CS591 Student Semester Projects

• Please prepare a project web page, project.html, with the title, names of the team members, abstract, and related references. Save it in your cs591 personal web site on viva. See an example by John Magby. http://walrus.uccs.edu/~jmagby/cs591/project.html
• Email me the url by 9/24.
• You are asked to give a 10 minutes semester project presentation on 12/6 and 12/8.
  Based on the topics we will group the presentations into two sets for those two days. The schedule of the presentations will be annonced 11/30.
• Deposit your presentation/report/source code (if any) in http://cs.uccs.edu/~cs591/studentproj/projF2010/<login>/doc directory using http://blanca.uccs.edu/~cs591/cgi-bin/upload.php via UCCSVPN
• Email me the url of the presentation two days before your scheduled presentation date. I will help revise it.
• Please use present.ppt or present.pptx; report.doc or report.docx, or report.pdf for the presentation and report filename. It will simplify the referencing of these documents in project web page.
• You are asked to submit a semester project report 10-20 pages (IEEE/ACM conference format), due 12/10.
• Here are sample templates for the reports. You can also choose to use one column format if your diagrams are difficult to fit in two column format. Some will put those detailed diagrams at the end of the paper and make the section as single column.
  • CEIDPFormat-1.doc
  • MSW_USltr_format.doc

F2010 Semester Project Presentations:

12/6 Monday

• Mod_Security (Is it worth it?) by Rich Helton
• State of RFID Security, by Robin Kimzey & George Mudrak
• Wireless Network Security, by Michael Clonts

12/8 Wednesay

• Power of OSSEC, by Donovan Thorpe.
• Vulnerability Scanning, by Greg Williams
• New Computer Security Threat, by Ehab Ashary
• Cloud Security, by Troy Hitchison.
• Cloud computing is your information secure, by Beaula Navarman.
• Stuxnet Malware Attribution, by Mike Albright
• Defense information assurance certification & accreditation process (DIACAP), by Chris Cabuzzi
• Electronic Voting (E-Voting) An introduction and review of technology, by Larry Brachfeld
• IPv6 Security, by Rod Lykins

F2009 Semester Project Presentations:

12/7 Monday

• Breaking the Substitution Cipher with Dominant Gene Genetic Algorithmsm Michael Hausman and Derrick Erickson
• RSA encryption & Freqency Attacks, Brandon Crowther.
• Realization of Flexible Mandatory Access Control (MAC) Protection Mechanisms in Modern Operating Systems - SELinux, Jeffrey H. Jewell
• SELinux using SLIDE, Shane Jahnke
• Unlocking the Power of SELinux by Utilizing the CDS Framework IDE, Ben Stroud
• Code Access Security in the .NET Framework, John Magby.

12/9 Wednesday

• X.509 Public Key Infrastructure(PKI) using Microsoft .Net Framework's Windows Communication Framework (WCF), Paul Cormier.
• Security Issues in Multi-hop Wireless Network Routing Protocols, Philip Huynh
• Elliptic Curve Cryptography|keeping smart grid secure, Terry Spence.
• AMI/AMR Security, Raymond Cordova
• Exploring the WebScarab Intercept Proxy, Chris Shuster
• SQL Injection, Nicole Gray, Cliff McCullough, and Joe Hernandez
• Techniques, architectures, and exploits of wireless networks of PCs and Mobile devices, James Logan and Michael Menozzi.
• An Overview of Intrusion Detection using Soft Computing, Palden Lama and Archana Sapkota
• Automatic Detection of Zero-Day Worms, Mike Kopps
• Subnet Flooding Detection and DDoS Defenses, Mounika Namburu and Lan Nguyen
• WCF security mechanism support the confidentiality and integrity basic services, Phillip Sanchez-Vasquez
• The Secure Use of Open Source PHP, Abdullah Almurayh
• Digital Steganography, Jeff Hinson.
• Steganography Analysis, Jason Liptak

• ---

F2008 Semester Project Presentations:

12/8/2008

• Applying Military Doctrine to Formaulate iCTF Stratgey, by Rick White.
• Securing Careless Security Flaws: A Focused Analysis of the International Capture the Flag Virtual Machines, by Nadine Sundquist
• Single Sign-on with Kerberos, by Chris Eberle, Ryan Thomas, Kim-Lan Tran, RC Johnson
• Overview of Insider Attacks, by Joe B. Taylor.

