CSE 227: Computer Security


The goal of this class is to expose you to computer security research, and the best way to learn about computer security research is to do it. In this class, you will undertake your own research project, which you will present at the end of the course.

We prefer group of two people. We recommend that you come up with your own project, but you may find some inspiration from the list of project ideas below. Also, here is a link to our Hall of Fame, a partial list of papers that came out of this class.

Inportant dates

  • Oct 4th: Form project groups.
  • Oct 13th: Submit project proposal (1 page max).
  • Dec 8th: Research paper due, send via e-mail. Research paper format (6 page max)
  • Dec 10th: Final presentation (10mins). Send me slides by 8pm the day before. Presentations start at 8am.

Project proposal

The purpose of a research proposal is to convey to the audience (in this case, the instructor and TA) your research idea, why it matters, and how you will achieve it. Proposals should provide enough high level context that someone without knowledge of that specific area can follow along, but still detailed enough to convince the reader that the project idea is viable and achievable. Remember that you only have 8 weeks (at the time of submission) to do your research project! Start early and ask questions often; office hours are a great time to receive feedback.

Your proposal should briefly address the following questions (in one page):

  • What are you trying to do? Did you explain the problem?
  • How is the problem you are addressing done today? What are the limits?
  • Citations from previous works are encouraged and don't count towards your page limit.
  • What is new and why do you think you will be successful?
  • What are the security applications of the project?
  • Why is this important?
  • What are the risks?

These questions have been adopted from the Heilmeier Catechism: https://www.darpa.mil/work-with-us/heilmeier-catechism

We will provide ample feedback, including meetings with each group, to ensure that everyone is on the right track and can get the resources they need to be successful.

Project report

Your report should be written like a research paper on par with the papers read in class. The report should be no longer than 6 pages.

Project ideas (old and new)

