Semester Project: Part 1
Background Research
CS 321 Homework,
Dr. Lawlor, 2006/02/03. Due Friday, Feb 10 at 5pm.
You'll be working on a single software development project all
semester long, and you get to choose the topic and the scope. It should
be a topic that can be scoped big enough to make sense to work on it
for months; but it shouldn't be so big you can't get anything running
in one semester. Figuring out the scope of a given task is
probably the hardest problem in computer science! Luckily,
knowing something about the topic makes it a lot easier--and that's the
real point of this assignment.
I'd like you to give me one text file, including one paragraph describing your topic--generally what kind of a thing you'd like to build. See the example projects below for ideas.
In your text file, I'd like you to include two
links to websites that describe projects on similar topics. For
each link, include a one-sentence summary of what it does, and another
sentence describing how your project will be different or better.
I'd also like you to include links to five "reference" websites, that include information you think will be specifically
useful in completing the project. Don't just give me a meta
reference like "http://google.com" or a website describing security topics in general--if there's not an
obvious & direct linkage to your project, it doesn't count!
This assignment is not
about the scope of the project. I don't want to you to start
planning exactly what to do, or how you plan to do it. It's about
the topic--figure out what's out there, and how you can add
something. This is actually the first step you should take in any
real project!
Turn in your text file by attaching it to Blackboard under
"proj_bg". 30% of the grade is for the one paragraph topic
description, 20% is for the links to two similar projects with short
analysis, and the remaining 50% is for the five bare reference links
(so they better be good links!). All seven links have to be
different from each other (where "different" means at least having
different domain names).
Note that students taking 693 are expected to complete more ambitious
projects, and they will be graded to a higher standard.
Example Projects
Choose one, or make up your own!
- Design and implement any cryptographically secure network protocol, to guarantee authentication and/or secrecy. (google: "sha-1 hash", "RSA encryption").
- Collect a virus, worm, or trojan from "the wild"--your inbox, a file-sharing network, a DRM'd audio disk, or the web. Do something interesting with the malicious code, like:
- Analyze and characterize the code's behavior by infecting a
virtual machine, disassembling the virus code (be careful--malicious
executables are often packed/encrypted), and consulting references.
- Write a "cleaner" that undoes the changes the malicious code makes after it infects a system.
- Implement a virus or worm for any obsolete system (e.g., Mac OS 9, DOS). You must not
allow your virus to escape beyond your development virtual
machines. (Targeting obsolete systems decreases the possible
damage that could arise from a containment loss.)
- Implement a packet-sniffing library for any operating system
(google: "SOCK_RAW"). Decode packets from at least one TCP-based
protocol.
- Implement a log file analyzer, and use it to locate an
interesting pattern (e.g., signs of breakin attempts) in a log file of
your choice. You must run the program on some real log file.
- Collect packet logs from a real machine exposed to the internet,
and write code (or a script) to compute a histogram of the different
breakin attempts, broken down by port number, source IP address, or
vulnerability type. I've got tons of this sort of log data if you need
them.
- Implement a filesystem security checker, so if any of a
configurable list of files changes in any way, the administrator is
notified. (google: "sha-1 hash").
- Implement a secure network logger process--receive log messages
from machines on the network, and store them in an impossible-to-tamper
fashion. This is necessary because logs on a compromised machine
may have been edited to cover the intruder's tracks, so the network
logger must be robust against network attack and malicious clients.
- Implement an executable security checker, so if a program's
binary code has been modified, the security checker would flag the
change before the program starts up. The security checker code
can just be a library the executable calls, a part of the kernel, or a
separate security daemon.
- Implement a kernel security checker for any operating
system. This module would ensure that kernel data structures (of
your choice) have not been tampered with (e.g., the syscall table).
- Implement a "defcon" system for the Linux kernel. At defcon
1, all operations work normally. At defcon 2, the ability to load
new kernel modules is disabled. At defcon 3, in addition all
writes to disk are disabled. The module should make it very
difficult to lower the defcon level once it's been raised.
- Implement a cryptographic filesystem for the Linux kernel.
Pick any existing encryption algorithm, or make one up. (google:
"cryptoloop", "scramdisk").