Spring 2004

Clay Shields

front | classes | research | personal | contact

Information Assurance

back to class page

Individual Projects

 Because our study of information assurance is necessarily shallow, given the number of topics we need to cover, this project is an opportunity for you to learn some topic of your choice in depth.

This project will have two parts. The first will be topic selection and project definition. You will propose a topic and describe the work that you intend to perform for the project. I will review your proposal to ensure that it is reasonable, and this will be used as the basis for grading the project - you must significantly meet what you propose. The proposal should include a topic; what you expect to learn; a thesis or prediction of what you expect to happen; a plan of work; and what tools, equipment, and permissions you need to perform the project, as applicable. This should be two pages and contain sufficient detail for me to understand what you are trying to do and to convince me you have everything you need to complete the project.

The second part will be a project report, in which you present the results of your project. This should be long enough with enough detail so that someone could easily repeat your work if they desired. It should explain what you found and if your finding matched your predictions or supported your thesis. This should be 8 to 10 pages long, depending on what project you come up with.

Possible Topics

While I have a few suggestions for topics, I highly encourage you to think of topics of your own that may relate to other interests or activities you might have. Even if you have an ill-defined idea or interest, talk to me and maybe we can refine it into a project.

  • Spam is a major problem today for many companies and ISPs. The computational cost of forwarding many (sometimes in the millions) advertising messages often overwhelms mail servers, resulting in poor performance for non-commercial email. Plus it is a pain to have to wade through it all. An interesting project might be to determine how spammers find e-mail addresses. Open a number of mail accounts, and put the addresses in different places, and see how soon you get spam, and how much an account gets depending on if the mail is replied to or not.

  • If you work for or have access to some organization that is computer related, get permission and perform a risk analysis for that organization. You will have to do a little more research to perform a more detailed analysis than we covered in class.

  • Steganograpy is a method of concealing information within some other data - currently, most steganographic software conceals information within images. Since this technique is rumored (and perhaps proven to some) to be used by terrorists and other potentially evil folk, some recent research has looked at ways of detecting steganographic images. As a project, you could download and some software used to detect such images from http://www.outguess.org/detection.php, and use it to check images you obtain on-line. This project can require considerable processing power to check lots of images.

  • The widespread use of wireless networks presents a great convenience for many people, but also poses a security risk when open wireless networks are installed behind firewalls. Wardriving is the practice of driving around trying to find open networks. One possible project might be to wardrive (or walk) an area, and try to locate open networks. You would then try and find out whose networks they are and alert them to the possible dangers of having an open network. Next, go back some time later and see how many people have taken steps to protect their networks.

  • I have had this desire to offer a short course to incoming Georgetown students that I would call "Computer Self Defense". A possible project would be to outline how you would construct a course like this. in particular, I am interested in a design for a one to two hour course for incoming freshmen. What do you think they would need to know to be secure and maintain their privacy? What topics would you address in a short time? What exercises could you do to help the students learn effectively?

  • If you are interested in computer forensics, you might try to complete a current forensic challenge, such as the ones posted at: http://www.honeynet.org/scans/

  • I have some network software that is to be released publicly after the semester. If you are interested in secure programming and have some network programming experience, you might like to do a security review of this software.

  • Though we will do some secure programming exercise over the semester, if you are interested in a larger programming project, I have some ideas.

Please do try and come up with some of your own projects! I'd be happy to talk to you about what you might like to do.