Course Overview

Information security aims to ensure desired behavior of computer systems and protect their content, when facing malicious behavior and attacks. This goal is of paramount importance to all aspects of society, ranging from individual people's privacy, through  commerce and industry, and up to critical national infrastructure and interests.

This workshop will introduce students to select topics in the field of information security, through a semester-long programming project. Several different projects will be offered, involving carefully chosen problems at the frontier of scientific and engineering knowledge. Projects will be assigned by students' preference and background. At completion, students will have gained deep familiarity with an aspect information security and the pertinent technologies, and moreover will have advanced the state of the art.

The workshop's goals:

  • Introducing students to select problems at the frontier of information security practice and research
  • Leading students through an end-to-end software development cycle:
    • defining the project
    • researching for similar projects
    • learning required background (protocols, APIs, environment)
    • designing and planning the methods of implementation
    • implementation
    • testing and debugging
    • adjusting project in response to feedback
    • wrapping up the project and presenting it to the world
  • Gaining experience with team-based development (as opposed to solo projects): distribution of tasks, source control and integration of code
  • Learning useful technical skills
  • Advancing the state of the art

Many of the workshop's projects are offered in cooperation with industry experts, offering a unique exposure to industry's capabilities and needs, and an opportunity for a real-world impact.

The workshop projects will be done in teams of up to 3 students (depending on the project and students' preferences). The projects will be interesting and cool, but expect intensive work, and several class meetings, throughout the semester. The aim is to complete all of the work in time for a final presentation on the last week of the study, and there will be milestones (set by the student themselves as part of the planning) to ensure progress during the semester. Extensions may be possible in case of contingencies.

Students will be expected to read and learn on their own any concepts and systems that are needed in order to carry out the project successfully.

In many of the projects, the choice of programming languages and tools  is not essential to the project's goal, and will be left to the students.

Prerequisites: operating systems (0368.2162), software project (0368.2161). Students may take the prerequisites in parallel to the workshop, though this will somewhat limit their project choice. It will be very helpful to have taken at least one course in cryptography or information security (or equivalent knowledge).

 

Proposed projects

Here are some of the proposed projects.:

  1. Android Declassification Infrastructure: Improving Android phone security by identifying and preventing leakage of private information.
  2. Privacy in a Demographic Database: analyzing privacy violations in demographic databases that can be queried on the Internet, and solving it. This involves understanding quantitative notions of privacy, statistical analysis, scripting and parsing HTTP queries, and manipulating databases.
  3. Implementing an access control mechanism for HTML5 user interface of a web-based system.
  4. Implementing cryptographic protocols for verifying correctness of computation.
  5. In-depth security analysis of the Wombat voting system, seeking vulnerabilities at the protocol, implementation and procedural levels.
  6. Bulletin Board Protocol for Voting: designing and implementing a cryptographic protocol for a secure bulletin board, which is an essential component for voting protocols.
  7. Reverse-Engineering Integrated Database: a support tool and online database for reverse engineering code
  8. Security under Communication-Limited System Compromise: maintaining cryptographic security of compromised systems, when the attacker can't transmit too much information out of the system
  9. Distributed Databases Security: adding a fine-grained access conrol mechanism to an existing distributed database

Student may also propose projects, within the workshop's scope.

 

Schedule

Week Date Meeting Task
1 6/3/2012 Introduction and project presentation  
2 12/3/2012 Project presentations - cont.  
6 17/4/2012 Students' presentations Project plan
9 8/5/2012   Milestone #1 + report
10 15/5/2012 Students' presentation  
14 12/6/2012 Students' presentation Milestone #2 + report
  Mid August Final Submission Final report

See the Guidelines for more information about what is expected at each stage.

Grading

Grading of the final submission will be determined with the following criteria in mind:

  1. Subjective evaluation of creativity and quality
  2. Planning and milestone reporting
  3. Fulfilling the self-defined plan and schedule
  4. Quality of class presentations

Examples of past workshop project