The course project requires that students execute research in systems security. The result of the project will be a conference-quality research paper. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

You will work in teams on this project under my guidance. All teams (including teams of size 1) and topics must be approved by the instructor. Your project team does not have to be the same as your presentation team.

Choosing a Topic

For ideas, students are encouraged to browse the last several years proceedings of USENIX Security, ACM CCS, IEEE Security and Privacy (Oakland), and NDSS.

You have considerable freedom to choose a topic of your liking, from the topics we’ve discussed already, or a topic of your own devising. It just has to be about systems security.

The qualities of a good research project, at a minimum, include the following (this is my own subjective view):

  • It provides new insight
  • It is important, or at least matters to someone, and there is practical significance
  • The findings are non-obvious

There are many things not in this list. For example, nowhere does it say it has to be difficult. I admire tenacity, and much excellent research requires tremendous effort, but that is neither necessary nor sufficient.

In addition to the above qualities, you should consider the following questions when choosing a research topic, at least for this course:

  • What data will you need?
  • If you plan to collect this data, what access will you need, and whose permission will be required?
  • What resources (computers, storage, etc.) will you need?
  • What skills / depth of knowledge will you need?
  • Do you need to involve users in experiments / data collection?

When you have your answers, talk with me about whether the project is achievable in the time we have available.

Writing Your Paper

Conference-quality project report should consist of 8–10 pages (not including references), 1-inch margins, two column, 10-pt font. Use the provided LaTeX template. Suggested outline:

  • Abstract (around 200 words)
  • Introduction (includes references to highly-relevant related work, i.e., state of the art for the problem you are trying to solve)
  • Overview of Approach (a nice and accessible “English” description of your approach)
  • Protocol/Architecture/Design/Methods/…
  • Evaluation (don’t forget to interpret your data)
  • Discussion (discuss some of the important simplifying assumptions, threats to validity, and suggest possibilities for future work)
  • Related Work (“somewhat related” work goes here; directly related work goes into the Introduction)
  • Conclusions (don’t summarize your work here. That’s what the abstract was for. Instead provide some philosophical ruminations of your work and future possibilities, i.e., conclusions that you have arrived at as a result of your work.)
  • References

Note: All reports must be written in LaTeX using the provided template. Failure to use LaTeX, or using an unapproved template will result in an automatic 10 point reduction from the course research project grade.

What to turn in: compressed archive (lastname-project.tar.gz or of the related work containing the .pdf, .tex, and .bib files for the document.

Note about files: Only .tar.gz, and .zip files will be accepted. Filenames must follow the lastname- convention. If more than one student is on a project, the file name should have the prefix lastname1-lastname2-, where the lastnames are in alphabetical order. The paper must be written using LaTeX and citations must be managed in one or more .bib files using BibTeX. Failure to comply with any of these file format and naming requirements will result in an automatic 10 point deduction from the course research project grade.