Course Projects

Examples

Guidelines

Suggestions

Topics Overview of project Selected Fall 2003 projects List of Fall 2004 projects General comments

Course Projects Undergraduate – group Graduate – individual Substantive investigation of some

aspect of security Approach may be experiment, data

analysis, system comparison, algorithm analysis, etc.

First due date: Monday, October 24

Survey of Intrusion Detection Systems

Comparison of IDSDifferent approachesDifferent products

27 pages, 7 referencesUndergraduates

E-Commerce SecuritySurvey of client/server security

issues in e-commerceFirewalls, CGI, DatabasesPrivacy, Executable content

Unpaginated, 5 referencesUndergraduates

Computer Immune SystemsConsideration of some computer

security measures from the perspective of biological immune systems

Computer immunologyCfengineUnpaginated, 13 referencesGraduate

Locking in Transaction Processing

Transaction locking in database management systems

Emphasis on granularity and isolation levels

Some overlap with DBMS courses28 pages, 8 referencesGraduate

Commit Protocols in Multilevel Secure Distributed Database Systems

13 pages, 6 referencesGraduate

Statistical Database Security

Design and development of a Statistical Security Checker

Application to a simple (toy) medical DB

16 pages, 17 references, several screen printouts

Undergraduate

Digital WatermarkingUse of digital watermarking for

image authentication and copyright protection

Content-based watermarkingNew approach to digital

watermarking proposed18 pages, 5 referencesGraduate

Video WatermarkingOverview of video watermarkingUnpaginated, 10 referencesGraduate ?

Specialized Hardware for Deep Network Packet FilteringDesign of hardware IDS13 pages text, 12 references, ~30

pages codeGraduate

Wireless SecurityOverview of wireless securityRelated to CSCE 313, 491, and

other coursesExamines 802.1124 pages, 8 referencesUndergraduate

XML Enabled Data Exchange with Anti-Tamper DatabasesStream-based approach to

encryption of XML documents23 pages, 14 referencesGraduate?

Survey of Security for Home and Small Business Computer UsersPlatform-independent methods to

secure a hostDebian GNU/LinuxWindows XP18 pages, 16 references

Constraint Satisfaction Problem in Agent-based Distributed Architecture

Related to e-commerceSecurity issues in an agent-based

environment19 pages, 20 references

Defense of Network Attacks on SecurityOverview of some managerial

issues16 pages, 5 references, 1 attached

article

Fall 2004 Projects

5 undergraduate group (2-4) projects

6 graduate projects

Undergraduate ProjectsPacket sniffing (4)Firewalls and VPNs (3)E-bay security (2)On-line transaction security (4)Steganography (4)

Graduate ProjectsSecurity in JavaPasswordsWeb application securityWireless networksAd hoc sensor networksPKI in e-commerceWi-Fi security

Defense of Network Attacks on SecurityOverview of some managerial

issues16 pages, 5 references, 1 attached

article

Some Approaches: Problems

Pick a real or potential problem. Try to find out how much of a problem it really is.

Pick a problem. Suggest a new or modified solution to it.

Some Approaches: Comparisons

Pick a class of objects (e.g. viruses, defense techniques, etc.) and compare them in detail.

Pick a set of algorithms and compare their performance.

Some SuggestionsCredibility of web pagesMalicious code on the webPrivacy preserving web miningModels of availability/confidentiality

tradeoffsFurther work with AWARE

Web Pages Uncontrolled Information on the web is uncontrolled A Google search can produce

Useful information Irrelevant information Out-of-date information Incorrect information Malicious information/programs

Credibility of Web Pages How can you tell if web information is

credible? Date, author, publisher, credentials

Human assessment Appearance of web page

User assessment Link patterns (hubs and spokes)

Automatic assessment

WebCredSystem to assess credibility

automatically using criteria usually considered by people

Evaluated in medical domainRank comparable to human ranking

Wall Street JournalStanford University study

WebCred Criteria Credentials

Association with AMA accredited medical school or selected federal agency

Advertising Check for doubleclick, ad.dom,

adv.dom Design

W3C’s online page validator

Malicious Code on the WebClicking on a link to a web page

may allow malicious code to install itself on your computer

Using e-commerce sites may result in spyware installing itself on your computer

How likely is this?How can you protect yourself?

Privacy Preserving Web MiningCan privacy be preserved in the

presence of web miningProblem similar to that seen in

statistical databases

Availability TradeoffsSecurity in MLS databases

MLS = Multilevel securityMix of data at different security

levelsIssue of granularity – how much

information is protectedSmall granules -> more availabilityLarge granules -> less availability

An Example E [Name, Rank, Salary, Department] Two levels:

Everything ok Can not associate specific name/salary

Easy solution: Restrict access to Salary Reduced availability

More complex solution: Allow accesses that don’t allow inference of specific Name/Salary pair More complex, higher availability

AWAREA Windows Attack IntRusion

Emulator Runs a simulated Windows

environment on top of an actual Windows environment

Simulated attacks affect the emulation, not the underlying system

Major ComponentsAttack inventoryAttack generatorAttack simulatorSimulation evaluator

Attack FootprintRogue processes Files/directoriesRegistry modificationsPort openingsFirewall log entriesChange in services

Simulation ToolsNetstatInternet ExplorerRegistry EditorSearchServices.mscTask ManagerWindows Explorer