Your course project should address an important, interesting
security problem. You may choose a research-focused topic (something
that could turn into a conference paper) or an industry-focused topic
(something that could turn into a marketable product), though your
work does not necessarily have to be ready for publication or sale by
the end of the term.
Project Proposal — Due Friday, February 18 at 5pm
Your proposal should consist of a 2-3 page description of your
project that includes the following:
Group: Group member names and uniqnames
Title: What would you call the eventual paper or product?
Problem: A description of the problem you will address and why it is important.
Context: A brief survey of related work and past approaches to the problem.
Approach: How you will address the problem and how your approach differs from past work.
Evaluation: How you will test how well your approach works and evaluate its performance.
Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.
You're welcome to come see me during office hours, or make an appointment, if you need help selecting a topic. Email your proposal to .
Project Checkpoint — Due Friday, March 18 at 5pm
Write a concise status report (no more than two pages) answering
the following questions:
What have you accomplished so far? Which do you have left to do?
Are you on track to complete what you proposed?
Have you encountered any surprises or unexpected problems?
If you're having problems, how do you intend to solve them or work around them?
Can you draw any preliminary conclusions from your results so far?
Email your status report to
send you feedback the following week. You're welcome to come see me
if you need any additional advice on your project.
Project Presentation — In class, April 12 and 14
The last full week of class is set aside for the 3rd Annual EECS 588
Security Symposium. Each group will give an in-class
presentation about their results, in the style of a brief conference talk.
You'll have up to 10 minutes to speak, followed by 3–5 minutes for
Tuesday, April 12
Session 1: Threats
Security of Online Games. Karina Kervin and James
Breaking Hard CAPTCHAs. Nick Beier, Flint Mu, and
Session 2: Analysis
Syscall Instrumentation. James Priestley and Jake Schwartz.
Malware Classification. Tung Chen and Caoxie Zhang.
Calculating the Cost of Vulns. Greg Caldwell and Joseph Golden.
Session 3: Mobile Security
GSM Crypto Attacks. Christopher Augustyniak and Rusty Dekema.
Android Side Channel Attack. Yilun Cui, Yang Gao, and Tim Lane.
Mobile Spyware Detection. Adam Avery, Kimberly Hunter, and Chelsea Leblanc.
Thursday, April 14
Session 4: Enterprise Security
Compromised Accounts. Yu-Cheng Lin and Jing Zhang.
Printer Pen-test. Akriti Dokania and Louis Fernandez.
Session 5: Securing the Web
Natural Language CAPTCHA. Jonathan Chen and Caleb Tseng.
Content Integrity. David Joseph, Jared Karlow, Ben Schoenfeldt, and Eric Thompson.
Browser Security Modes. Alex Crowell and James Kasten.
Session 6: Usable Security
Usability of Antiviruses. Robert Perricone, Sharanyan Ravi, and John Zehnpfennig.
Usability of Tor. Kyle Roell and Zhe Xiang.
Final Report — Due Friday, April 22 at 5pm
Your group's final project report should be written in the style of
a conference submission, like most of the papers we have read this
semester. Please include an abstract, an introduction that motivates
the problem you are trying to solve, a related work section that
differentiates your contributions, and detailed sections about your
methodology and results.
The length of your report should not exceed 8 typeset pages, excluding
bibliography and well-marked appendices. There is no limit on the
length of appendices, but graders are not required to read them. The
text must be formatted in two columns, using 10 point Times Roman type
on 12 point leading, in a text block of 6.5” by 9”. If you
wish, you may use any of
USENIX template files. Please submit your report via email to