6.857: Computer and Network Security (Spring 2020)
This year's projects
- Analyzing Google Chrome Extension Botnet Exploits
- Towards Zero Trust For Critical Infrastructure: Rethinking The Industrial Demilitarized Zone
- A Survey of Novel Countermeasures Against Mobile Lock Screen Keystroke Inference Attacks
- Analysis of Bitcoin Improvement Proposal 340 — Schnorr Signatures
- Authenticity of LiDAR Points in Autonomous Vehicle “Certified Control” Architecture
- Security Analysis of Browser Auto-fill and Password Managers
- Secure Email Voting
- Trends in Data Exfiltration and Privacy Policies
- BetCoin: Secure Online Sports Betting
- Public Key Neural Linguistic Steganography
- Security Requirements of Containerization
- Low Power Cryptography
- Zero-Knowledge Battleship
- Ethereum Smart Contract Security Analysis
- How SCRAM Implements MPC using TFHE
- Password Manager Security
- Ring Signatures - Analysis and Implementation
- Security Survey and Analysis of Vote-by-Mail Systems
- Chrome Extension Policy Analysis
- Fingerprinting Web Users Through OpenType Font Features
- Looming Over Zoom
Term Project Ideas
Project ideas for Spring 2020
We will be adding to the list as time passes, so check back from time to time. In the meantime, feel free to check out projects and project ideas from previous years linked in the sidebar. If you have ideas of your own, we'd be excited to hear about them: post them on Piazza or email us (6.857-tas at mit dot edu) if you want set up a time to chat about your ideas!
We really encourage you to start thinking about project ideas early (like now!!), and are totally happy to chat about half-baked ideas too. Note that depending on the type of project, it may be fine for multiple groups to work on the same project. However, in some cases—e.g., when working with companies—there would only be able to be one group per project. In such cases the course staff will allocate projects at our discretion on a roughly first-come first-served basis, so we suggest thinking about project possibilities early, and be sure to let us know as you develop an interest in a specific project.
Important: Getting permission for security analyses
As discussed in the first course handout, it is important when conducting security analyses to obtain the permission of the company or owner. Security analysis projects will not be permitted to go ahead unless you have obtained appropriate permission by the project proposal deadline, March 13th.
If you are thinking of your own security analysis project , you should contact the relevant organization to get their permission: here is a draft email template to help you. Once you have an idea you're definitely interested in, we suggest sending an email ASAP, so that you have plenty of time to make alternative plans if getting permission doesn't work out!
Other places to look for ideas
You should also check out the references page for inspiration—in particular, online proceedings from the linked conferences.
Topics from previous years
It may also be useful to refer to projects from previous years, which you can view on the corresponding course websites since 2014 (accessible through the "Previous Years" link in the sidebar).