Projects

Want to make a “security synapse”? That is to say, do you want to make conceptual and practical connections in the field of computer security? Check out these projects to learn more about how to apply what you are learning in the field of computer security! The security survey projects invite you to complete work in fields like fuzzing and cryptography. The long-term security summit project offers the scaffolding for learners to complete independent research and development in the field of computer security. Each project explores a specific topic in connection with content from either accessible online resources or one of these online textbooks:

Security Survey Projects

Project One: Server Fuzzing

Preparation

  • Review: Chapter one of Computer Systems Security: Planning for Success

  • Insight: Chapter one of CSP explains that a server demonstrates availability if it is up and running for valid users. Yet, if a server is running a process that contains a defect that results in a system crash, then this is a direct threat to its availability. However, since the programs that run on servers often have complex input spaces and implementations, it is often difficult to quickly find these availability threats.

  • Task: This project invites you to implement a serverfuzzer in the Python programming language that will automatically fuzz a specific function in a server’s implementation. Specifically, you will implement a fuzzer that will automatically generate certain type of JSON inputs, submit those inputs to an in-memory server, observe the output and behavior of the server, and record important details and any crashes. As you complete the project, please be mindful that it makes certain restrictions of the types of JSON inputs your serverfuzzer should generate!

Resources

To learn more about fuzzing and to gather inspiration for your own implementation of the serverfuzzer, please consult the following technical resources about building fuzzers:

Interested in working on this project? See the server-fuzzing-starter template repository to get started! Questions? Share them in the Security Synapse Discord Server.

Project Two: Cryptography Benchmarking

Preparation

  • Review: Chapters one and two of Computer Systems Security: Planning for Success and Chapters four through twelve of Cracking Codes with Python

  • Insight: Chapter four through twelve of CCP introduce a wide variety of different cryptography algorithms an explain how they may be cracked. Even though it is important to understand how to implement these algorithms, they are not examples of modern cryptography algorithms like the advanced encryption standard (AES). It is also important to point out that different implementations of AES, like versions of Fernet that are implemented purely in Python or in a combination of Rust and Python, may have different performance trade-offs worthy of additional experimental study.

  • Task: This project invites you to implement a cryptobenchmark in the Python programming language that will automatically perform a doubling experiment to measure the encryption and decryption performance for the Fernet and rFernet ciphers. This program should randomly generate data and the measure and report the time and space overheads arising from use of the Fernet and rFernet ciphers.

Resources

To learn more about fuzzing and to gather inspiration for your own implementation of the cryptobenchmark, please consult the following technical resources about cryptography using various implementations of the advanced encryption standard as Fernet:

Interested in working on this project? See the server-fuzzing-starter template repository to get started! Questions? Share them in the Security Synapse Discord Server.

Project Three: Network Monitoring

Preparation

  • Review: Chapters four and five of Computer Systems Security: Planning for Success

  • Insight: Chapters four and five of Computer Systems Security: Planning for Success introduce some of the commonly used networking protocols and the ways in which they may be attacked. When a client and a server are communicating over a network, it is possible for a malicious actor to run a program that intercepts their communication. If the communication between the client and server is not encrypted, then the malicious actor can read the messages and even modify them.

  • Task: This project invites you to implement a networkmonitor in the Python programming language that conducts network monitoring by creating clients and servers on localhost and then monitoring the network traffic between the client and the server. The program supports different modes of operation, including server and client modes using either sockets or XML-RPC, and interception modes for monitoring network communication with either of the aforementioned protocols. The networkmonitor should start a separate process in one of these modes:

    • Client and Server Protocols:
      • Socket Server: Start a server using sockets.
      • Socket Client: Start a client using sockets.
      • XML-RPC Server: Start a server using XML-RPC.
      • XML-RPC Client: Start a client using XML-RPC.
    • Interception Mechanisms:
      • Socket Interception: Intercept network communication using sockets.
      • XML-RPC Interception: Intercept network communication using XML-RPC.

Resources

To learn more about fuzzing and to gather inspiration for your own implementation of the networkmonitor, please consult the following technical resources about the network communication with either sockets or XML-RPC in Python, the TCP/IP protocol and the layout of their headers and payloads, and various network monitoring techniques:

Interested in working on this project? See the network-monitoring-starter template repository to get started! Questions? Share them in the Security Synapse Discord Server.

Project Four: Program Tracing

Preparation

  • Review: Chapters six and seven of Computer Systems Security: Planning for Success

  • Insight: Chapters six and seven of Computer Systems Security: Planning for Success introduce some of the commonly employed security solutions that can prevent attacks on computer security. A layered security approach that prevents the insertion of malware into a computer program may involve tracing (or, monitoring) the program’s execution to discover what instructions it executes and how it accesses memory. Having access to a program trace can help a security engineer to discern when it is infect with malware. Program tracing can also be used to analyze the behavior of malware to understand how it operates and to aid in its detection.

