Homework 1 - Project Topic Selection
Due: Wednesday April 7, 2010 at 5:00pm
Assignment
Select a topic to cover in your research project/survey paper. Several possible
topics are listed below. This is not an exhaustive list. It is just to give you
an idea of topics that would be relevant. If you have an unlisted topic in mind
but are not sure if it is relevant, contact me BEFORE the due date to discuss
your topic.
The actual assignment is to write a couple of paragraphs about your selected
topic. The paragraphs should cover what topic you have selected and give a
rough outline of what you plan to do (i.e. if you are doing research, you
should give a timeline for the research or if you're planning to do a survey
paper, you should state that intent).
Email me your write-up in text, OpenOffice or PDF formats only.
Topic Ideas
- Cryptography
- Look into the weaknesses in the encryption methods used for 802.11 WEP
and WPA1 (TKIP mode).
- Cryptanalysis of an encryption or message digest algorithm (survey of
others' cryptanalysis or your own investigation)
- Develop your own encryption or message digest algorithm (hard)
- Public key infrastructure - current proposals, research into new methods
- Authentication protocols - survey of protocols using cryptographic
methods or propose your own
- Digital signatures - analysis of security, survey of methods, etc
- Use of message digests for integrity protection
- Investigate issues in digital watermarking techniques that use
cryptographic algorithms.
- Vulnerability Analysis
- Pick a class of vulnerabilities and analyze them. Try to apply the
vulnerability analysis models to them.
- Survey papers on vulnerability analysis that have been published since
Aslam's paper.
- Malicious Logic
- Choose several recent "in the wild" attacks and analyze them (or survey
others' published reports)
- Research predicted trends in malicious logic techniques
- Survey the most commonly targetted systems
- Trusted Systems
- Survey seminal papers on the concept of assurance in computing
- Survey or develop assurance techniques for a specific application
such as spacecraft
- Look into current system evaluation policies
- Look into current research in formal verification
- Confidentiality and Integrity Policies
- Present a survey of policies not covered in class (Bell-LaPadula, Biba
and Clarke-Wilson will be covered in class)
- Analyze a specific application such as a medical clinic and describe what
policies would best suit their confidentiality/integrity needs
- Survey languages for expressing confidentiality and/or integrity policies
- Look in to papers that detail the shortcomings in the policies covered
in class.
- Intrusion Detection/Prevention/Response
- Differences between signature and anomaly based detection
- Current research trends in intrusion prevention and response
- Detection of variants or novel attacks
- Artificial immune systems as a way of intrusion detection
- Network Protocols
- Survey methods for detecting phishing, spam and other unsolicited e-mail
- Survey proposed standards to add encryption to previously plain text
protocols
- Chose your favorite protocol and describe how it could be improved from
a security standpoint
- Ethics, Legal Issues, Policy
- Survey current thoughts on responsible vulnerability disclosure
- See what the current state of risk analysis and cost vs benefit analysis
is in academia and industry
- Survey current attitudes and/or legal issues surrounding DRM