The goal of this assignment component is to prepare you with a typical research experience in the software and systems security area.

Details

A typical software and system security research project consists of one to three components:

  • Find a vulnerability type in a software system, AND
  • Choose to develop either
    • a defense mechanism, OR
    • a detection algorithm, OR
    • Both.

To qualify as a research project, at least one of the above-mentioned component needs to be novel. Here are some perspectives you can use to argue about novelty:

  • a new vulnerability type,
  • a new way to defend against an existing vulnerability type,
  • an optimization (e.g., performance, efficiency, etc) to an existing defense mechanism,
  • a new approach to detect an existing vulnerability, or
  • an optimization (e.g., scalability, accuracy, precision, efficiency, etc) to an existing detection mechanism.

A good source of inspiration are recent papers published on top academic venues, such as the USENIX Security Symposium, ACM CCS, IEEE Symposium on Security and Privacy, and NDSS Symposium.

One particular type of paper you might want to look into are Systematization of Knowledge (SoK) papers. As the name suggests, these papers are survey papers in nature and summarizes one particular research area extremely well. This is your shortcut to state-of-the-art works in one particular topic. A collection of SoK papers can be found here.

Your task for this assignment is to

  • define a novel research project and
  • execute it to the fullest extent possible within this term.

Deliverables

You should email your topic proposal and write-up to the instructor(s) for submission.

  • Topic Proposal: Your topic must be approved in advance by the instructor. This is done by submitting a title and an abstract (one to two paragraphs) to the instructor via email. Technically, you may submit the proposal at any time before the due date of the project. However, the sooner you submit the proposal, the sooner we can help you polish the idea and shape your research project, so it is highly encouraged for you to submit the proposal as early as possible.
  • Project Write-up: Your write-up should include a summary of existing work on your topic, as well as how your approach differs from them (i.e., the novelty bit). In the scenario where the whole project is not finished within this term, your write-up should clearly highlight the steps forward and how you plan to complete the project after the term ends.

There is not specific format for your write-up to follow. It can be either a paper or a deck of slides or just free-formed text. It is the idea and project execution that are more important, not the formalities.

Grading

Grading of the mini research project will be based on

  • novelty of the idea
  • completeness of execution

Team-up

This is, in principle, an individual and independent project so forming a team and submit a single project write-up as a team is discouraged.

However, You can still team-up with your classmates if you work on related topics and are encourage to share ideas, concepts, and code pieces (even across teams). If you do so, remember to articular in the write-up on each team member’s contribution as you will be evaluated individually.