View All Pages

Project details and some ideas

 

A group project is a major component of this course. You are free to select any research project related to computer security, broadly defined. Projects will be conducted in groups of 2 people (please ask me about possible exceptions). 

Do not actually attack or potentially compromise anyone's security or privacy without first obtaining appropriate approval. (Check with the instructor if you're unsure.)

We suspect that most projects will fall into at least one of the following categories:

  • Design/Build. Design, build, and evaluate a new system. You have a lot of flexibility here. Your system might improve the security of an existing system. Your system might address a problem that no one has thought of addressing before. Or your system might improve upon the usability of the security portions of a system.
  • Analyze. Analyze the security of something, perhaps an important and widely deployed (or soon to be deployed) system or a research proposal. If you choose this type of project, please try to look for new lessons that one might learn from your analysis. Please also consider how one might redesign or reimplement the system in order to improve its resistance to any attacks you might have uncovered. You might analyze a computing technology or use computing technologies to analyze some security property in the physical world.
  • Measure. Measure something. The goal should be to improve our understanding of some adversarial phenomenon. For example, in the past, researchers have conducted measurement studies of spyware, botnets, worms, and web tracking.
  • Human Factors. Analyze the usability or other human-computer interaction issues of something related to computer security and privacy. Or improve the usability of a system, and then evaluate your improvement.

 

You are welcome to choose a course project related to your current research, or something entirely different. If you are stumped and need ideas, please reach out to the course instructor.

The project will be due in 5 steps. (The points for each step are mentioned as percentages.)

  1. 5% - Form project groups: Recommended group size for working on the project is 2 people. You may use the class discussion board to connect with potential group members. In rare cases it may be possible to work a group of size 1 or 3; please contact me if you wish to explore this option. Please submit your project groups to me by the deadline.
  2.  10% - Project proposals: Each group will submit a 3-page project proposal, including
    • a problem definition,
    • motivation,
    • related works,
    • planned approach for evaluating your solutions, and
    • a list of milestones with dates.
    Please feel free to schedule an appointment to talk about ideas.
  3. 20% - Peer Project Workshopping.
    We will spend these two class periods everyone will have to present the status of their project, and others will provide feedback. 
  4. 30% - Project presentations: Everyone should participate in the presentation. The length of the presentations will depend on the total number of projects in the course, but I anticipate that each presentation will be 15-20 minutes long (depending on how many groups we have), with 5 min for audience questions.
  5. 35% - Final project reports: Your group’s final project report should be written in the style of a workshop or conference submission, like most of the papers we read this semester. Please include at least the following:
    • An abstract that summarizes your work.
    • An introduction that motivates the problem you are trying to solve.
    • related work section that differentiates your contributions.
    • Section(s) describing your architecture or methodology.
    • Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
    • A brief future work section explaining what is left to do.
    • Appropriate citations and references from the literature.
    • A brief paragraph containing a break-down of contributions of each project member.
    See also: Advice on writing technical articles. Links to an external site.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. You must use LaTeX Links to an external site. and the ACM CCS template. Links to an external site. You can checkout Overleaf  Links to an external site.for easy collaboration and LaTeX compiling.

 

All materials should be submitted in PDF form to Canvas. You will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%. The Final presentation and project report cannot be late.

Project Ideas

(I will add more as course progress. Also, come talk to me if you have a new project idea, and would like to share with the class.) 

Here are some ideas for projects. Extra points if you can come up with your own.

1. MasterFingerPrint using GAN. Check out the MasterFingerPrint paper by Bontrager et al. from the paper list. Can you generate an ordered list of guesses for a fingerprint template, just like passwords? Can we do better than Bontrager et al. using Generative Adversarial Network (GAN) or other more advanced neural network techniques. 

2. Fingerprint matching on GPU. This is an implementation project. If you are interested in implementing low-level GPU code, this will be an interesting project. We want to expedite and scale fingerprint matching using GPU to tens of millions of matches per second. Can we do it?

3. Understanding the global ecosystem of dual-use/spyware apps used for IPV.  Several apps present in official app stores, such as Google Paly Store or Apple App Store can be used to spy on an intimate partner, e.g., FindMyPhone, or SMS-Syncing apps. See this study Links to an external site. for more details. Can we do a similar study on unofficial application stores, such as (Samsung) Galaxy store, Tencent App Store, Baidu App Store, etc? You will first find a list of popular application stores in the world, write a crawler to download app metadata from a subset of stores for 10 days (continuously), and finally analyze the data to conclude the project.

4. Password cracking using GAN. Estimating password distribution can help improve the security of passwords. While there have been lots of work, none is perfect. Generative Adversarial Networks (GANs) are an effective way to learn a distribution. Some research works have tried to use GAN to learn password distribution, e.g., PassGAN Links to an external site. and  IWGAN Links to an external site., however, the efficacy is still below classical well-tuned Markov or PCFG-based models. Can we tune GANs to beat the efficacy of those models? What are the key benefits of using GANs (e.g., easy to retrain for a particular website or for particular password requirements)?

5. Measuring search result bias for victims vs abuser. There is anecdotal evidence that searching for abusive content (or search related to abusing an intimate partner using technology) produces more relevant search results than when a victim searches for how to prevent abuse. We want to formalize this bias and measure on some search engines. The output of the study could be to help victim service providers to perform better SEO to reach to a broader set of victims.