CSE 227: Computer Security

Projects

The goal of this class is to expose you to computer security research, and the best way to learn about computer security research is to do it. In this class, you will undertake your own research project, which you will present at the end of the course.

We prefer group of two people. You may come up with your own project or you may choose from one of the project ideas below.

Inportant dates

  • Apr 14th: Form project groups.
  • Apr 27th: Submit project proposal (1 page max).

Project proposal

Your project proposal should describe what you plan to do, why it is interesting, how you plan to do it, and what you are not sure about. Also describe what resources you think you will need to carry out the project. The proposal should be no longer than one page.

Project report

Your report should be written like a research paper on par with the papers read in class. The report should be no longer than 6 pages.

Project ideas (old, new ideas to be provided shortly)

  • Sound, vision, Sensors
    • Redo Zhuang et al. paper on Keyboard Acoustic Emanations (extracting typed text from sound alone)
    • Can one recover keystrokes from accelerameters in a FitBit?
    • Fitbit/activity monitor biometrics (e.g., how does heartrate change in response to stimuli), step rate, etc
    • Security analysis of bluetooth headphones (e.g., GC35/Beats) can they become a listening device?
    • Build proof of concept Light-bulb based cover-channel (microphone in Zigbee lightbulb)
    • Automated extraction of latent fingerprints (e.g. via UV photography)
    • Automated extraction of fingerprints via video?
    • Audio or video-based gait recognition (biometric)
    • Video-conferencing filter that obscures identity but looks natural (autotune for faces)
    • Identifying individuals in crowd scenes via non-traditional cues (e.g. bad of the head recognition)
    • Watermarking 3D models
    • Meaningful visualization of security data (e.g., spam, net, etc.)
    • Seeing through privacy glass or 3M privacy screens?
    • Scale up the UNC paper that infers what you're watching on television via reflected light to capture Nielsen raitings on a whole cityscape
    • Automated mapping of spy satellites
    • Explore other variants of implicit memory passwords (i.e., where you don't know the password yourself) to see if you can improve training time or recognition time.
    • Can congnitive priming be used as a side-channel to escape an air gapped fascility?
  • Privacy
    • How well can you reconstruct Web logs from Netflow data?
    • Forensic analysis of seen SSIDs... Can you use public databases to determine where a phone has been? How precisely? What if you offer up other SSIDs to see ifuser wiill connect?
    • Is it possible to do speech recognition without exposing audio stream to the world?
    • Tie FAA flight database with network log data to infer which users are travelling and where they came from
    • Develop a system like X-ray to infer how various services track and trade your behavior based on the advertisements that are given to you.
    • Explore
  • Vulnerabilities
    • Use CIA disclosure and RAND study tod o meta analysis of Zero-day game theory (zero-days are common and cheap, rare and vulnerable? How does cost to acquire and rediscovery risk influence the policy in using zero-days?
    • How to reason about impact of new classes of security bugs (e.g., use modern testing tools to look for bugs in old code to see if there are key statistical commonalities)
    • Predict which code changes will produce software vulnerabilities
    • Analyze whether certain authors are more likely to introduce security vulnerabilities; does overall experience matter? experience on a project?
    • Is there a difference in security vulnerability density as a function of software age or programming language?
    • Come up with something reasonable to do about the Pass-the-hash vulnerability?
    • Look at library usage to determine where common shared vulnerabilities could be. Do something similar for software and F500 companies (e.g., based on public data abotu which companies use what software)... look for less well -known software that has broad reach
    • A security analysis of any interesting device... AlexA, GoogleHome, etc Internet-connected washing machine
  • PL Security ideas
  • User interaction
    • Design an agent that alerts users about security issues (e.g., HTTPS problems) only when they are entering PII and evaluate if that context helps improve their security hygiene.
    • Explore howif sound can be used to enhance security awareness.
    • What about other contextual cues (e.g., suble shaking of window, color shifting, etc... can people be nudged to do the right thing?
