearly, compare to any related work that may exist, summarize your research contributions, and draw whatever conclusions may be appropriate. There is no page limit (either minimum or maximum), but reports will be evaluated on technical content and not on length.

If you are not familiar with writing conference-style papers in computer science, the following resources (from David Wagner's CS 261 course) may help:

• Advice on research and writing
• More resources on writing systems papers
• Detailed advice on technical writing
• Armando Fox's hints on writing good systems papers

Please submit either HTML or PDF, via email attachment. I generally review papers from hardcopy, so it needs to print clearly and with sufficiently large text and figures. If you use color figures, mention that in your cover note so I can send it to an appropriate printer.