Computer Security Class Project

Project Description

This project provides an opportunity for you to apply the concepts and techniques you've learned this semester, and is intended to challenge your analytical, technical, and creative skills. Whether you're building a security tool, conducting vulnerability analysis, or evaluating security research, this project will deepen your understanding of computer security.

The amount of work required for the project should be roughly three course labs, and you will have lab time to work with your team on the project.

Team Size:

• 2 members per team (possibly one team with 1, or 3)

Project Options

To cater to a wide range of interests, the project is structured as a "choose your own adventure" experience. You can select from a variety of project ideas or propose your own. Projects can include: building a security enhancing tool, exploiting a real-world vulnerability, or replicating an existing computer security study.

Building a Security Enhancing Tool

If you choose to build a security enhancing tool, you may choose from one of the following or you can propose a tool of your own.

• Build a password manager: Develop a basic password manager application that securely stores, generates, and retrieves passwords for the user.

• Build a Simple Firewall: Develop a simple firewall application that can filter incoming and outgoing network traffic based on a set of user-defined rules.

• Develop a Basic Cryptography Application: Create an application that implements basic cryptographic algorithms for encrypting and decrypting text messages.

• Create a Phishing Detection Tool: Build a tool that can analyze emails or websites to identify potential phishing attempts.

• Password Strength Analyzer: Build an application that evaluates the strength of passwords based on various criteria such as length, complexity, and the use of common password pitfalls.

• Simple Intrusion Detection System (IDS): Create a basic IDS that monitors network or system activity for malicious activities or policy violations.

• Web Application Security Scanner: Develop a simple tool that scans web applications for common security issues like SQL injection, cross-site scripting (XSS), and insecure file uploads.

• Anti-Malware Software: Create a basic anti-malware application that can scan files for signatures of known malware or heuristic behaviors indicative of malware.

• Command Injection Prevention Tool: Create a tool that simulates a web application vulnerable to command injection attacks and then improve the application to prevent such attacks.

• Security Policy Compliance Checker: Develop a script that checks a system's configuration against a predefined set of security policies (e.g., password policies, firewall configurations).

• Encrypted File Storage Application: Create an application that allows users to securely store files using encryption.

• Propose Your Own Tool: Students propose their own security tool. Subject to approval.

Exploiting a Real-World Vulnerability

If you are interested in a more attack-oriented final project, your goal for this project is to pick an interesting virtual machine (VM) from VulnHub https://www.vulnhub.com/ and try to find vulnerabilities in it. Your grade for the project will be based on what kinds of vulnerabilities you find.

Your grade in this project depends on how interesting the vulnerabilities are that you have found, or how interesting the techniques are that you used to discover those vulnerabilities. For example, obtaining passwords through traditional brute-forcing techniques is not interesting. The general scale of work expected should be comparable to the amount of work involved in building a security enhancing tool (see project above). Much of your work will involve reading and understanding an existing VM, and carefully constructing proof-of-concept exploits to demonstrate the vulnerabilities that you discovered.

Replicating an Existing Computer Security Study

In this project option, you will select an existing research study in the field of computer security to replicate. The goal is to validate the findings of the original study through your own independent analysis and experimentation. This project encourages a deep understanding of the study's methodologies, findings, and implications for the field of computer security.

Replicating a study involves several key steps:

• Selecting a Study: Choose a published study in computer security that is of interest to you and feasible to replicate within the timeframe and resources available. The study should be well-documented, with clear methodologies and findings.

• Understanding the Study: Fully comprehend the study's objectives, methodologies, and findings. This may involve reading the study multiple times, researching the techniques used.

• Recreating the Experiment: Use the same methodologies and data (if available) to recreate the experiment conducted in the original study. This might involve coding, setting up test environments, collecting data, and applying the same analysis techniques used in the study.

• Analyzing the Results: Compare your findings with those of the original study. Analyze any discrepancies or confirmations between your results and the original findings.

• Evaluating the Study's Impact: Reflect on the importance of the study in the field of computer security. Discuss how replicating the study contributes to validating or questioning the original findings and their implications.

Instructions

• Complete all of the work in a Group GitHub repository: https://classroom.github.com/a/acU-T2Si
• Name your group using a combination of the first names of the group members.

There are four concrete steps to the final project, as follows:

1. Form a Group Decide on the project you would like to work on. Discuss the idea with others. Use these discussions to help find other students interested in similar ideas for forming a group. I will provide feedback on project ideas.
2. Project Proposal - Friday March 22nd Discuss your proposed idea with me over the this week, before the proposal deadline, to flesh out the exact problem you will be addressing, how you will go about doing it, and what tools you might need in the process. By the proposal deadline, you must submit a 1-page proposal describing:
   • Your group members list
   • The problem you want to address
   • How you plan to address it
   • What are you proposing to specifically design and implement
3. Write-up and Code - Friday April 26th Write a document describing the design and implementation of your project, and turn it in along with your project's code by the final deadline. The document should be about 1-page of text that helps me understand what problem you solved, and what your code does.
4. Project Presentation - Thursday May 2nd, 2pm Prepare a short (7 - 10 minutes) in-class presentation about the work that you have done for your project.

Project Grading Rubric (Total: 100 Points)

Technical Execution and Complexity (40 points)

• Security Tool Development / Vulnerability Exploitation / Study Replication (30 points):
  • Innovative approach and originality in concept (5 points)
  • Complexity and depth of technical implementation (10 points)
  • Effectiveness and functionality of the final product (15 points)
• Code Quality and Organization (10 points):
  • Readability and documentation within code (10 points)

Project Documentation (20 points)

• Proposal Clarity and Detail (5 points):
  • Clear definition of the problem and proposed solution (2 points)
  • Feasibility and practicality of the approach (3 points)
• Final Write-up (15 points):
  • Clarity and depth of problem description and solution (5 points)
  • Thorough explanation of design and implementation choices (5 points)
  • Discussion of any challenges faced and how they were overcome (5 points)

Teamwork and Collaboration (10 points)

• Effective Collaboration (10 points):
  • Evidence of productive teamwork and division of labor (10 points)

Presentation (30 points)

• Clarity and Organization of Presentation (15 points):
  • Clear articulation of project goals, methodology, and outcomes (10 points)
  • Logical flow and organization of presentation content (5 points)
• Presentation Media (15 points):
  • Slides or multimedia quality (10 points)
  • Live demonstration of working project (5 points)