  • Task: This project invites you to implement a programtracer in the Python programming language that observes the instruction and memory accesses of a program and records them in a log file. The programtracer output should include all of the executed instructions at the level of, for instance, the abstract syntax tree (AST), the Python source code, and/or the native code produced by the Python interpreter. Whenever possible, the trace should also include the values of variables that were accessed by each of the detected instructions. The trace should be stored in a file in either a plaintext, comma-separated value (CSV), or JavaScript object notation (JSON) format. The programtracer tool should have these features:

    • Command-Line Interface: A command-line interface (CLI) that accepts the name of a Python program and/or a Python program’s test suite and then performs the program tracing when the tests run on the program.
    • Program Tracing: An implementation of tracer for the execution of a Python program that saves the trace in a suitable format in a specified directory and file.
    • Variable Tracking: An implementation of a means to track the values of variables as they are referenced by the specific instructions in the program’s source code.
    • Trace Analysis: A module that can automatically analyze the trace by reporting information about, for instance, the number of instructions in the trace, the number of times each instruction was executed, the number of times a variable is accessed by all of the program’s instructions, and the number of unique values stored in the variables accessed by the instructions.
    • Trace Comparison: A module that compares two or more traces and surfaces the similarities and differences between the them. Examples of trace comparison operators could include pointing out differences in the executed instructions or variable accesses. This feature would be useful in the context of malware analysis to compare the behavior of one version of a malware to the prior version of the same malware. It would also be useful to compare the original version of a program to one that might be infected by malware.
    • Efficiency Analysis: At least two different efficiency analysis features that involve measuring the performance of tasks such as creating the trace, saving the trace, analyzing one or more traces, or the size of the traces when either stored in memory or on disk. This feature could involve calculating and reporting time and/or space overhead of the programtracer tool.

  • Experiment: This project invites you to evaluate the programtracer tool by conducting an experiment that broadly follows these steps:

    • Select a Python Program and Test Suite: Choose at least five small- to medium-sized Python program and their corresponding Pytest test suites. Make sure that these are all programs that you did not implement yourself. Aim to strike a balance between programs that are realistic and programs that are small enough that you can feasibly analyze and understand their traces.
    • Run the programtracer Tool: Execute the programtracer tool on each of the selected Python programs and its test suite. Ensure that the tool generates a trace file in the specified format (i.e., plaintext, CSV, or JSON).
    • Verify the Trace Output: For each selected program and its test suite, manually inspect the majority of the trace file to verify that it accurately records the program’s execution. Check that the trace includes details such as executed instructions, variable values, and any other relevant runtime information.
    • Analyze the Trace: For each selected program and its test suite, use the programtracer tool’s analysis features to gather information about the trace. This includes, but is not limited to, the following types of data:
      • The number of instructions in the trace.
      • The number of times each instruction was executed.
      • The number of times variables were accessed by instructions.
      • The number of unique values stored in the accessed variables.
    • Compare Traces: After making a change to the source code of each Python program, run the programtracer tool on it. Manually compare the traces that arise from this modified program and the original to identify the similarities and differences in their execution behavior. You could imagine that this is the step that a malware analyst would take to (a) compare the behavior of a new program to a well-known malware program or (b) compare the behavior of a program before it was infected with malware to after it was infected.
    • Efficiency Analysis: For each selected program and its test suite, time the execution of the programtracer tool when it is completing tasks such as creating the trace, saving the trace, and analyzing the trace. Record the size of the trace files when stored in memory and on disk.
    • Collect Data: Collect all relevant data from the analysis and efficiency measurements. Ensure that the data is well-organized and clearly labeled and add it to the experiment report.
    • Report Results: Summarize the findings from the experiment in a report. The report should include:
      • An overview of the selected Python program and test suite.
      • A description of the trace output and its verification.
      • Results from the trace analysis, including any notable patterns or insights.
      • A comparison of different traces, highlighting key differences.
      • Efficiency results, including time overhead metrics and trace sizes.
      • Challenges encountered and how they were addressed.

Resources

Your programtracer will take as input a Python program and/or a Python program’s test suite, and then produce a detailed trace of the program’s behavior.To learn more about fuzzing and to gather inspiration for your own implementation of the programtracer, please consult the following technical resources about techniques for tracing Python programs for program understanding, debugging, and malware analysis:

Interested in working on this project? See the network-monitoring-starter template repository to get started! Questions? Share them in the Security Synapse Discord Server.

Security Summit Project: Long-Term Project

Preparation

  • Study: Since this project invites learners to propose and conduct their own independent project, it is important that they should read, in addition to any relevant online resources, all of the covered chapters in the following textbooks:
  • Tasks: This project invites you to complete an independent research project in the field of computer security.
    • Tasks for the Project Proposal
      • Explore various topics in the field of computer security
      • Provide an informative title for the proposed project
      • List the overall scientific and engineering goals for the project
      • Write a proposal abstract with overview and expected contributions
      • Outline a design, implementation, and evaluation strategy for the project
      • Give a demonstration of project feasibility through code and/or data
      • Itemize a list of tasks that you will complete to launch the project
    • Tasks for the Status Update
      • Continue to explore various topics in the field of computer security
      • Explain the ways in which the project’s topic evolved since its proposal
      • Furnish a demonstration of project feasibility through code segment(s)
      • Overview at least one empirical result from your preliminary experiments
      • Give a list of tasks that you plan to complete after the status update
    • Tasks for the Lighting Talk
      • Prepare a slide deck to support a five to six minute lightning talk
      • Confirm that the slide deck contains all of the following elements:
        • Title slide with the project title, your name, and the course name
        • Overview slide with the project’s scientific and engineering goals
        • Design slide with a diagram that overviews the system you created
        • Implementation slide with a code snippet that highlights a system detail
        • Evaluation slide with a table of data or a graph with your results
        • Conclusion slide with a summary of the project and future work
      • Share the slide deck with the instructor and the class through Discord
      • Give the lightning talk presentation on the last day of class
    • Tasks for the Final Report
      • Finalize your exploration of topics within the field of computer security
      • Assess how well the project achieved its scientific and engineering goals
      • Describe each of the key components within the implemented software tool
      • Document the design of the experiment that you conducted for evaluation
      • Using tables of data and/or graphs, report on the experimental results
      • Document the challenges that you faced and how you overcame them
      • Summarize the project’s contributions and suggest areas for future work
Back to top