Project
Why a Project?
This course covers a very large discipline, and - perhaps more so than
many other areas of computer science - the discipline of computer security runs
through many other areas. Because the class has a very limited amount of time,
we will only touch the surface of many topics. The project is to give you an
opportunity to explore one of these topics, or some other area or application
of computer security that interests you, in some depth.
The Ground Rules
You may select a project from the list below (in most cases, you will
need to refine or limit the suggestions). You may also think of a project on
your own. The project can be a detailed research report or survey, or a
programming project. In any case, check with me before beginning
to be sure it is a reasonable project and no-one else has chosen it. Please
select something that interests you!
You may work singly or in groups of not more than 4. For a group project,
everyone will get the same grade, and I will expect more out of such a project
than out of one done by a single student. If you decide to do a group project,
please let me know the members of your group.
Some Suggestions for Project and Report Topics
- Malicious logic and biology: how computer worms, viruses, etc.
compare to their biological counterparts
- Security requirements in an academic environment (or another
environment; medical environments are a hot topic right now)
- Automating policy checking (to ensure your computer/site meets a given
policy) and/or definition
- Authenticating users and systems (especially over untrusted networks)
- Factoring a number
- Electronic voting machines and computer security
- Modifying access control mechanisms to the UNIX system (for example, adding
rings or capabilities)
- Rights and amplification of rights in a capability-based system
- Secure electronic mail: proposed standards
- Design a program (or set of programs) to break a cipher; for example, a
cryptographers' toolkit (you will have to narrow this down a great
deal)
- Analyzing and/or testing programs for vulnerabilities (pick a couple as
examples)
- Intrusion detection and incident response (incident response is a new, and
very hot, area right now)
- Write a large (useful) program using the techniques we discussed in class,
and argue convincingly why it is &lquot;secure&rquot; (mail server, WWW server,
etc.; these may have limited functionality)
- Analyzing a system's or site's security
- Security features of IP version 6 (or ATM, or SSL, or another protocol): how
good are they?
- Comparing Windows NT security tools and UNIX security tools (with respect to
functionality, trustworthiness, ease of use, etc.)
- Developing a security tool (you can pick what you want to write, but
please check with me first!)
Time Line
You must turn in the following. Use the handin program to submit
electronic copies, as described in the
All About Homework handout.
| January 23, 1998 |
Project selected; if it is a group project,
please name the members of the group. |
| February 20, 1998 |
Design or outline completed. |
| March 18, 1998 |
Project completed. |
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 1/15/98