0368-3500-35Spring 2009
Workshop in Computer Security
Instructor:
Ran Canetti
Assistant:
Rani Hod
Goals
Note:
The workshop projects will be interesting and "cool" but not easy!
Prerequisite
Software 1.
There is no formal prerequisite requirement regarding cryptography
or computer security, although some prior background knowledge and affinity
will certainly help. Students will be expected to read and learn on their own
any concepts and systems that are needed in order to carry out the project
successfully.
Methodology
After two introductory
lectures, the students will form teams of 1 to 3 students.
Each team will choose a project of scope appropriate to its size (See list of
projects below.)
Project selection should be done as early as possible, but no later than
the third meeting, namely March 22.
The first part of the work on the project is devoted to collecting, reading and
understanding the background material. This includes understanding the goal,
the relevant theoretical background, the tools to be employed, the programming
environment. Very importantly, it also includes a literature search on
potential similar software that's already available.
At the end of this part, each group has to
present its plan to the instructors. You will have
to explain in detail the implementation design and show understanding of the
internals of the project. Emphasis on implementation and specific project
goals will be given by the instructors.
You are strongly encouraged
to have this presentation as soon as possible.
The main part of the work is devoted to implementing the plans made in the
first part. You are
expected to test the code you wrote, analyze its performance and draw conclusions as to
how
it can be improved, what features can be added. Throughout the semester we
will have three course meetings in which each group will describe its progress
to
class and will raise for discussion issues encountered while working on the
project.
Submission will be done in three steps:
1. Pre-submission. Each group will have a personal meeting with Ran and Rani,
presenting their project in action. Although this presentation is part of the
grade, it is intended mostly for feedback.
2. Class presentation. On the last two weeks of the semester, each group will
present its project to the class.
3. Final submission. Each group will have another personal meeting with Ran and
Rani, presenting their project in action. Changes based on
feedback from pre-submission and class presentation will be expected.
Requirements:
Grade
The grade will be the sum of two components: The project component and the
understanding/participation component. The project grade will be based solely on
the quality of the
implementation and the demonstration, against the stated goals.
This component will be the same for all the participants in the project.
The understanding/participation grade is individual and
will be based on the Ran and Rani's impression of your understanding of the
material
in individual meetings and in the project discussion in class meetings.
Note that this component can be either positive or negative.
Code sharing policy
Some projects will be encouraged to share information and code; in other cases
such sharing will be prohibited.
Needless to say, any unauthorized copying or sharing of information will
result in a grade penalty or possible disciplinary action. This includes
unauthorized use of publicly available code (such as code provided on the
Internet) for some of the tasks you are required to implement. When in doubt,
ask.
Technical Details
Projects
Below is an initial list of suggested projects.
The description below is very terse.
More details will be given in class. Projects may be added in the coming
weeks.
In addition, teams are welcome to
propose their own security-related projects. These proposals will of course be
subject to approval of the course staff.
Current webmail applications (such as Gmail, Hotmail, etc) require the user to
put complete trust in the mail server. In particular, the server is given full
access to the mail contents, and is trusted to verify the authenticity of
incoming mail in the name of the user. This set of projects is aimed to
develop methods for mitigating the trust in webmail servers, while maintaining
the functionality and ease of use.
The Internet Engineering Task Force (IETF) is the main body for standardizing
Internet protocols.
This set of projects will implement some current proposed standards for secure
communication.
(These projects will be supervised jointly with Yaron Sheffer from Checkpoint
Technologies.)
|