Final Project

For this project, you have two options. You can either (a) analyze the security of an embedded device or (b) analyze and demonstrate how a vulnerability was leveraged in a historical attack.

Summary

Option #1 - Embedded Device Security Analysis

You will work as a vulnerability analyst to find potential vulnerabilities with a given device. This will be a combination of theoretical analysis, with some provided details for a selected number of devices. You can alternatively provide your own device to analyze.

Option #2 - Vulnerability Analysis

You will work as a security researcher to understand how a vulnerability was used in a real-world attack. This will be a combination of theoretical analysis to understand the root cause of the vulnerability, as well as some hands on work to generate a basic demonstration of the vulnerability. You may have an easier time researching a vulnerability on an open-source project as you’ll have access to the full source code and revision history to see the patches. You can of course choose a vulnerability on a proprietary system, but you may need to do a little more research to piece together what happened.

There are many types of vulnerabilities, but for this project, please focus on the low-level software or hardware vulnerabilities that we discussed in class - as opposed to high-level web vulnerabilities or vulnerabilities in humans, organizations, or institutions (i.e. social engineering).

Results

  • Report: A final report of your findings. There’s no strict page or word limit, but a rough suggestion is 10-30 pages (including figures, schematics, code listings, etc.)
  • Presentation: A short presentation (<10 minutes) summarizing your findings

Dates

  • November 4: Submit your group members and your topic.
  • November 30: Present to the class during your lab period. Depending on how many groups we have, we may need to use some lecture time on December 1 as well. The presentation schedule will be released once you submit your groups and topics.
  • December 7: Final report due.

Grading

  • Report - 65%
  • Presentation - 25%
  • Peer evaluation - 10%

Detailed rubrics will be provided later.

Table of contents