WIE Undergraduates: CS Scholars Projects
2007 Summer Research Projects
Please note that "Daily Activities" are provided as estimates of time commitment and do not include additional program activities.
- Quantification of Computer Security
Faculty Mentor: Dr. Michel Cukier, Mechanical Engineering - Digital Content Redistribution and Protection for Next Generation Media
Faculty Mentors: Dr. Min Wu & Dr. Gang Qu, Electrical & Computer Engineering & UMIACS
Quantification of Computer Security
Project Description
Most research in computer security focuses on developing methods and tools for preventing, detecting, or tolerating attacks or intrusions. Little research is conducted to quantify the security of a computer system. The Experimental Information Assurance Lab (EIAL) at the University of Maryland specializes in conducting experiments for quantifying various security aspects of a computer system. Recent research focused on: a) how to separate attacks among malicious traffic, b) how to develop a business case for investing in security, c) how to analyze malicious activity over time, d) how to assess the threat of attacks due to IRC channels, and e) how to understand behavior and diagnosing and finding solutions to issues encountered in organizational computer security systems using a systemic approach, namely system archetypes.
The Summer 2007 project combines a theoretical and an experimental approach in the context of the quantification of computer security. The theoretical aspect focuses on modeling various parts of a large public university including the attacks, the network, the users, the security and system administrators. This research will be an iterative process between model refinement and data collection and analysis to feed the models. The experimental aspect focuses on profiling automated attacks and attack behavior using honeypots. In the first experiment, malicious traffic will be collected and analyzed (e.g., trends on the ports targeted, the distribution of malicious traffic over time, as function of the day of the week). The objective is to identify trends in malicious traffic against Windows computers. In a second experiment, we will determine the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. We will also look at the specific malicious actions and the order in which they occurred. The objective is to build a profile of attacker behavior.
CS Scholar Responsibilities and Daily Activities
All CS Scholars will be expected to perform background reading (10%) on analysis methods, malicious traffic collection and honeypots. All Scholars will be trained on the test-bed deployed for monitoring attackers and collecting and analyzing malicious traffic (20%). Each scholar will either analyze data and develop a model, or be assigned to one honeypot computer, deploy a configuration and analyze the recorded data on it (65%). The Scholars will meet at least once a week to compare experiences and identify specific activities for ongoing study (5%). All Scholars will compile their results for poster presentation and report publication.
Digital Content Redistribution and Protection for Next Generation Media
Project Description
In the past decade, the advances in digital technologies, coupled with the proliferation of the Internet, wireless communications and multi-functional portable devices, have reshaped people's daily life. Companies like Amazon.com, eBay, Google, Yahoo, and Napster, online transactions and peer-to-peer (P2P) file sharing can signicantly reduce the cost of marketing and distribution. However, they also make it easier to pirate, leading to numerous legal actions, especially in the entertainment industry. Most current economic ecosystems for digital media, such as Apple's iTune plus iPod, use an "online store" to market, recommend, and sell digital media contents and let users store and play the media on their personal computers or portable media players. P2P file sharing is discouraged or disabled in such systems.
Recent data show that the potential market of P2P file sharing systems is more than 100 times larger than such "online store" market. The REU team assembled for this project will study how to leverage P2P file sharing systems for digital media redistribution. The team will learn the state-of-the-art information hiding techniques for the intellectual property protection of multimedia, software, and hardware design. REU scholars will investigate an integrated hardware and software co-protection approach for the digital content protection problem across different platforms and media types. The team will explore the challenges and solutions to design and prototye the required hardware device, and also be exposed to economics and other interdisciplinary aspects of the problem.
CS Scholar Responsibilities and Daily Activities
All REU Scholars will be expected to perform background reading to familiarize themselves with the current digital media service and distribution system and various algorithm, software, and hardware knowledge.
The faculty and graduate student mentors will discuss with the Scholars basics on cryptography and mechanisms for digital content and hardware design protection. The Scholars will be assigned tasks based on their background, skills, and interests. They will work closely with the mentors, and all scholars will meet at least once a week to report the progress of their assignment and to share their experience. All Scholars will participate in poster presentation and technical report writing to demonstrate their results.
Return to CS Scholars | Projects Overview
