CSE543/Fall 2006 - Course Project Assignments

Below are the options for projects in CSE 543 in the Fall 2006 semester. The idea is to review the information available regarding the projects to select a choice by 9/14/2006. The projects will be performed in groups of 3 and the plan is for one group per project. To resolve conflicts, please choose 3 project options which you may be interested in.

We will discuss these projects in class prior to the selection date. If you have any questions, please contact the course TA or instructor (contact information is available at the course homepage).


Topic Background Description People

User-level Password Cracking


vs. XScreenSaver

GDB Tutorial

Cache Miss Channels

Keyloggers use excess authority to capture key strokes. This project asks whether an unprivileged program can be written to capture keystrokes. The idea is to write an unprivileged program that uses the timing behaviors caused by cache misses to detect the keystrokes made during system unlock.




Remote Attestation

Linux IMA.

The goal is to extend the Linux IMA mechanism to support information flow (see PRIMA) and enable privacy (see Bloom Filters) in remote attestation.


Weina Ge

Lu Su

Trust from Secure Hardware

Trusted Computing Group

See Trusted Network Connect

Bootstrap trust in a system's ability to enforce an access control policy based on the secure hardware mechanisms of the TCG TPM. The goal is to construct IPsec certificates that enable a remote party to setup an IPsec channel associating the TPM with the channel.


C-T Su


Playpen Vulnerability Testing


Hardening: Bastille Linux

We aim to build a vulnerability testing environment, called the Playpen, where we can collect information about a system to be tested, configure a compatible VM system on the Playpen, and destructively test that system (e.g., based on CERT vulnerabilities). Would apply to Windows configurations.




Attesting Obligations

Obligation Policy Abstract

PRIMA: Integrity Measurement

BIND: Integrity Measurement

We use attestations to justify the integrity of systems. Integrity means that the system behaves as expected. Here, we look to extend integrity measurement to include the obligations of a system. For example, we want to ensure that one principal (e.g., government) helps another (e.g., fire department) by sharing information under exceptional circumstances. Plan is to attest to bioinformatics properties.



AppArmor Policy Analysis

Novell AppArmor for Linux


Novell is a major Linux distributor (SuSE Linux). Novell's access enforcement service is called AppArmor. In this project, we aim to extend an existing policy management prototype, Gokyo, to perform analyses, such as determining which principals can write a file another principal can execute.


Saurabh Jain


Java Information Flow Browser

Mozilla GECKO Embedding API

Jif JPMail System


Java information flow is a Java language extension for enabling information flow control in applications. Web browser clients have been fraught with security problems. For example, browsers are compromised via phishing attacks to leak secret information and compromised via data-driven attacks to compromise integrity. In this project, we plan to build a portion of a web browser client that enforces secrecy and integrity information flow requirements to prevent such attacks.




MLS Network Control in Linux

Labeled IPsec

Multi-level security

SELinux and MLS

Linux access control was recently extended (in Linux 2.6.16) to support fine-grained control of network communication by labeling IPsec communication channels. Further extensions have been necessary to support full multi-level security (MLS) enforcement. In this project, we will examine how to use these MLS network controls to implement services in xinetd.






Firefox source

Browser Problems: Tahoma VM System

Platform Trust: Shamon System

The GoToMyPc.com service from Citrix claims that you can access your base computer from any computer on the Internet using a web browser client and their service. This approach implies that the web browser client software behaves correctly, so I am curious what changes need to be made to a web browser client to trick a user into believing that s/he is accessing her/his base computer.




"Layered" IPsec

Shamon Architecture

Shamon Initial System

IPsec is a point-to-point protocol that enables the construction of secure communication channels between the two points. Layering of secure communciation is enabled by a "tunnel" mode that permits intermediate points (e.g., gateways) to establish secure communication paths within the complete path. The layering of secure communication is stateless in that the communication guarantees of the tunnels may be independent of the upper layers. However, independent layering is not sufficient for access control, where lower layers (e.g., VM) must be aware of the higher layers (e.g., OS) to ensure correct enforcement. This project will explore mechanisms to enable the network access controls of Linux Labeled IPsec to be extended to enable layering of access control guarantees.




Mobile phone security


Mobile Phones and Linux Paper

Six cell phone companies announced a mobile Linux initiative over the summer. My impression is that the differences between mobile phone systems and typical client systems are diminishing, but this project aims to examine how secrecy and integrity guarantees on mobile phone systems may be achieved and proven to other parties. Leveraging of SELinux and remote attestation are likely.





Xen Security

Xen source (contains policy tools)

sHype Paper

sHype is a reference monitor implementation for Xen consisting of authorization hooks (i.e., where access checks are necessary), an authorization module (ACM), and an access policy model. IBM Research has developed tools for developing and managing policies, so this project will examine: the security afforded by the sHype architecture and how it can be used to setup access control between VMs. As a prototype, we will consider protecting the secrecy and integrity for a user that reads email and generates documents.


Kanishk Jain


Xen administration controls

IBM Research Discussion

sHype Paper

At present, any root process in Xen's privileged VM (dom0) can start, destroy, or migrate any VM. Since different administrative services in dom0 are supposed to implement specific functionality, this coarse-grained control is insufficient. Further, what happens when we need to delegate administrative privileges to user VMs for those VMs that it may create? This project seeks to provide some structure, likely based on role-based access control and/or SELinux, to manage some VM-level functions. We will need to identify administrative operations (e.g., create a new partition), determine how to control (e.g., is it allowed), and define implications to policy (i.e., what operations can be performed on the new partition).




Tresys Brickwall

Tresys Brickwall Page.

Research: Distributed Firewall

The goal is to learn to use the Tresys Brickwall beta to setup network security on a system. I expect a security evaluation of the policies that can be setup as well as an evaluation of system features. While Brickwall covers a number of SELinux features we will focus on network management.




CSE 543 - Fall 2006

Last modified: Wed Aug 15 17:59:01 EST 2006