Your course project should address an important, interesting
security problem. You may choose a research-focused topic (something
that could turn into a conference paper) or an industry-focused topic
(something that could turn into a marketable product), though your
work does not necessarily have to be ready for publication or sale by
the end of the term.
Project Proposal — Due Tuesday, February 21 at 5pm
Your proposal should consist of a 2-3 page description of your
project that includes the following:
Group: Group member names and uniqnames
Title: What would you call the eventual paper or product?
Problem: A description of the problem you will address and why it is important.
Context: A brief survey of related work and past approaches to the problem.
Approach: How you will address the problem and how your approach differs from past work.
Evaluation: How you will test how well your approach works and evaluate its performance.
Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.
You're welcome to come see me during office hours, or make an appointment, if you need help selecting a topic. Email your proposal to .
Project Checkpoint — Due Friday, March 16 at 5pm
Write a concise status report (no more than two pages) answering
the following questions:
What have you accomplished so far? Which do you have left to do?
Are you on track to complete what you proposed?
Have you encountered any surprises or unexpected problems?
If you're having problems, how do you intend to solve them or work around them?
Can you draw any preliminary conclusions from your results so far?
Email your status report to
send you feedback the following week. You're welcome to come see me
if you need any additional advice on your project.
Project Presentation — In class, April 10 and 12
The last full week of class is set aside for the 4th Annual EECS 588
Security Symposium. Each group will give an in-class
presentation about their results, in the style of a brief conference talk.
These will be rapid fire talks; you'll have up to 10 minutes to speak and 1 minute for a question.
Tuesday, April 10
Session 1: TLS
Continuous SSL Scanning. Zakir.
TLS Renegotiation. Jordan.
Decentralized Convergence. Dmitriy and Adrian.
Session 2: Privacy
Cryptographic Filesystem. Dan.
Encrypted Camera App. Michael, Nader, and Brian.
Image Encryption. Adam and Patryk.
Video Side-Channel. Andrew and Thomas.
Location Privacy Protection. Kassem and Seunghyun.
Session 3: Usability
Password Reuse. Lin Hao and Hang.
User Awareness of Android Security. Peter and William.
Thursday, April 12
Session 4: Web
MiTM TLS Proxy. Zach and Steve.
More Web Bugs. Xinyun and Di.
Password Priming. Alexander and Andrew.
Session 5: Hardware/Embedded
HTM Buffer Overflow Detection. David.
Driver Certificates. Kevin.
Lighting Attacks. Chazz, Jonathan, and Ashutosh.
Session 6: Mobile
Detecting Behaviour in Android. Sanae and Elaine.
Android Sensor Use. Thomas, Kee, and Aarthi.
Jailbroken iOS Rootkits. Michael.
Telex Android Client. Sirius and Alice.
Final Report — Due Friday, April 20 at 5pm
Your group's final project report should be written in the style of
a conference submission, like most of the papers we have read this
semester. Please include an abstract, an introduction that motivates
the problem you are trying to solve, a related work section that
differentiates your contributions, and detailed sections about your
methodology and results.
The length of your report should not exceed 8 typeset pages, excluding
bibliography and well-marked appendices. There is no limit on the
length of appendices, but graders are not required to read them. The
text must be formatted in two columns, using 10 point Times Roman type
on 12 point leading, in a text block of 6.5” by 9”. If you
wish, you may use any of
USENIX template files. Please submit your report via email to