Computer & Network Security

EECS 588 – Winter 2016

OverviewScheduleReadingsAttack PresentationsCourse Project

Course Project

Your course project should address an important, interesting open problem related to computer security. It's up to you to find a good topic, but I'm happy to discuss your project ideas individually and help you refine them.

I recommend working in groups of 3 or 4. The larger the group, the more I'll expect you to accomplish.

Pre-Proposal Presentation — In class, February 18

Give a 5 minute presentation explaining the problem you want to work on, the most important related work, and your tentative approach. This will be an early opportunity to get feedback from the class.

Written Proposal — Due Friday, March 11

Your proposal should consist of a 2–3 page description of your project that includes the following:

  1. Group: Group member names and uniqnames.
  2. Title: What would you call the eventual paper or product?
  3. Problem: A description of the problem you will address and why it is important.
  4. Context: A survey of related work and past approaches to the problem.
  5. Approach: How you will address the problem and how your approach differs from past work.
  6. Evaluation: How you will test how well your approach works (e.g., experimental measurements).
  7. Scope: What you plan to accomplish and deliver by the checkpoint and by the end of the semester.

Email your proposal to eecs588@umich.edu.

Project Checkpoint — Due Friday, April 1

Write a concise status report (no more than two pages) answering the following questions:

  1. Progress: What have you accomplished so far? What do you have left to do?
  2. Schedule: Are you on track to complete what you proposed?
  3. Obstacles: Have you encountered any surprises or unexpected problems?
  4. Workarounds: If you're having problems, how do you intend to solve them or work around them?
  5. Preliminary results: Can you draw any preliminary conclusions from your results so far? Include data.

Email your status report to eecs588@umich.edu. You're also welcome to come see me if you need advice.

Project Presentation — In class, April 12 and 14

The last full week of class is set aside for the 8th Annual EECS 588 Security Symposium. Each group will give an in-class presentation about their results, in the style of a brief conference talk. These will be rapid fire talks; you'll have 10 minutes to speak and 5 minutes for questions.

Preliminary program:

Tuesday, April 12

    Session 1: Transportation Security

  • 1:45 Security Analysis of the SAE J1939 Standard.
    Leif, Bill, and Yelizaveta.
  • 2:00 Detecting Attacks on the CAN Protocol with Machine Learning.
    Valliappa, Ian, Daniel, and Spencer.

    Session 2: Detection and Measurement

  • 2:15 Deep Learning for Detecting Image Doctoring.
    Mark and Ye.
  • 2:30 Fast Mobile Network Vulnerability Scanning.
    Yikai and Chao.
  • 2:45 Passive Measurement on High-speed Backbones.
    Matt.

    Session 3: Low-level Attacks I

  • 3:00 Leveraging Advanced Cache Technology for Rowhammering.
    Misiker, Sinan, and Sherin.

Thursday, April 14

    Session 4: Low-level Attacks II

  • 1:45 Subverting RNGs from Hypervisors.
    Jeremy, Tim, and Andrew.
  • Session 5: Securing the Web

  • 2:00 Assessing the Usability of HTTPS CAs
    Deepak, Victor, and Prateek.
  • 2:15 Cost-Benefit Analysis of Web Encryption Exploits.
    Matt and Alex.
  • 2:30 Analysis and Defenses for Cross Site Request Attacks.
    Angela, John, and Tejas.

    Session 6: Reverse Engineering and Pen Testing

  • 2:45 Analysis of DRM for Web-based Video.
    Kegan, Mo, Mayank, and Ben.
  • 3:00 Reverse Engineering a Smart Lock.
    Aaron, Garrison, and Sarah.
  • 3:15 Penetration Testing of University Autograders.
    Ian, Austin, and Ryan.

Final Paper — Due Wednesday, April 20 at 5pm

Your group's final project report should be written in the style of a workshop or conference submission, like most of the papers we have read this semester. Please include at least the following:

  1. An abstract that summarizes your work.
  2. An introduction that motivates the problem you are trying to solve.
  3. A related work section that differentiates your contributions.
  4. Section(s) describing your architecture or methodology.
  5. Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
  6. A brief future work section explaining what is left to do.
  7. Appropriate citations and references from the literature.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. I strongly encourage you to use LaTeX and the USENIX template files, and ShareLaTeX might be a helpful collaboration platform. Please submit your report via email to eecs588@umich.edu.

Submitting Your Work for Publication

You should consider submitting your results to a technical workshop. There are several workshops held annually in conjunction with USENIX Security that have deadlines in late April and May. I'll be glad to advise you further in preparation for submission.