This material is for graduate students and undergraduate students doing “contract honors” for this class only. Undergraduate students who are not seeking honors credit do not need to do the research activities (including the research component of the project).
Research activities are divided into two parts: single paper reviews with provided papers, and a self-directed research paper on a topic of your choice. For general background into standards and practice of research in computer security, see the Research in Computer Science and Computer Security overview.
For part of this course, you will be given current research papers to read and review. In general, you will be given 2 weeks to read these papers and consider the results, and write a 1-2 page summary of each paper.
In your review, you should (briefly!) address the following issues:
These points should be clearly woven into a narrative report – don’t make a bullet list or answer these as if they were individual questions! In your review, remember that everything you write should be your own words, so don’t copy any text (including conclusions) from the paper.
Report due Wednesday, Sept 9: E. Fernandes, J. Jung and A. Prakash, “Security Analysis of Emerging Smart Home Applications,” 2016 IEEE Symposium on Security and Privacy (SP), pp. 636-654, doi: 10.1109/SP.2016.44.
Report due Monday, Sept 21: J. Ma, W. Yang, M. Luo and N. Li, “A Study of Probabilistic Password Models,” 2014 IEEE Symposium on Security and Privacy, pp. 689-704, doi: 10.1109/SP.2014.50.
Report due Monday, Oct 5: D. Lehmann, J. Kinder, and M. Pradel, “Everything Old is New Again: Binary Security of WebAssembly,” in 29th USENIX Security Symposium (USENIX Security 20), Aug. 2020, pp. 217–234, Online.
All students will select and complete a hands-on independent project exploring a topic covered in class, which is a hands-on exploration of some applied tool or technique – see the project page for basic information on that part of the project. Graduate students and honors students will also complete a research component to their project. The final deliverable for this part will be a separate research-focused report that summarizes state-of-the-art research in an area of interest to the student. While this can be completely independent of the basic class project, students are strongly encouraged to pursue the same topic (at different levels) for the two components of the project. For example, while exploring a well-established fuzzing tool, like AFL, is acceptable for an undergraduate-level project, for the graduate-level project you could get a research-level fuzzing tool that was made as part of a published research study and made available. Then your report would include not only the hands-on experimentation with the tool, but also a report summarizing the research contributions of the work.
For the research component of the project, after selecting a topic you will locate research papers to read to learn about current research in that area, and then write a paper summarizing current state-of-the-art research related to that topic. To keep this “state-of-the-art,” your primary references should be publications from within the past five years. If at any point you are uncertain about what is expected, or if you would like some guidance, please contact me – don’t just make guesses about what you should do! The major “project milestones” will all include part for the research component of your project, explained more fully below.
Topic selection (due Monday, Oct 26): Submit a basic description of your project topic in Canvas by October 26, along with your “basic project” topic selection. All I need is a very brief (couple of sentences) description of your project research component, but if you want to provide more information then I can give you feedback on that.
Progress report (due Monday, Nov 16): By the time of the progress report your project should be pretty well investigated, meaning you’ve collected and read the main reference papers, and thought through what you’re going to write about in your report. You should turn in a progress report that contains a basic introduction section to your project report (this should describe the topic you’re studying at a high level and describe what you will be giving details on), as well as an outline of your report and a list of bibliographic references that you plan on using. You need at least two solid references (peer-reviewed conference or journal papers). Make sure you use appropriate citation styles (including full conference/journal names, dates, and page numbers).
The progress report is graded, and counts for 20% of your overall project grade. However, the most important part of the progress report is that I will provide comments and suggestions in Canvas soon after you submit it. This is where I tell you if you are going in the right direction, and give suggestions for things you should include for a good final report. You can turn in your progress report at any point, and I will provide feedback promptly. You are encouraged to turn in your progress report before the deadline so you can get early feedback on the direction you are taking!
Final report (due Friday, Dec 4, 3:30 PM): Your final report is due at the scheduled final exam time.
This is intended to be a research oriented project, not a technology description. A topic which describes a product or system but without any significant underlying research question is not appropriate. For instance, a report on IPsec isn’t appropriate, but a report on how security protocols are analyzed using IPsec as an example would be good.
Keep in mind that this is a computer science class, and technical depth is important. Formulas, theorems, proofs, and analysis are certainly important and should be included as appropriate. Since this is a research topic, it’s also important to think about (and write about) what questions are left unanswered by the current research that should be investigated (“open problems”). As for the length of the paper, something around 10 pages (11 or 12 point font, single spaced) should be enough to cover the important parts. There’s no need to try to write about everything that’s out there related to your topic.
Remember that the writing should be entirely your own – it is not acceptable to copy text from a paper or the web. My general advice to people is this: Investigate and read as much about the topic as you can until you really understand it, taking some light notes. Then you should know the topic well enough to put aside all your references, and do the writing without looking at the original material. That ensures that the writing is coming from you and not the reference material.
The following are some of the leading security conferences, and provide excellent material (there are, of course, other good quality conferences and journals, but these are the best places to start). Note that while most recent papers are “open access,” some are only available to subscribers. UNCG has subscriptions to all these sources, so they should be accessible from on-campus computers, or through the UNCG Library Proxy.