  • New Project ideas
    • Privacy of zoom backgrounds (i.e., can they be "removed")
    • Automatic inference of who is talking to who on Zoom (status polling)
    • Electrical system watermarking to establish where audio/video was recorded(see: https://github.com/bellingcat/open-questions, also check out PinDrop paper)
    • Techniques for automatically identifying popular libraries and functions used in unknown binaries (i.e., for aiding in reverse engineering via Ghidra)
    • Security analysis of Gas Chromotograph device used for identifying performance enhancing drugs in athletes.
    • Comparison of nameserver dependencies in particular ccTLDs (e.g., .ru)
    • Implementation of "implicit" second factor via smartwatch (i.e., witnessing you typing password using accelerometers) and/or gesture second factor
    • Security analysis of robot vaccum with LiDAR (e.g., roborock)
    • Analysis of streaming television telemetry (i.e., what is being tracked, how are ads being targeted, etc)
    • Network inference questions in the presence of TLS (i.e., what can you infer in an HTTPS session.. can you tell if they had a cookie? can you make guesses about what page they viewed, etc)
    • Retrospective identification of fraudulent DNS names (i.e., names that appear and leave zone files and there is reason to believe fraud)
    • System to identify public WiFi cameras (e.g., Ring) -- basic idea is to flash strobe light while looking for related patterns in 802.11 spectrum.
  • Sound, vision, Sensors
    • Redo Zhuang et al. paper on Keyboard Acoustic Emanations (extracting typed text from sound alone)
    • Can one recover keystrokes or PIN button pressesfrom accelerometers in a FitBit or Apple Watch?
    • Security analysis of bluetooth headphones (i.e., those with microphones) can they become a listening device?
    • Build proof of concept Light-bulb based covert-channel (microphone in Zigbee lightbulb)
    • Automated extraction of latent fingerprints (e.g. via UV photography)
    • Automated extraction of fingerprints via video?
    • Audio or video-based gait recognition (biometric)
    • Video-conferencing filter that obscures identity but looks natural (autotune for faces)
    • Identifying individuals in crowd scenes via non-traditional cues (e.g. bad of the head recognition)
    • Watermarking 3D models
    • Meaningful visualization of security data (e.g., spam, net, etc.)
    • Seeing through privacy glass or 3M privacy screens?
    • Scale up the UNC paper that infers what you're watching on television via reflected light to capture Nielsen raitings on a whole cityscape
    • Automated mapping of spy satellites via occlusion
    • Explore other variants of implicit memory passwords (i.e., where you don't know the password yourself) to see if you can improve training time or recognition time.
    • Can congnitive priming be used as a side-channel to escape an air gapped facility?
  • Privacy
    • How well can you reconstruct Web logs from Netflow data?
    • Is it possible to do speech recognition without exposing audio stream to the world?
    • Tie FAA flight database with network log data to infer which users are travelling and where they came from
    • Develop a system like X-ray to infer how various services track and trade your behavior based on the advertisements that are given to you.
  • Vulnerabilities
    • Use CIA disclosure and RAND study tod o meta analysis of Zero-day game theory (zero-days are common and cheap, rare and vulnerable? How does cost to acquire and rediscovery risk influence the policy in using zero-days?
    • How to reason about impact of new classes of security bugs (e.g., use modern testing tools to look for bugs in old code to see if there are key statistical commonalities)
    • Analyze different hosting provider's use of popular open source frameowks, how they differ in patch responsiveness for security bugs and whether this is manifest in reports of abuse
    • Predict which code changes will produce software vulnerabilities
    • Analyze whether certain authors are more likely to introduce security vulnerabilities; does overall experience matter? experience on a project?
    • Is there a difference in security vulnerability density as a function of software age or programming language?
    • Come up with something reasonable to do about the Pass-the-hash vulnerability?
    • Look at library usage to determine where common shared vulnerabilities could be. Do something similar for software and F500 companies (e.g., based on public data abotu which companies use what software)... look for less well -known software that has broad reach
    • A security analysis of any interesting device... AlexA, GoogleHome, etc Internet-connected washing machine
  • PL Security ideas
  • User interaction
    • Design an agent that alerts users about security issues (e.g., HTTPS problems) only when they are entering PII and evaluate if that context helps improve their security hygiene.
    • Can we replace bad security programming advice online (e.g., StackExchange) to real vulnerabilities in the wild?
    • Explore howif sound can be used to enhance security awareness.
    • What about other contextual cues (e.g., suble shaking of window, color shifting, etc... can people be nudged to do the right thing?
    • To a study to determine how infrequently negative security advice must occur for it to be taken more seriously? What is the tradeoff in frequency and effectiveness?
    • Design a system that can detect if users are using the same or substantially the password for multiple sites and warn them appropriately (and do so without storing the passwords)
    • Do a study of how server configuration errors lead to security vulnerabilities and explore if there are common culprits
  • Malware
    • Build system to identify the kinds of information being targeted by different kinds of malware
    • Evaluate malware delivery vectors: P2P malware vs web sites vs attachments, etc ... are they all carrying the same malware or different?
    • Evaluate time-to-detect for commercial malware
    • Build IDA or Ghidra plug-in to locate particular “kind” of code in binary (e.g., AES code, CRC code, packing code, network code, etc.)
  • E-Crime
    • Use NLP to track good/service pricing on underground forums/IRC
    • Relate use of domain names in various scams to price of domain offered by registrar
    • Come up with a technique to infer the profitability of Ransomware
    • Do a measurement study of criminal proxy networks
  • Machine Learning
    • Predict which code changes will produce software vulnerabilities
    • Build classifier to predict machine compromise based on what sites you visit
    • Apply receiver-reputation idea to Web visits (reputation of sites depends on who visits them)
    • Clustering of malware families based on behavioral features
    • How to detect poisoning of learning-based systems?
    • Follow-on work for Berkeley work to produce sound that is recognized by speach recognizers but isn't recognized by humans. Explore if it can be masked by other features for humans, can be broadcast, etc...
    • Build a system that learns a profile for "normal" kernel memory usage and can alert if memory contents are anomalous
    • Build a forensic tool that can reconstruct some/all of a memory/disk image even if the precise formatting is not understood (assuming general contents of files tends to be the same... e.g., across Android phones)
  • Miscellaneous
    • Detection of Bots in MMPORGs
    • Automation for “attack surface” estimation
    • Analysis of Taser authentication
    • Location verification via “audio-print” (indeed, any way of proving location)
    • Analysis of on-line poker (fair deal or not?)
    • Use new Intel security features for something interesting (e.g., NotABot)
    • Hardware support for self-destructing data
    • Hardware support for information flow tracking
    • Detecting pirated hardware IP (e.g., mp3 or PCI blocks) via unique side-effects
    • Build a system that whenever you run an executable from the network, spawns two new VMs, one where you run the program, the other where you didn't and then compare the state changes between to two to decide if something bad has happened and "undo" to the world where you didn't run the program.
    • Forensic analysis of Flash?
    • Security analysis of campus power grid
    • Security vulnerabilities in the Kindle?
    • Repeat Ozment/Schechter’s Milk/Wine study on vulnerability generation w/another system (great study!)
    • Difficulty in spoofing consumer GPS
    • Are there vulnerabilities in Digital FM radio?
    • Identify “anomalous” file contents to mitigate file format vulnerabilities (esp Flash, QuickTime and PDF)
    • Attacks against smart batteries (drain beyond ability to recharge or make explode)
    • Driver detection (infer identity of driver via driving behavior)
    • Explore use of differential privacy to protect data for interesting network or security trace analysis problem (e.g., pick any of George Varghese’s classic measurement papers and see if it can be done with DP)
    • Build an interactive biometric system (e.g., proof of presence via eye-tracking) to prevent simple replay attacks
    • Build a system to fingerprint physical luxury goods (e.g., leather, etc) ala the Princeton work on paper
    • SMART disks will move data from failing sectors to spare sectors. Consequently the data on these failing sectors may not be erased when the associated data is erased. Explore if this actually happens and the correct way to erase a disk
    • Analyze data breach incidents (sources: datalossdb.org, CA DoJ, Privacy Rights Clearinghouse)