1. Course Projects Examples Guidelines Suggestions

2. Topics Overview of project Selected Fall 2003 projects List of Fall 2004 projects General comments

3. Course Projects Undergraduate – group Graduate – individual Substantive investigation of some aspect of security Approach may be experiment, data analysis, system comparison, algorithm analysis, etc. First due date: Monday, October 24

4. Survey of Intrusion Detection Systems Comparison of IDS Different approaches Different products 27 pages, 7 references Undergraduates

5. E-Commerce Security Survey of client/server security issues in e-commerce Firewalls, CGI, Databases Privacy, Executable content Unpaginated, 5 references Undergraduates

6. Computer Immune Systems Consideration of some computer security measures from the perspective of biological immune systems Computer immunology Cfengine Unpaginated, 13 references Graduate

7. Locking in Transaction Processing Transaction locking in database management systems Emphasis on granularity and isolation levels Some overlap with DBMS courses 28 pages, 8 references Graduate

8. Commit Protocols in Multilevel Secure Distributed Database Systems 13 pages, 6 references Graduate

9. Statistical Database Security Design and development of a Statistical Security Checker Application to a simple (toy) medical DB 16 pages, 17 references, several screen printouts Undergraduate

10. Digital Watermarking Use of digital watermarking for image authentication and copyright protection Content-based watermarking New approach to digital watermarking proposed 18 pages, 5 references Graduate

11. Video Watermarking Overview of video watermarking Unpaginated, 10 references Graduate ?

12. Specialized Hardware for Deep Network Packet Filtering Design of hardware IDS 13 pages text, 12 references, ~30 pages code Graduate

13. Wireless Security Overview of wireless security Related to CSCE 313, 491, and other courses Examines 802.11 24 pages, 8 references Undergraduate

14. XML Enabled Data Exchange with Anti-Tamper Databases Stream-based approach to encryption of XML documents 23 pages, 14 references Graduate?

15. Survey of Security for Home and Small Business Computer Users Platform-independent methods to secure a host Debian GNU/Linux Windows XP 18 pages, 16 references

16. Constraint Satisfaction Problem in Agent-based Distributed Architecture Related to e-commerce Security issues in an agent-based environment 19 pages, 20 references

17. Defense of Network Attacks on Security Overview of some managerial issues 16 pages, 5 references, 1 attached article

18. Fall 2004 Projects 5 undergraduate group (2-4) projects 6 graduate projects

19. Undergraduate Projects Packet sniffing (4) Firewalls and VPNs (3) E-bay security (2) On-line transaction security (4) Steganography (4)

20. Graduate Projects Security in Java Passwords Web application security Wireless networks Ad hoc sensor networks PKI in e-commerce Wi-Fi security

21. Defense of Network Attacks on Security Overview of some managerial issues 16 pages, 5 references, 1 attached article

22. Some Approaches: Problems Pick a real or potential problem. Try to find out how much of a problem it really is. Pick a problem. Suggest a new or modified solution to it.

23. Some Approaches: Comparisons Pick a class of objects (e.g. viruses, defense techniques, etc.) and compare them in detail. Pick a set of algorithms and compare their performance.

24. Some Suggestions Credibility of web pages Malicious code on the web Privacy preserving web mining Models of availability/confidentiality tradeoffs Further work with AWARE

25. Web Pages Uncontrolled Information on the web is uncontrolled A Google search can produce Useful information Irrelevant information Out-of-date information Incorrect information Malicious information/programs

26. Credibility of Web Pages How can you tell if web information is credible? Date, author, publisher, credentials Human assessment Appearance of web page User assessment Link patterns (hubs and spokes) Automatic assessment

27. WebCred System to assess credibility automatically using criteria usually considered by people Evaluated in medical domain Rank comparable to human ranking Wall Street Journal Stanford University study

28. WebCred Criteria Credentials Association with AMA accredited medical school or selected federal agency Advertising Check for doubleclick, ad.dom, adv.dom Design W3C’s online page validator

29. Malicious Code on the Web Clicking on a link to a web page may allow malicious code to install itself on your computer Using e-commerce sites may result in spyware installing itself on your computer How likely is this? How can you protect yourself?

30. Privacy Preserving Web Mining Can privacy be preserved in the presence of web mining Problem similar to that seen in statistical databases

31. Availability Tradeoffs Security in MLS databases MLS = Multilevel security Mix of data at different security levels Issue of granularity – how much information is protected Small granules -> more availability Large granules -> less availability

32. An Example E [Name, Rank, Salary, Department] Two levels: Everything ok Can not associate specific name/salary Easy solution: Restrict access to Salary Reduced availability More complex solution: Allow accesses that don’t allow inference of specific Name/Salary pair More complex, higher availability

33. AWARE A Windows Attack IntRusion Emulator Runs a simulated Windows environment on top of an actual Windows environment Simulated attacks affect the emulation, not the underlying system

34. Major Components Attack inventory Attack generator Attack simulator Simulation evaluator

35. Attack Footprint Rogue processes Files/directories Registry modifications Port openings Firewall log entries Change in services

36. Simulation Tools Netstat Internet Explorer Registry Editor Search Services.msc Task Manager Windows Explorer