Project proposals are due February 15. A proposal should be 2-3 pages
long and include the following:
-
Names of team members (at most 2 students per team).
-
Description of the system or network protocol that you are planning to
analyze or implement, or the tool that you will be building or extending.
-
Security properties you intend to investigate.
-
Tools and/or analysis techniques you are planning to use.
-
Clear description of project deliverables. Possible deliverables
are a software prototype, a substantial case study, or, in the case of
a purely theoretical project, proofs (manual or machine-assisted).
Here are some project ideas, but you are encouraged to propose
your own project topic.
- Tackle the Aircloak Challenge.
- Amazon cloud services
- What does Amazon
Inspector do? What are its limitations? Set up a web server
using AI services and show how to break it.
- Develop and demonstrate a side-channel attack on AWS Lambda
(or similar service).
- Build a system that verifies the location and date of photos
posted to social media.
- Analyze security and privacy protections of NYC open municipal data.
Can private information about NYC residents be extracted or inferred
from these datasets?
- Analyze security and privacy of Google's AutoML platform
for building custom machine learning models.
- Investigate the security and privacy aspects of some consumer
device, for example, Oculus, Kinect, or FitBit.
- Develop inference attacks against secure protocols for
computing on genomic data.
- Analyze domain fronting in Signal and develop a technique
for detecting Signal traffic on the network.
- Build a system for censorship-resistant communications that hides
information in BitTorrent or other P2P traffic.
- Does this idea for preventing art forgery seem workable?
What alternatives are there using machine vision, RFID tags, etc.?
- Extend libsignal to natively handle message franking protocols,
as needed for cryptographically verifiable abuse reporting (see
https://eprint.iacr.org/2017/664).
- Reverse-engineer examples of spyware used by abusers in
intimate partner violence.
- Comprehensively investigate algorithmic/computational aspects of some
privacy law or policy (e.g., for financial or educational data).