Term Project

The intent of this project is for you or your team to do independent research and demonstrate an in-depth knowledge of a specific area related to the class material. You should start thinking of what you might be interested in working on immediately. After the first month of class you should have a pretty good idea of the area you're thinking of working in. You'll be writing up your ideas as a 1 page Vision Statement (see details below) and submitting it to me by the beginning of Session #5. I'll review these and discuss them with you as necessary to clarify any questions I may have. By Session #6 I should be able to give you the go ahead to continue.

In general I expect the projects to include reading and detailed research into some particular security-oriented topic, and then writing up what you have discovered and your personal thoughts on the subject, highlighting any open questions, areas for future research, etc. You should look for sources such as articles in general content magazines, newspapers and on TV or radio (e.g., Time, Newsweek, Scientific American, the NY Times, Washington Post, NPR Public Radio,...) as well as other more technical sources such as conference proceedings or the academic/research publications from the ACM and IEEE. Also look toward specialized magazines such as Wired, Information Security, Signal, and CIO. Searching the web for information is encouraged as well, but the accuracy of the content found there can be dubious or misleading, at best. Some sites like CERT, Packet Storm, SANS, and OWasp are good bets to start with, however. If in doubt, check with the instructor.

In any event, beware of any wholesale or even partial copying of other people's content! That will not be condoned in any form and will be considered cheating if it's discovered, leading to a certain failure in the course.

Your final written submission should include the following general types of content:

• A summary of the materials' content. What is happening currently within this topic area? Why is it important, and to whom? What are people doing about it? Try to select sources that let you answer those questions in a comprehensive fashion; in other words, try to find materials that give different perspectives on the topic.
• An analysis of the materials' balance. Are the writers addressing all sides of the issue? Is there bias and, if so, in which direction? What evidence can you give from the sources to show bias? How do the materials you've chosen disagree with each other?
• An analysis of the materials' quality. Did the writers do sufficient research? Are the articles technically correct? Are there elements of the arguments that be enhanced with more detail or more argumentation?
• Your own opinions of this topic area. Did the material you chose support or change your opinion? If not, then why? What might a follow-up report on this topic contain that would be useful?

In writing up your topic research I'd like you to also supply:

• Full citations for any book, articles, web references, etc. that you use; the citations can be in any commonly used format such as APA Style, MLA Style, or IEEE format. Please include a link to an electronic version of the material, if available.

Programming Project

However, if you are inclined toward programming rather than writing (caveat: you'll still have to write up your project, just not as much writing will be expected though---sorry), then you can choose to do a coding project of some sort which entails some aspect or aspects of computer security. My preference would be that you work in Java if you do a programming project, but other languages would be acceptable as well. The choice is yours.

Each project should represent independent design, construction, and testing. You must turn in a design document, commented source code, and a fully operable application. You must also include an overview and summary document describing what you built, how it works, where it might be used, and the conditions under which it should not be used. Indicate all references used.

In either case (that is, the research paper or a programming project), you'll need to first show me what you propose to do in your...

Vision Statement

This is what needs to be in your Vision Statement:

1. Topic: a description of the topic area you will be researching
2. Goals: what it is you are trying to accomplish
3. Approach: how you will go about developing your project

I will need to review and sign off on your Vision Statement before you invest a lot of effort in actually implementing it.

End-of-term Deliverables

These are the deliverables due at the end of the semester:

1. A 10 minute stand-up presentation (by both members of the project team, when working in pairs) outlining the project's goals, what issues arose during the work, and how they were addressed. You can use a presentation tool like MS Powerpoint or OpenOffice Impress to create and run the presentation, but you will need to submit an Adobe PDF version of the on-screen presentation as well.
2. An 8 page, single-spaced written narrative (4 pages, if doing a programming project) describing in detail the points discussed in the stand-up presentation.
3. If doing a programming project, then a working demonstration of the programming project you've created.

Your paper should be in proper style, use proper grammar, and be carefully researched and phrased. The format will be 12-point type, single-spaced, with 1-inch margins. Your paper should be at least 8 pages long, not counting the reference pages or diagrams.

Sample Topic Ideas

1. Security of electronic voting (e-Voting) systems
2. Security in the medical domain
3. Cyberterrorism: Real or Imagined?
4. The history and role of "anonymizers"
5. RFID tags and privacy/security/ethics
6. SQL injection exploits
7. 802.11 Wifi security
8. Steganography and Terrorism
9. Implication of the Patriot Act and other legislation on computer security
10. Anonymous surfing & private browsing
11. Identity theft
12. Cracking software piracy protection
13. Google SEO hacking
14. Spyware & Adware
15. Zombies & Botnets
16. Real-world uses of biometric authentication
17. "Behavioral" biometrics
18. Current and future state of face-recognition systems
19. Security penetration forensics
20. Distributed hash and password crackers
21. Use of SSL/TLS on the Web
22. Cell phone hacking
23. Security and privacy issues in social networking sites
24. VoIP security issues
25. User interfaces and the role of security
26. Cross-site scripting on the web
27. Ajax on the Web and its implications for security
28. Nintendo Wii hacking
29. Countering e-mail SPAM
30. The use of PGP and personal encryption
31. Security issues and automobile computers
32. Quantum cryptography
33. Digital signing of computer applications
34. Economics of Information Security
35. Security "Black Hats" vs. "White Hats"
36. Compare, contrast, and critique (i.e., what security issues were depicted, how realistic the movie was, how you might have done it differently, how things have changed security-wise since the movie was made, etc.) three movies with computer security themes such as (a copy of the videos marked with a * can be borrowed, if needed):
• Firewall
• Enemy of the State
• Sneakers*
• The Net*
• Hackers*