Final project

Objective: The goal of the projects is to produce high quality research outputs as well as high quality class presentations on the research performed.

Form: Students this project in a group (up to four students). I encourage you to team up as large groups, so that you can get more interesting work done. You need to notify me your group member before working on the project. To do this, please send email to cs5231ta@googlegroups.com with the title ``CS5231 Project Group''.

Topic: A set of research topics are suggested (see below). You can also propose your own topics in which you are interested. However, please discuss with me before getting started if your group work on your own topic.

Components: You are expected to write a project proposal, a progress report, deliver a final report, and give a final project presentation. A well-prepared presentation is necessary since this could be one of your chances to convince me and your classmates how good your project is.

• Project Proposal: The project proposal will serve as your project description. Therefore, it should describe and justify what you intend to do in as much detail as possible, including the platform and software tools you are going to use. It should include a schedule that describes what you intend to accomplish each month leading up to the due date. Your proposal should be at least one full page in length, but no more than four pages (single-spaced, single-column, 11 font size). You should discuss your project idea with me before submitting the proposal. A hardcopy is due in the class on February 13.

• Progress Report: It is expected that you will work on the project every week from the time you turn in your proposal to the day the final report is due. To make sure the project will be proceeded smoothly, I do want you to send me a progress report describing what you have accomplished so far. Note that each group only needs to send me one copy. In the report, you should compare your progress to the schedule laid out in your proposal, and describe any particular difficulties or problems you've encountered. Your progress report should be no more than four pages (single-spaced, single-column, 11 font size). The progress report (in hardcopy) is due in the class on March 12.

• Final Report: You are required to write a final report about the project you have worked on during this semester. The final report should have 12-15 pages (single-spaced, single-column, 11 font size), including a cover page and references. A hardcopy is due before the reading week.

• Final Presentation: At the end of semester, you need to present your project to the class. Each presentation will take about 15 minutes. Be prepared as you might be challenged! We will work out the presentation schedule together later this semester.

Grading Criteria: Be clear that plain summary or introduction papers won't be considered as a good output. However, papers with good (comprehensive and systematic) insight and analysis on the issues are welcomed. The project grade will be based on project proposal (10%), progress report (10%), final report (60%), and presentation (20%). The grading will mainly base on the novelty, solidity, and completeness of the conducted work.

Honor Code: The papers are expected to include your own ideas in your own words. Please do not attempt to cut-and-paste or borrow others ideas without adequate and clear citations. The soft copies of your submissions need to go through NUS's turn-it-in service. For more information about this service and plagiarism prevention, as well as NUS policies on plagiarism, please refer to http://www.cit.nus.edu.sg/plagiarism-prevention/.

Project topics

1. Malicious Code Analysis by Event Interception Malicious code causes damages through the interaction with its environment. For example, viruses delete files via the system call interface. As another example, malware on smart-phones steals contact information by querying the interface provided by the phone OS. Without such interaction, malicious code can do nothing but computation.

   In this project, you are expected to build an event interceptor and use it to analyze the behavior of some malware. You can choose the targeted platform: Linux, Windows, Browsers, Android, or even iPhone (if you can).

   Related resources:
   Janus: An Approach for Confinement of Untrusted Applications
   Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
   Source code of Alcatraz
   Source code of Etrace, the system call tracing utility used by Alcatraz
   

2. Simple Access Control Mechanism in Browser DOM Modern browsers lack fine-grained access control to the JavaScript running inside it. Once a piece of JavaScript is allowed to execute, browsers do not provide further control. In this project, you are expected to intercept access to DOM elements, and for each access to DOM elements, decide whether it is allowed or not according to your rules.

   Related resources:
   Escudo: A Fine-grained Protection Model for Web Browsers
   Source code of Webkit
   Source code of Google Chrome
   Source code of Mozilla Firefox
   

3. Buffer Overflow Attack Diagnosis For a software company, it is very important to quickly respond to newly discovered vulnerabilities of its products. The goal of this project is to assist software developers to diagnose buffer overflow vulnerabilities quickly.

   Suppose we already know a program is vulnerable, and have an exploit input to demonstrate the vulnerability. Our tool TEMU can produce a trace of all instructions executed by the vulnerable program during the attack, but the trace is hard for manual analysis. In this step, you need to create a tool to visualize the trace structure to help developers to diagnose the vulnerability.

   Another direction is to build an interface to allow the programmers to query the system state at certain stage of the program execution without much overhead.

   Resources:
   BitBlaze

4. Reflected XSS Filter in Mozilla Firefox In a cross-site scripting (XSS) attack, malicious JavaScript from user input is returned by the vulnerable web application and executed with the victim user's privilege. One common way to solve it is to deploy a filter in the web browser. In this project, you are expected to study some popular filters such as XSSAuditor, noXSS, IE8 filter. find out their weakness, and implement your own filter in Firefox.

5. Botnet Analysis and Defense Investigate a botnet (e.g., via source code analysis or live traffic monitoring) and propose a new approach for botnet defense.

6. Phishing Threats and Defense You might also investigate other threats such as worms and DDoS. You might also consider possible threats related to IM or RSS.

7. Software Vulnerability Analysis and Defense You may propose your own approach to define and extract vulnerability signatures (e.g., Shield) or defend against zero-day exploits

8. Rootkit Analysis in BitBlaze Environment Our BitBlaze framework provides a power platform to analyze binaries. In this project, you are expected to use the framework to analyze certain aspect of a malware/rootkit. For example, what is its activation mechanism? What is the condition for it to execute its malicious payload?

   Related papers and resources:
   HookFinder: Identifying and Understanding Malware Hooking Behaviors
   BitBlaze

9. Client-side Honeypots: Analyze existing client-side honeypot systems (e.g., HoneyMonkey, honeyclient, etc) and propose your own solution.

10. Access Control via Virtual Machine Monitor Propose a new approach to enforce access control policies at the virtual machine level.

11. Other high-level topics: Trustworthy Computing with Virtual Machines, Intrusion Detection and Recovery, Intrusion Prevention, OS-level Forensic Analysis

12. Your Own Research Topic