Computer & Network Security

EECS 588 – Winter 2015

OverviewScheduleReadingsAttack PresentationsCourse Project

Course Project

Your course project should address an important, interesting open problem related to computer security. It's up to you to find a good topic, but I'm happy to discuss your project ideas individually and help you refine them.

I recommend working in groups of 3 or 4. The larger the group, the more I'll expect you to accomplish.

Pre-Proposal Presentation — In class, February 26

Give a 5 minute presentation explaining the problem you want to work on, the most important related work, and your tentative approach. This will be an early opportunity to get feedback from the class.

Written Proposal — Due Friday, March 13

Your proposal should consist of a 2–3 page description of your project that includes the following:

  1. Group: Group member names and uniqnames.
  2. Title: What would you call the eventual paper or product?
  3. Problem: A description of the problem you will address and why it is important.
  4. Context: A survey of related work and past approaches to the problem.
  5. Approach: How you will address the problem and how your approach differs from past work.
  6. Evaluation: How you will test how well your approach works (e.g., experimental measurements).
  7. Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.

Email your proposal to

Project Checkpoint — Due Friday, April 3

Write a concise status report (no more than two pages) answering the following questions:

  1. Progress: What have you accomplished so far? What do you have left to do?
  2. Schedule: Are you on track to complete what you proposed?
  3. Obstacles: Have you encountered any surprises or unexpected problems?
  4. Workarounds: If you're having problems, how do you intend to solve them or work around them?
  5. Preliminary results: Can you draw any preliminary conclusions from your results so far? Include data.

Email your status report to You're also welcome to come see me if you need advice.

Project Presentation — In class, April 14 and 16

The last full week of class is set aside for the 7th Annual EECS 588 Security Symposium. Each group will give an in-class presentation about their results, in the style of a brief conference talk. These will be rapid fire talks; you'll have 10 minutes to speak and 3 minutes for questions.

Preliminary program:

Tuesday, April 14

    Session 1: Privacy Threats

  • 1:43 Optical Side-channel Based Identification of Network Devices.
    Dev, Aravind, and Essam.
  • 1:56 Web Tracking Based on DNS Cache.
    Wei and Yichen.
  • 2:09 The State of E-Mail Transport Security: A Quick Peak at DNS Servers.

    Session 2: Internet of Things

  • 2:22 Bluetooth: With Low Energy comes Zero Security.
    Vikas, Connie, and Rob.
  • 2:35 Authentication and Trust for Low-Power Embedded IoT Devices.
    Noah and Sam.

    Session 3: Protocols and Primitives

  • 2:48 Trustware: A Device-based Protocol for Verifying Client Legitimacy.
    Kyle, Ben, Patrick, and Zane.
  • 3:01 Time-locked Cryptography with ECC-IBE.
    Rohit, Emily, and Yike.
  • 3:14 Wireless Power Authentication Protocol and System Design.
    Chin-Po and Pallavi.

Thursday, April 16

    Session 4: Vulnerability Analysis

  • 1:43 SDN Application Vulnerabilities.
    Yuru, Ke, and Shichang.
  • 1:56 Stealing Secrets from Open-source Collaboration Websites.
    Noah and Daniel.
  • 2:09 The Thin Blue Line: A Security Analysis of Public Safety Systems
    Benjamin and Stuart.

    Session 5: Security Practices

  • 2:22 Evaluation of Security Practices in an Undergraduate Curriculum.
    Andy and Christopher.
  • 2:35 Crawling GitHub Public Repos for Common Vulnerabilities.
    Dana, Shengfa, Nina, and Kyle.
  • 2:48 Game Theoretic Analysis of Adaptive Security Scenarios.

    Session 6: Internet Freedom

  • 2:01 Asynchronous Multi-Party Off-the-Record Messaging.
    Vaspol, Jiamin, Eugene, and Sayyid.
  • 3:14 Analyzing Packet Splitting in the Great Firewall of China.
    Jake, Cam, Bryant, and Allison.

Final Paper — Due Friday, April 24 at 5pm

Your group's final project report should be written in the style of a workshop or conference submission, like most of the papers we have read this semester. Please include at least the following:

  1. An abstract that summarizes your work.
  2. An introduction that motivates the problem you are trying to solve.
  3. A related work section that differentiates your contributions.
  4. Section(s) describing your architecture or methodology.
  5. Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
  6. A brief future work section explaining what is left to do.
  7. Appropriate citations and references from the literature.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. I strongly encourage you to use LaTeX and the USENIX template files. Please submit your report via email to

Submitting Your Work for Publication

You should consider submitting your results to a technical workshop. There are several workshops held annually in conjunction with USENIX Security that have deadlines in late April and May. I'll be glad to advise you further in preparation for submission.