Introduction to Security
The Final Project
Overview
We have covered a plethora of security topics in this class. For the final project in the class, you will delve
into a current security issue of your choice.
Outcomes
My hope of this final project is that you will:
- Specialize in a current security issue of your choice
- Gain hands-on experience in the field
- Demonstrate technical knowledge
- Communicate clearly to a community
- Practice writing
History
There is a very rich history of past projects in this class including:
An archive of past final projects is available at http://www.cs.tufts.edu/comp/116/archive/.
Instructions
For this final project, you must:
- Provide a detailed outline
- Write a paper, 6 pages maximum
- Provide your own supporting material that complements your paper
The Outline
An outline is an important part of a CFP (Call For Papers) submission to a major conference, and it will make or
break submission. A good read on how to make your CFP and your outline stand out: https://www.defcon.org/html/links/dc-speakerscorner.html#nikita-cfp.
The Paper
The following are the guidelines for the paper:
- Required sections of paper, in the following order:
- Abstract
- Introduction
- To the Community - Why did you choose this topic? Why is this important
to know? This section must be immediately after the Introduction.
- Background information, details, drum roll, etc...
- One of the following before the concluding paragraph:
- Action Items - In your own words, what do people need to do
about the subject matter?
- Defenses - Recommended if you work is attack-oriented. In your
own words, how do you defend against the subject matter?
- Applications - Recommended if your work is more theoretical. In
your own words, how can you apply your subject matter to the real world?
- Conclusion or Summary
- References - You must use at least five (5) high-quality references.
The Supporting Material
Along with your paper, you must produce a supporting material for your paper. Options:
- Source code. This can be a demo, an exploit, a new security tool, an extension to an existing security tool
or product, a script, a proof-of-concept, or an analysis of the source code. You can use any programming
language and there is no requirement for lines-of-code that you have to write. Any source code that you
write must be made public on GitHub
- A video. Must be at least five (5) minutes long.
- A conference presentation slide deck in PDF format on your work and findings. Imagine you are giving a
45-minute talk at a major security conference.
IMPORTANT: This supporting material must be made publicly available.
Ideas
Unacceptable Ideas
- Some
junk hacking
- Modding a video game console
- Anything pertaining to glitches
- Securing WordPress
- Any general and broad paper on Bluetooth vulnerabilities
- Any general and broad paper on ransomware
- Any general and broad paper on the insecurities of the Internet of Things (IoT)
- A paper pertaining to cryptocurrency
- A paper on the blockchain and how it will change the world
Assessment and Rubric
Your final project will be graded on the following:
- Paper (75%)
- Abstract (5%; see below)
- Outline (5%; see below)
- Content and structure
- Language
- References
- Knowledge and wisdom
- Community service
- State-of-the-art
- Supporting Material (25%)
See http://www.giac.org/media/certifications/gold/gold_rubric.pdf for the rubric I will use
for grading the paper
Deliverables
- Abstract (Due on Sunday, March 14th at 11:59 PM PDT). Your abstract shall not exceed 250
words. In-line submission on Canvas only. Token and grace period does not apply for final project
deliverables.
- Detailed outline of your paper,
including title and
some references (Due on Sunday, April 11th at 11:59 PM PDT). You must also provide an idea for your supporting material. Only PDF, TXT, DOC, or DOCX
will be accepted. Token and grace period does not apply for final project deliverables.
- Your entire final project (Absolute Deadline on Wednesday, May 5th at 11:59 PM PDT). No submission will be accepted after 11:59 PM and you will receive a 0 for the final
project!
Bonus
Should your final project is published to a Cyber Security or tech magazine or journal, or is accepted to a major
security conference including HOPE in July (bi-annual), DEF CON, BSides, USENIX Security, DerbyCon, O'Reilly
Security, etc., I reserve the right to change your final grade.