    • To a study to determine how infrequently negative security advice must occur for it to be taken more seriously? What is the tradeoff in frequency and effectiveness?
    • Design a system that can detect if users are using the same or substantially the password for multiple sites and warn them appropriately (and do so without storing the passwords)
    • Do a study of how server configuration errors lead to security vulnerabilities and explore if there are common culprits
  • Malware
    • Build system to identify the kinds of information being targeted by different kinds of malware
    • Evaluate malware delivery vectors: P2P malware vs web sites vs attachments, etc ... are they all carrying the same malware or different?
    • Evaluate time-to-detect for commercial malware
    • Build IDA plug-in to locate particular “kind” of code in binary (e.g., AES code, CRC code, packing code, network code, etc.)
  • E-Crime
    • Use NLP to track good/service pricing on underground forums/IRC
    • Relate use of domain names in various scams to price of domain offered by registrar
    • Come up with a technique to infer the profitability of Ransomware
    • Do a measurement study of criminal proxy networks
  • Machine Learning
    • Predict which code changes will produce software vulnerabilities
    • Repeat Ma’s on-line URL classification study using Web page content
    • Build classifier to predict machine compromise based on what sites you visit
    • Apply receiver-reputation idea to Web visits (reputation of sites depends on who visits them)
    • Clustering of malware families based on behavioral features
    • How to detect poisoning of learning-based systems?
    • Follow-on work for Berkeley work to produce sound that is recognized by speach recognizers but isn't recognized by humans. Explore if it can be masked by other features for humans, can be broadcast, etc...
    • Build a system that learns a profile for "normal" kernel memory usage and can alert if memory contents are anomalous
    • Build a forensic tool that can reconstruct some/all of a memory/disk image even if the precise formatting is not understood (assuming general contents of files tends to be the same... e.g., across Android phones)
  • Miscellaneous
    • Detection of Bots in MMPORGs
    • Automation for “attack surface” estimation
    • Analysis of Taser authentication
    • Location verification via “audio-print” (indeed, any way of proving location)
    • Analysis of on-line poker (fair deal or not?)
    • AppEngine Cartography (repeat our Amazon study on AppEngine)
    • Use new Intel security features for something interesting (e.g., NotABot)
    • Hardware support for self-destructing data
    • Hardware support for information flow tracking
    • Detecting pirated hardware IP (e.g., mp3 or PCI blocks) via unique side-effects
    • Build a system that whenever you run an executable from the network, spawns two new VMs, one where you run the program, the other where you didn't and then compare the state changes between to two to decide if something bad has happened and "undo" to the world where you didn't run the program.
    • How does a cloud provider prove that they’ve replicated your data?
    • Forensic analysis of Flash?
    • Security analysis of campus power grid
    • Security vulnerabilities in the Kindle?
    • Repeat Ozment/Schechter’s Milk/Wine study on vulnerability generation w/another system (great study!)
    • Difficulty in spoofing consumer GPS
    • Are there vulnerabilities in Digital FM radio?
    • Identify “anomalous” file contents to mitigate file format vulnerabilities (esp Flash, QuickTime and PDF)
    • Attacks against smart batteries (drain beyond ability to recharge or make explode)
    • Driver detection (infer identity of driver via driving behavior)
    • Explore use of differential privacy to protect data for interesting network or security trace analysis problem (e.g., pick any of George Varghese’s classic measurement papers and see if it can be done with DP)
    • Build an interactive biometric system (e.g., proof of presence via eye-tracking) to prevent simple replay attacks
    • Design a CAPTCHA that is difficult to outsource to low minimum-wage solvers
    • Build a system to fingerprint physical luxury goods (e.g., leather, etc) ala the Princeton work on paper
    • SMART disks will move data from failing sectors to spare sectors. Consequently the data on these failing sectors may not be erased when the associated data is erased. Explore if this actually happens and the correct way to erase a disk
    • Analyze data breach incidents (sources: datalossdb.org, CA DoJ, Privacy Rights Clearinghouse)