12/10/2008

• Symmetric key encryption performance analysis, by Tony Nguyen
• Hospital Automation using RFID Technology, by Gustavo Florentino
• XACML (eXtensible Access Control Markup Language), by Ganesh Godavari and Craig Peltier
• Web Application Security Made Easy with JBoss, Seam, and Hibernate, by Chris Anderson
• JBoss Application Server Implementing Select Security Features, by Jeff MIller
• Single Sign-on Writ large: OpenID, by Idaho Edokpayi.
• SELinux, by Jeff Kidder

S2007 Semester Project Presentations:

5/2/2007

• Ankur Chattopadhyay, "A METHOD FOR IMPLEMENTING PRIVACY-PRESERVING SECURITY SURVEILLLANCE BY APPLYING CRYPTOGRAPHIC TECHNIQUES ON A REAL-TIME EMBEDDED DSP FRAMEWORK".
• Brigette Wilson, "Move over DITSCAP… The DIACAP is here!"
• Samarpita Hurkute, Kunal Bele, Shin Nam, Saroj Patil, Chuck Short, Rajshri Vispute, "Apply DITSCAP to Evaluate a PTC based Secure E-Voting System".

5/7/2007

• Corey McClurg, "SELinux: Security Enhanced Linux"
• Justin Pohlmann and Allen Liu, "Enhancing PTC based Secure E-Voting System"
• Jason Devries, Heidi Parsaye, Roxanne Isle, "OS Hardening"
• Jerry Usery
• Clinton Triou,
• Stephen Roux
• Dennis Ippoliti
• Nicholis Bufmack
• Baswell Michael
• Brad Baker

S2007: Potential Project List
Choose your project by 2/15. Create a project web page with title, team member names, short description in your personal CS591 web page. Email me the url. You can work alone or choose to work as team (2-3 members depending on the scope). I can help you select the project and decide its scope.

• Boeing Expert Mentored Projects:
  
  
  • DoD Information Technology Security Certification & Accreditation Process (DITSCAP)DITSCAP. Rajshri Vispute, Saroj Patil, Chuck Short, Brigette Wilson, Shin Jung Nam, Samarpita Hurkute.
    DoD Information Assurance Certification and Accreditation Process (DIACAP) is a new process that improves/replaces the . This project is to analyze the two documents and summarize the differences. http://iase.disa.mil/ditscap/
    
    Project Description from Mr. Ismael Rodriguez of Boeing.
    

    Background:   The Defense Information Technology Security Certification & Accreditation Process (DITSCAP) document describes the requirements and instructions on how to take a US government automated information system/network through a certification and accreditation.  This process involves security evaluations, threat assessments, security penetration tests, and risk mitigation of large communication networks and its components.  This DITSCAP regulation is being replaced by a new Defense Information Assurance Certification & Accreditation Process (DIACAP) document.  This new document involves new processes and requirements that should simplify C&A efforts, make them more consistent, shorten the time for evaluation, reduce the paperwork required, and implement an interoperable scoring system for use by all government systems being accredited.

    Task description:  Search for DITSCAP and download the desired parts of the document.  Take a small network system (perhaps a private network within UCCS labs) through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and finally draft related documentation.    Maximize use of diagrams and tables to simply information for presentation.

    Deliverable:    The final report must include the completed System Secutiry Authorization Agreement (SSAA) document required by the DITSCAP regulation, as it applies to the selected target network (the one being certified).  During presentation of the final report, the audience needs to clearly understand your findings and rationale in dealing with threats/vulnerabilities mitigation for each applicable section of the SSAA.
  • Related literature:
    • www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt
    • http://www.i-assure.com/
  • Indepth OS hardening (VxWork, Linox): Kunal Bele?
    
    Project Description: Security Hardening of 4 most popular Operating Systems (OS)

    Background:   Most popular OS systems software in use today, were designed with some Information Assurance in mind.  Many of them have adequate security features and capabilities.  However; their default configuration is wide-open with most security not-enabled when installed in operational environments.  This leaves the applications and networks using these OS systems exposed to attacks by computer hackers and unauthorized access to their resources. 

    Task description:   Select the 4 most popular OS systems (Windows VISTA, VxWorks, Red Hat and LinxOS) for this analysis.  Investigate and document the secure hardening procedures that best apply to each OS.  Describe the pros and cons of enabling each one of the available security features.  Also describe any security capabilities that are obviously missing from a particular OS.

    Deliverable:    OS Secure Hardening report with analysis of tables and comparisons that can be used by IA and IT professionals to quickly configure and ensure OS security is properly enabled.

