course projects examples guidelines suggestions. topics overview of project selected fall 2003...
TRANSCRIPT
Course Projects
Examples
Guidelines
Suggestions
Topics Overview of project Selected Fall 2003 projects List of Fall 2004 projects General comments
Course Projects Undergraduate – group Graduate – individual Substantive investigation of some
aspect of security Approach may be experiment, data
analysis, system comparison, algorithm analysis, etc.
First due date: Monday, October 24
Survey of Intrusion Detection Systems
Comparison of IDSDifferent approachesDifferent products
27 pages, 7 referencesUndergraduates
E-Commerce SecuritySurvey of client/server security
issues in e-commerceFirewalls, CGI, DatabasesPrivacy, Executable content
Unpaginated, 5 referencesUndergraduates
Computer Immune SystemsConsideration of some computer
security measures from the perspective of biological immune systems
Computer immunologyCfengineUnpaginated, 13 referencesGraduate
Locking in Transaction Processing
Transaction locking in database management systems
Emphasis on granularity and isolation levels
Some overlap with DBMS courses28 pages, 8 referencesGraduate
Commit Protocols in Multilevel Secure Distributed Database Systems
13 pages, 6 referencesGraduate
Statistical Database Security
Design and development of a Statistical Security Checker
Application to a simple (toy) medical DB
16 pages, 17 references, several screen printouts
Undergraduate
Digital WatermarkingUse of digital watermarking for
image authentication and copyright protection
Content-based watermarkingNew approach to digital
watermarking proposed18 pages, 5 referencesGraduate
Video WatermarkingOverview of video watermarkingUnpaginated, 10 referencesGraduate ?
Specialized Hardware for Deep Network Packet FilteringDesign of hardware IDS13 pages text, 12 references, ~30
pages codeGraduate
Wireless SecurityOverview of wireless securityRelated to CSCE 313, 491, and
other coursesExamines 802.1124 pages, 8 referencesUndergraduate
XML Enabled Data Exchange with Anti-Tamper DatabasesStream-based approach to
encryption of XML documents23 pages, 14 referencesGraduate?
Survey of Security for Home and Small Business Computer UsersPlatform-independent methods to
secure a hostDebian GNU/LinuxWindows XP18 pages, 16 references
Constraint Satisfaction Problem in Agent-based Distributed Architecture
Related to e-commerceSecurity issues in an agent-based
environment19 pages, 20 references
Defense of Network Attacks on SecurityOverview of some managerial
issues16 pages, 5 references, 1 attached
article
Fall 2004 Projects
5 undergraduate group (2-4) projects
6 graduate projects
Undergraduate ProjectsPacket sniffing (4)Firewalls and VPNs (3)E-bay security (2)On-line transaction security (4)Steganography (4)
Graduate ProjectsSecurity in JavaPasswordsWeb application securityWireless networksAd hoc sensor networksPKI in e-commerceWi-Fi security
Defense of Network Attacks on SecurityOverview of some managerial
issues16 pages, 5 references, 1 attached
article
Some Approaches: Problems
Pick a real or potential problem. Try to find out how much of a problem it really is.
Pick a problem. Suggest a new or modified solution to it.
Some Approaches: Comparisons
Pick a class of objects (e.g. viruses, defense techniques, etc.) and compare them in detail.
Pick a set of algorithms and compare their performance.
Some SuggestionsCredibility of web pagesMalicious code on the webPrivacy preserving web miningModels of availability/confidentiality
tradeoffsFurther work with AWARE
Web Pages Uncontrolled Information on the web is uncontrolled A Google search can produce
Useful information Irrelevant information Out-of-date information Incorrect information Malicious information/programs
Credibility of Web Pages How can you tell if web information is
credible? Date, author, publisher, credentials
Human assessment Appearance of web page
User assessment Link patterns (hubs and spokes)
Automatic assessment
WebCredSystem to assess credibility
automatically using criteria usually considered by people
Evaluated in medical domainRank comparable to human ranking
Wall Street JournalStanford University study
WebCred Criteria Credentials
Association with AMA accredited medical school or selected federal agency
Advertising Check for doubleclick, ad.dom,
adv.dom Design
W3C’s online page validator
Malicious Code on the WebClicking on a link to a web page
may allow malicious code to install itself on your computer
Using e-commerce sites may result in spyware installing itself on your computer
How likely is this?How can you protect yourself?
Privacy Preserving Web MiningCan privacy be preserved in the
presence of web miningProblem similar to that seen in
statistical databases
Availability TradeoffsSecurity in MLS databases
MLS = Multilevel securityMix of data at different security
levelsIssue of granularity – how much
information is protectedSmall granules -> more availabilityLarge granules -> less availability
An Example E [Name, Rank, Salary, Department] Two levels:
Everything ok Can not associate specific name/salary
Easy solution: Restrict access to Salary Reduced availability
More complex solution: Allow accesses that don’t allow inference of specific Name/Salary pair More complex, higher availability
AWAREA Windows Attack IntRusion
Emulator Runs a simulated Windows
environment on top of an actual Windows environment
Simulated attacks affect the emulation, not the underlying system
Major ComponentsAttack inventoryAttack generatorAttack simulatorSimulation evaluator
Attack FootprintRogue processes Files/directoriesRegistry modificationsPort openingsFirewall log entriesChange in services
Simulation ToolsNetstatInternet ExplorerRegistry EditorSearchServices.mscTask ManagerWindows Explorer