Computer & Network Security

EECS 588 – Winter 2013

OverviewScheduleReadingsAttack PresentationsCourse Project

Course Project

Your course project should address an important, interesting security problem. You may choose a research-focused topic (something that could turn into a conference paper) or an industry-focused topic (something that could turn into a marketable product), though your work does not necessarily have to be ready for publication or sale by the end of the term.

Project Proposal — Due Friday, February 22

Your proposal should consist of a 2–3 page description of your project that includes the following:

  1. Group: Group member names and uniqnames. I recommend groups of 3–4; the larger the group, the more I'll expect you to do.
  2. Title: What would you call the eventual paper or product?
  3. Problem: A description of the problem you will address and why it is important.
  4. Context: A brief survey of related work and past approaches to the problem.
  5. Approach: How you will address the problem and how your approach differs from past work.
  6. Evaluation: How you will test how well your approach works and evaluate its performance.
  7. Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.
You're welcome to come see me during office hours, or make an appointment, if you need help selecting a topic. Email your proposal to .

Project Checkpoint — Due Friday, March 22

Write a concise status report (no more than two pages) answering the following questions:

  1. Progress: What have you accomplished so far? What do you have left to do?
  2. Schedule: Are you on track to complete what you proposed?
  3. Obstacles: Have you encountered any surprises or unexpected problems?
  4. Workarounds: If you're having problems, how do you intend to solve them or work around them?
  5. Preliminary results: Can you draw any preliminary conclusions from your results so far?

Email your status report to . I'll send you feedback the following week. You're welcome to come see me if you need any additional advice on your project.

Project Presentation — In class, April 16 and 18

The last full week of class is set aside for the 5th Annual EECS 588 Security Symposium. Each group will give an in-class presentation about their results, in the style of a brief conference talk. These will be rapid fire talks; you'll have 10 minutes to speak and 2 minutes for questions.

Preliminary program:

Tuesday, April 16

    Session 1: Network Security 1

  • 1:42 Interactive DNS Rebinding.
    Ryan and Yunxing.
  • 1:54 Clickjacking Attacks and Defenses.
    Ruoran, Yan, and Kaisen.
  • 2:06 Automatic Updater Protection.
    Graham.
  • 2:18 Detecting Rogue Access Points.
    Siva and Kavya.

    Session 2: Mobile Security

  • 2:30 Detecting Android Malware.
    Randy and Matt.
  • 2:42 Sandboxing Android Apps.
    Earlence, Ajit, and Pooja.
  • 2:54 Android Side-Channels.
    Qi and Yihua.
  • 3:06 Entropy Problems in Android.
    Tracy and Zhuo.
  • 3:18 Battery Draining Attacks.
    Ashkan.

Thursday, April 18

    Session 3: Isolation

  • 1:42 Sandboxing in the Shell.
    Ari, Jeremy, and Michael.

    Session 4: Applied Crypto

  • 1:54 Bitcoin Gambling.
    Alex, Jenny, and Jake.
  • 2:06 Fully Homomorphic Encryption?
    Meghan, Alexander, and Travis.
  • 2:18 Audio Watermarking.
    Scott and Michael.

    Session 5: Embedded Systems

  • 2:30 Intelligent Platform Management.
    Anthony and Russ.
  • 2:42 Keystroke Encryption Device.
    Mitch, Dolan, Dave, and Andrew.

    Session 6: Network Security 2

  • 2:54 Stealing Cycles in Browsers.
    Matthew, Michael, and Jack.
  • 3:06 Home Router Malware.
    Denis, Wenjia, Sam, and Zach.

Final Report — Due Friday, April 26 at 5pm

Your group's final project report should be written in the style of a conference submission, like most of the papers we have read this semester. Please include at least the following:

  1. An abstract that summarizes your work,
  2. An introduction that motivates the problem you are trying to solve,
  3. A related work section that differentiates your contributions,
  4. Section(s) describing your architecture or methodology,
  5. Results and/or evaluation section(s), with data or figures to support your claims as appropriate,
  6. A brief future work section explaining what is left to do,
  7. Appropriate citations and references from the literature.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. I recommend using LaTex and the USENIX template files. Please submit your report via email to .