Homework 1 - Project Topic Selection
Due: Monday April 7, 2008 at 5:00pm
This assignment is worth 20 points
Assignment
Select a topic to cover in your research project/survey paper. Several possible
topics are listed below. This is not an exhaustive list. It is just to give you
an idea of topics that would be relevant. If you have an unlisted topic in mind
but are not sure if it is relevant, contact me BEFORE the due date to discuss
your topic
The actual assignment is to write 2-3 paragraphs about your selected topic.
The paragraphs should cover what topic you have selected and give a rough
outline of what you plan to do (i.e. if you are doing research, you should
give a timeline for the research). Email your write-up in text or PDF format
to my Helios account.
Topic Ideas
- Cryptography
- Cryptanalysis of an encryption or message digest algorithm (survey of
others cryptanalysis or your own)
- Develop your own encryption or message digest algorithm
- Public key infrastructure - current proposals, research into new methods
- Authentication protocols - survey of protocols using cryptographic
methods or propose your own
- Digital signatures - analysis of security, survey of methods, etc
- Use of message digests for integrity protection
- Vulnerability Analysis
- Pick a class of vulnerabilities and analyze them. Try to apply the
vulnerability analysis models to them.
- Survey papers on vulnerability analysis that have been published since
Aslam's paper.
- Malicious Logic
- Choose several recent "in the wild" attacks and analyze them
- Research predicted trends in malicious logic techniques
- Survey the most commonly targetted systems
- Trusted Systems
- Survey seminal papers on the concept of assurance in computing
- Survey or develop assurance techniques for a specific application
such as spacecraft
- Look into current system evaluation policies
- Look into current research in formal verification
- Confidentiality and Integrity Policies
- Present a survey of policies not covered in class (Bell-LaPadula, Biba
and Clarke-Wilson will be covered in class)
- Analyze a specific application such as a medical clinic and describe what
policies would best suit their confidentiality/integrity needs
- Survey languages for expressing confidentiality and/or integrity policies
- Look in to papers that detail the shortcomings in the policies covered
in class.
- Intrusion Detection/Prevention/Response
- Differences between signature and anomaly based detection
- Current research trends in intrusion prevention and response
- Detection of variants or novel attacks
- Artificial immune systems as a way of intrusion detection
- Network Protocols
- Survey methods for detecting phishing, spam and other unsolicited e-mail
- Survey proposed standards to add encryption to previously plain text
protocols
- Chose your favorite protocol and describe how it could be improved from
a security standpoint
- Ethics, Legal Issues, Policy
- Survey current thoughts on responsible vulnerability disclosure
- See what the current state of risk analysis and cost vs benefit analysis
is in academia and industry