  • Safty Engineering Analysis: Many life/mission critical systems (military/health/traffic control) have testbed and real production systems. This project will evaluate the probability of system failure due to the malfunction of a component and provide safeguard mechanisms.
• E-Vote: Electronic Voting System. Justin Pohlmann,
  • Develop an E-Vote system based on Brett Wilson’s Pailliar Threshold Cryptography web services. His 1/11/2007 master project defense viewgraph here.
• Homomorphhic property: It can tally the votes without decrypting the votes. E(M1+M2)=E(M1)*E(M2).
• It distributes private key share among n users and requires the key shares of t (threshold) users to decrypt the tally.
• In this project, you will learn about GMP library, MS cryptography API,
• Create or improve components of such a system, e.g.,
  • verify voter identify,
  • make sure a person's vote only count once.
  • create software to distribute ballots, collect encrypted votes, and to report voting results.
• SELinux Related Research Projects: Roxanne Ilse

• Those listed http://oss.tresys.com/projects. Learn these open source projects/tools and demonstrate their capabilities:
  • CDS Framework IDE : an open source IDE that provides an easy-to-use language specifically designed for cross domain solution developers
  • Certifiable Linux Integration Platform (CLIP) : a toolkit for creating a secure computing environment suitable for hosting U.S. Government applications
  • Reference Policy : makes it easier to maintain and apply baseline security policy for Security Enhanced Linux (SELinux)
  • SELinux Policy IDE (SLIDE) : an open source tool to aid in the development and customization of SELinux policies for applications, services, and other secure Linux based solutions. Integrated Development Environment for policy – Eclipse plugin, integrates with reference policy
  • SETools Policy Analysis Suite : SETools is a suite of open source tools that allow a policy developer or tester to perform detailed analysis and debugging of an SELinux policy
• SEEdit, http://seedit.sourceforge.net – Policy editor with simplified policy language, GUI
• Polgen, http://www.mitre.org/tech/selinux – Policy generation tool based on pattern recognition
• SETools, http://www.tresys.com/selinux – Policy analysis tools
• Reconciling differences in policies between SELinux systems
• Extending management to collections of SELinux hosts, including support for local variations and policy splitting.
• Policy management for Xen policy (shared toolchain).
• Coordination with guest policies.
• Demonstration of SELinux Policy and its capability using virtual machines on various network services:
  • Web Server (Apache, Tomcat, SunAP)
  • Email (SMTP, IMAP, POP)
  • DNS
  • Database (MySQL)
• OS Harden project. http://viva.uccs.edu/wiki
• Security Incidence Handling. Nicholis Bufmack (Efficient Scanning of File Systems after break-in).
  Procedures/Tools to assist the handling of security incidence such detection of break-in (admin password got stolen/guessed), discovering of trojan, while system still needs to be maintained, similar to the final week incidence 2006.
• SCOLD: Secure Collective Network Defense Develop new Internet protocols for supporting multiple path connections and defending against DDoS attacks.
• SGFR: Secure Groupware for First Responder. Develop efficient secure instant messaging systems based on efficient group key distribution and open source jabber system,                                                          
• IMPACT: Improve Measurable Performance Against Cyber Threats:  Joint proposal with Drs. Zhou. Develop techniques that utilize indirect routing, efficient intrusion information fusion and enhanced differentiated services on both servers and routers for enterprise cyber defense.
• Secure Information Sharing. Develop tools and techniques for supporting large scale secure information access/notification among multiple agencies.
• Secure First Responder Sensor Networks: Develop secure sensor software for supporting the deployment and tracking of first responders under terrorist threats.
• Explore Metasploit Framework version 3 and identify why it can not use LSASS exploit on unpatched WinXP as version 2.4 can.
• Buffer Overflow on PSP Game Device, Shadwin Harder
• Scanning Systems

F2005:
Please deposit the presentation at http://cs.uccs.edu/~cs591/studentproj/projF2005/<login>/doc directory and email me the url (test it to see if it can be accessed from a browser).

December 12/5 Monday Presenters(Email me the url by 12/3 6pm; I will help revise it).

1. Games Hardening/Designing for Anti-Cheating, Jason Cook and Michael Rudolph.
2. BufferOverFlow Attack and Defense?, Frank Gearhart.
3. Metamorphic Viruses, Patrick Walpole
4. BIDE: Behavior Intrusion Detection Enhanced, Hakan Evecek and Rodolfo Oritz Magdaleno
5. Secure QoS Unified Access, Francisco Torres, Sujeeth Narayan, Ankur Patwa
6. Computer Forensic, Ricardo Torres.
7. C3S: Cryptography & Steganography Securing System, Osama Khaleel
8. Man in the Middle, Is your wireless connection secure, Paul Box, Will Lefever, Bea Wilds.

