CSCI 545 Project | Adwait Nadkarni

CSCI 545 – Mobile Application Security

[Overview] [Syllabus] [Schedule] 545 Project

This course project requires that students execute research in mobile application security, or computer/network security in general with a mobile component, and is only meant for students registered for CSCI 545 (i.e., the MS-level class). By completing the project, students will learn to think critically about security problems and solutions. All solutions have limitations, and understanding the ramification of these limitations is critical to understanding the security of an environment.

The course project milestones mimic the steps required to create a conference-quality paper submission. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Project teams may include groups of up to three students; however, groups of greater size will be expected to make greater progress. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project paper and demo.

Project Grading

The research project is out of 200 points distributed as follows:

Milestone 1: Project proposal 5 points
Milestone 2: Related work 20 points
Milestone 3: Research Plan 60 points
Milestone 4: Abstract/Intro 15 points
Milestone 5: Final written paper 100 points

Milestone 1: Project proposal (5 points)

The purpose of this milestone is to settle on 1) a project idea/area, and 2) a project team. While the specific project may change slightly during the course of the semester in response to the related work survey and implementation/experiment findings, it is important to have a strong direction. Projects can be in any area of systems security, but must be approved by the instructor. Example project areas, in conjunction with the mobile security aspect, include:

cloud computing
hardware improvements for security
operating system security enhancements
program security mechanisms
web browser security
smartphone security
IoT security
network security
privacy

For ideas, students are encouraged to browse the last several years proceedings of USENIX Security (2022 program), ACM CCS (2022 program), IEEE Security and Privacy (Oakland) (2022 program), ISOC NDSS (2022 program), and ACSAC (2022 Program). Each team will upload the project proposal (i.e., 5+ unique project ideas) before the specified deadline, and then meet with the instructor on the specified date. Your grade on this milestone will depend on the team’s ability to decide on at least one good project idea during this meeting with the instructor. I highly recommend having 5+ unique project ideas (not slight variations) for this meeting.

Milestone 2: Related Work (20 points)

One of the most critical and often overlooked portions of a research project is a sufficient investigation of related work. For this milestone, you will write a related work section. (refer to the course slides for what makes a good related work section). When formatting your related work, use the provided template. Include your title and an abstract on the first page. Do not change the font size, margins, or any other formatting.

To receive 15 of the 20 points, the related work must be at least two full columns of text (using the provided template) and contain at least 30 citations. Websites (i.e., not academic work) count as one-half a citation. The remaining 5 points will be based on the quality of the document, including the writing, quality of citations, number of missing well known citations, etc. Going well beyond the minimum 30 citations will help achieve the full 20 points for this milestone.

What to turn in: compressed archive (lastname-relwork.tar.gz or lastname-relwork.zip) of the related work containing the .pdf, .tex, and .bib files for the document.

Note about files: Only .tar.gz, and .zip files will be accepted. Filenames must follow the lastname- convention. If more than one student is on a project, the file name should have the prefix lastname1-lastname2-, where the lastnames are in alphabetical order. The paper must be written using LaTeX and citations must be managed in one or more .bib files using BibTeX. Failure to comply with any of these file format and naming requirements will result in an automatic five point deduction from the milestone grade.

Milestone 3: Research Plan (60 points)

At this point, you have identified a problem and have at least a vague idea of your solution. A solution idea is of little value if it is not evaluated. For this milestone, you will report on how you plan to evaluate your solution idea. You must describe the following:

Problem Statement (5 points): A short description (one paragraph of less) of the problem you trying to solve. Note that the problem may have been refined from previous milestones. If there are significant changes, please discuss with the instructor.
Solution Idea (5 points): A short description (one or two paragraphs) of how you propose to solve the problem. If the goal of your project is an empirical evaluation of some sort, name this section “Study Goal.” Note that the solution idea may have been refined from the previous milestones. If there are significant changes, please discuss with the instructor.
Threat Model (10 points): A description (at least several paragraphs) describing the security assumptions for your solution idea. A good threat model should describe: (a) who is the adversary, (b) what are the goals of the adversary, (c) what are the capabilities of the adversary, and (d) what is the trusted computing base (TCB). Note, when describing the adversary capabilities, if is often useful to describe assumptions of what the adversary cannot do (e.g., does not have physical access to a device).
Research Questions (15 points): A list of at least three (more desired) research questions that inquire about the problem and/or solution idea. Research questions should be specific, concrete, and unambiguous questions. For example, research questions may inquire about protection against specific threats, performance overhead, scalability, and usability.
Methodology (5 points): A high level description of how you plan to answer the research questions. For example, a project might design and implement a protection and then empirically evaluate the protection in some way.
Evaluation Plan (20 points): A description of how you plan to answer the research questions. The evaluation plan may mirror the research questions, or multiple research questions may be answered by a single part of the evaluation. The proposed evaluation may be split into both the design and a more formal evaluation section. In system security research papers, the design section often provides a form of evaluation by describing how the solution defends against potential attacks. If possible, a security evaluation section should summarize the defense against the threat model. Systems security papers also have more formal evaluation sections that consist of several experiments. For each experiment, you should describe: (a) experimental setup (e.g., hardware, software, and datasets used), (b) specific measurements and metrics you plan to use, and (c) what constitutes success.

Modify the research plan template for this milestone.

What to turn in: PDF of the research plan (lastname-plan.pdf).

Note about files: Only .pdf. Filenames must follow the lastname- convention. If more than one student is on a project, the file name should have the prefix lastname1-lastname2-, where the lastnames are in alphabetical order. The paper must be written using LaTeX and citations must be managed in one or more .bib files using BibTeX. Failure to comply with any of these file format and naming requirements will result in an automatic five point deduction from the milestone grade.

Milestone 4: Abstract/Intro (15 points) (Included in Final paper, no separate submission)

The abstract and introduction are crucial to a paper. This is where you motivate and pitch your idea and present the high-level results. See the class slides for what makes a good abstract and introduction. Modify the related work template for this assignment. The abstract/intro document should be between 1 and 1.5 pages using this format.

What to turn in: PDF of the abstract and intro (lastname-intro.pdf).

Note about files: Only .pdf. Filenames must follow the lastname- convention. If more than one student is on a project, the file name should have the prefix lastname1-lastname2-, where the lastnames are in alphabetical order. The paper must be written using LaTeX and citations must be managed in one or more .bib files using BibTeX. Failure to comply with any of thee file format and naming requirements will result in an automatic five point deduction from the milestone grade.

Milestone 5: Written Final Project (100 points)

The written version of the final project is a conference-quality report, consisting of 8–10 pages (not including references), 1-inch margins, two column, 10-pt font. Modify the final paper template for this assignment.

Suggested outline:

Abstract (around 200 words)
Introduction (includes references to highly-relevant related work, i.e., state of the art for the problem you are trying to solve)
Overview of Approach (a nice and accessible “English” description of your approach)
Protocol/Architecture/Design/…
Evaluation (don’t forget to interpret your data)
Discussion (discuss some of the important simplifying assumptions, and suggest possibilities for future work)
Related Work (“somewhat related” work goes here; directly related work goes into the Introduction)
Conclusions (don’t summarize your work here. That’s what the abstract was for. Instead provide some philosophical ruminations of your work and future possibilities, i.e., conclusions that you have arrived at as a result of your work.) References

What to turn in: PDF of the final paper (lastname-paper.pdf).

back to the top