Semester Project: Part 1

Background Research

CS 321 Homework, Dr. Lawlor, 2006/02/03. Due Friday, Feb 10 at 5pm.

You'll be working on a single software development project all semester long, and you get to choose the topic and the scope. It should be a topic that can be scoped big enough to make sense to work on it for months; but it shouldn't be so big you can't get anything running in one semester. Figuring out the scope of a given task is probably the hardest problem in computer science! Luckily, knowing something about the topic makes it a lot easier--and that's the real point of this assignment.

I'd like you to give me one text file, including one paragraph describing your topic--generally what kind of a thing you'd like to build. See the example projects below for ideas.

In your text file, I'd like you to include two links to websites that describe projects on similar topics. For each link, include a one-sentence summary of what it does, and another sentence describing how your project will be different or better.

I'd also like you to include links to five "reference" websites, that include information you think will be specifically useful in completing the project. Don't just give me a meta reference like "http://google.com" or a website describing security topics in general--if there's not an obvious & direct linkage to your project, it doesn't count!

This assignment is not about the scope of the project. I don't want to you to start planning exactly what to do, or how you plan to do it. It's about the topic--figure out what's out there, and how you can add something. This is actually the first step you should take in any real project!

Turn in your text file by attaching it to Blackboard under "proj_bg". 30% of the grade is for the one paragraph topic description, 20% is for the links to two similar projects with short analysis, and the remaining 50% is for the five bare reference links (so they better be good links!). All seven links have to be different from each other (where "different" means at least having different domain names).

Note that students taking 693 are expected to complete more ambitious projects, and they will be graded to a higher standard.

Example Projects

Choose one, or make up your own!

Design and implement any cryptographically secure network protocol, to guarantee authentication and/or secrecy. (google: "sha-1 hash", "RSA encryption").
Collect a virus, worm, or trojan from "the wild"--your inbox, a file-sharing network, a DRM'd audio disk, or the web. Do something interesting with the malicious code, like:

Analyze and characterize the code's behavior by infecting a virtual machine, disassembling the virus code (be careful--malicious executables are often packed/encrypted), and consulting references.

Write a "cleaner" that undoes the changes the malicious code makes after it infects a system.

Implement a virus or worm for any obsolete system (e.g., Mac OS 9, DOS). You must not allow your virus to escape beyond your development virtual machines. (Targeting obsolete systems decreases the possible damage that could arise from a containment loss.)
Implement a packet-sniffing library for any operating system (google: "SOCK_RAW"). Decode packets from at least one TCP-based protocol.
Implement a log file analyzer, and use it to locate an interesting pattern (e.g., signs of breakin attempts) in a log file of your choice. You must run the program on some real log file.
Collect packet logs from a real machine exposed to the internet, and write code (or a script) to compute a histogram of the different breakin attempts, broken down by port number, source IP address, or vulnerability type. I've got tons of this sort of log data if you need them.
Implement a filesystem security checker, so if any of a configurable list of files changes in any way, the administrator is notified. (google: "sha-1 hash").
Implement a secure network logger process--receive log messages from machines on the network, and store them in an impossible-to-tamper fashion. This is necessary because logs on a compromised machine may have been edited to cover the intruder's tracks, so the network logger must be robust against network attack and malicious clients.
Implement an executable security checker, so if a program's binary code has been modified, the security checker would flag the change before the program starts up. The security checker code can just be a library the executable calls, a part of the kernel, or a separate security daemon.
Implement a kernel security checker for any operating system. This module would ensure that kernel data structures (of your choice) have not been tampered with (e.g., the syscall table).
Implement a "defcon" system for the Linux kernel. At defcon 1, all operations work normally. At defcon 2, the ability to load new kernel modules is disabled. At defcon 3, in addition all writes to disk are disabled. The module should make it very difficult to lower the defcon level once it's been raised.
Implement a cryptographic filesystem for the Linux kernel. Pick any existing encryption algorithm, or make one up. (google: "cryptoloop", "scramdisk").