December 12/7 Monday Presenters(Email me the url by 12/6 12pm; I will help revise it).

1. Wireless Sensor Network Security, Lindsey McGrath and Christine Weiss.
2. iCTF Planning, Justin Gray and Mike Gerschefske
3. One of the following: "+ Worm Propagation and Network Activity Visualization
   + Adaptive Techniques for Network Attacks
   + Cellular Automata and Worm Propagation
   + Steganography with MPEG," Adrian Johnson.
4. Steganography with Music, Voice Channel, Sarah Wahl, Sarah Summers and Nick Sterling
5. Stego-SIRDS, Bill Bahn
6. Software Watermarking: Deterring Software Piracy, Beaux Sharifi
7. Secure SIP phone using JCE, Guozhi Fu
8. Honeypot, Patrick Brennan.
9. Hacking Automotive Technology: Is Your Car Safe? Jeramie Reese and Candice Sonchar.
10. The Worm Work For You, Matt Weaver
11. Securing Online Banking, Ben White.
12. IDS Used Within Satellite as a Sensor, Doug Hang
13. Multipath Routing: Proxy Selection, Joseph Laconte

Potential Projects:

• Nelson, David B., "Hard Problems in Information Security," March 17, 2004. Available online at: http://www.itrd.gov/about/presentations_nco/2004/20040317_irc_dnelson/20040317_irc_dnelson.pdf
• IRC Hard Problems List, July 2005. Available from the InfoSec Research Council (IRC) at http://www.infosec-research.org/contact.html.
• Criste, Frank, "Implementing the Global Information Grid (GIG) - A Foundation for 2010 Net Centric Warfare (NCW)," May 18, 2004. Available online at: http://www.ndia.org/Content/ContentGroups/Divisions1/International/CRISTE.ppt
  

• Homeland Security Related Projects:

  • SCOLD: Secure Collective Network Defense
    • Project Goal: Develop new Internet protocols for supporting multiple path connections and defending against DDoS attacks.
    • Status: A prototype called SCOLDv0.1 was developed with Enhanced Bind9 DNS server and Client Resolve library, Proxy based Indirect Routing Protocol for support the establishment of proxy based multiple path connections.
    • Publications: Globecom2004, Yu Cai's Ph.D. dissertation on proxy based multipath connection, Frank Watson's ENHANCE TCP PERFORMANCE WITH MULTIPLE PATH ROUTING master thesis.
    • Short term project: create another SCOLD node at AFA IA lab and experiment with wide area multipath striping for Internet connections, including VOIP.
  • SGFR: Secure Groupware for First Responder
    • Project Goal: Develop efficient secure instant messaging systems based on efficient group key distribution and open source jabber system,
    • Status: A prototype was developed that utilize Keystone and Jabber system, supporting wireless IPAQ PDA and Laptop users.
    • Publications: CCCTN2005 (withdrawn)
  • IMPACT: Improve Measurable Performance Against Cyber Threats. Joint work with Drs. Zhou and Boult.
    • Project Goal: Develop techniques that utilize efficient intrusion information fusion and enhanced differentiated services on both servers and routers for enterprise cyber defense.
    • Status: A prototype called Autonomous Anti-DDoS (A2D2) was built with enhanced Snort subnet flooding detection and adaptive firewall. An adaptive server cluster prototype based on proportional differentiated service was built.
    • Publications: NSF CyberTrust 2005 proposal
  • Secure Information Sharing
    • Project Goal: Develop tools and techniques for supporting large scale secure information access/notification among multiple agencies.
    • Status: SISv0.1 was built with an enhanced LDAP system as role-based (Attributed Certificate based) privilege management infrastructure and integrated with an enhanced Apache Mod_ldap module for secure web access among multiple agencies.
    • Publications: SAM2005, Patricia Ferrao's Secure CoWebrowser master thesis, Merlin Vincent's ESI Extensions for Web-based Collaboration master thesis.
  • First Responder Sensor Networks
    • Project Goal: Develop sensor network protocol/software for supporting the deployment and tracking of fire fighters.
    • Status: Software module based Mica2 motes and TinyOS/TinyVize are being built.
    • Publications: QDotSBIR report2004

  Wireless Security Related Projects:

  • Design and Analysis of PEAP and TTLS Secure Wireless Access Protocol. Master Thesis by Nirmala Bulusu.
  • Rogue Wireless Traffic Detection and Avoidance. joint project with Dr. Mark Wickert ECE.
  • Secure Mobile Ad hoc Access Protocol
    • Project Goal: Develop secure efficent wireless protocol for managing access control and efficient algorithms for detecting compromised nodes.