Computer & Network Security

EECS 588 – Winter 2014

OverviewScheduleReadingsAttack PresentationsCourse Project

Course Project

Your course project should address an important, interesting open problem related to computer security. It's up to you to find a good topic, but I'm happy to discuss your project ideas individually and help you refine them.

I recommend working in groups of 3 or 4. The larger the group, the more I'll expect you to accomplish.

Pre-Proposal Presentation — In class, February 27

Give a 5 minute presentation explaining the problem you want to work on, the most important related work, and your tentative approach. This will be an early opportunity to get feedback from the class.

Written Proposal — Due Friday, March 14

Your proposal should consist of a 2–3 page description of your project that includes the following:

  1. Group: Group member names and uniqnames.
  2. Title: What would you call the eventual paper or product?
  3. Problem: A description of the problem you will address and why it is important.
  4. Context: A survey of related work and past approaches to the problem.
  5. Approach: How you will address the problem and how your approach differs from past work.
  6. Evaluation: How you will test how well your approach works (e.g., experimental measurements).
  7. Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.

Email your proposal to

Project Checkpoint — Due Friday, April 4

Write a concise status report (no more than two pages) answering the following questions:

  1. Progress: What have you accomplished so far? What do you have left to do?
  2. Schedule: Are you on track to complete what you proposed?
  3. Obstacles: Have you encountered any surprises or unexpected problems?
  4. Workarounds: If you're having problems, how do you intend to solve them or work around them?
  5. Preliminary results: Can you draw any preliminary conclusions from your results so far? Include data.

Email your status report to You're also welcome to come see me if you need advice.

Project Presentation — In class, April 15 and 17

The last full week of class is set aside for the 6th Annual EECS 588 Security Symposium. Each group will give an in-class presentation about their results, in the style of a brief conference talk. These will be rapid fire talks; you'll have 10 minutes to speak and 2 minutes for questions.

Preliminary program:

Tuesday, April 15

    Session 1: Authentication

  • 1:42 2-Factor Authentication for Bitcoin-QT.
    Eva, Jason, Jessica, and Mark.
  • 1:54 BetterPass: A Framework for Safer Password Management.
    John and Christopher.
  • 2:06 Distributed Email Verification Using DKIM and Namecoin.
    Justin, Landon, and Rajeev.
  • 2:18 Email Based Authentication Using Mobile Devices.
    Brian, Adam, and Vishal.

    Session 2: Web and Network Security

  • 2:30 Vulnerability Finding Tool for TCP-offpath Attack.
    Yunhan and Hongyi.
  • 2:42 Over the Firewall: An Approach to Mitigate DNSSEC Unreachability.
    Lin, Yichao, and Zhou.
  • 2:54 Database Security: Protecting against Vulnerabilities in Web Applications.
    Prashipa and Shravya.

    Session 3: Embedded Security

  • 3:06 Green Lights Forever: Analyzing the Security of Traffic Signals.
    William, Branden, Allen, and Jonathan.

Thursday, April 17

    Session 4: Online Freedom and Privacy

  • 1:42 GOPHER CALENDAR: How the NSA Controls Your Phone.
    Erik, Elizabeth, and Boyang.
  • 1:54 Side Channel Attacks Against Telex Traffic and Related Defenses.
    Saam, Ryan, Luis, and Nick.
  • 2:06 A Framework for Real-Time Connection Tracking Within the Tor Network
    Dylan and Jonathan.
  • 2:18 Yellow Journalism in a Digital Age.
    Jason and Ben.

    Session 5: Wireless Security

  • 2:30 Physical Authentication at the University of Michigan.
    David, Mike, and Matt.
  • 2:42 Security of Contactless Payments.
    Spencer and Teja.
  • 2:54 Security Issues when Channel State Information is No Longer Genuine.
    Yu-Chih, Dongyao, and Sihui.
  • 3:06 Mass Distributed Tracking: Privacy Concerns Behind Bluetooth 4.0.
    Matt, Mark, Joel, and Sai.

Final Paper — Due Friday, April 25 at 5pm

Your group's final project report should be written in the style of a workshop or conference submission, like most of the papers we have read this semester. Please include at least the following:

  1. An abstract that summarizes your work.
  2. An introduction that motivates the problem you are trying to solve.
  3. A related work section that differentiates your contributions.
  4. Section(s) describing your architecture or methodology.
  5. Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
  6. A brief future work section explaining what is left to do.
  7. Appropriate citations and references from the literature.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. I strongly encourage you to use LaTeX and the USENIX template files. Please submit your report via email to

Submitting Your Work for Publication

You should consider submitting your results to a technical workshop. There are several workshops held annually in conjunction with USENIX Security that have deadlines in late April and May. I'll be glad to advise you further in preparation for submission.