SE547: Overview: Other Project Topics [13/20]

Example projects from David Walker

• secure distributed programming and PlanetLab
  • implement a service for PlanetLab using an interesting programming model
    • tuple spaces (see Klaim for Java)
    • join calculus (see JoCaml)
    • distributed logic programming (see SD3, Sophia)
  • consider the security threats and the mechanisms necessary to compensate
  • implement a security monitoring service (as opposed to an arbitrary service)
• security monitors
  • a security monitor watches a program, virtual machine or distributed system and interrupts the system when it detects a security violation
  • consider security monitors based on transactions
    • theory of what is enforceable in the transactional model
    • practice of implementing the system
  • consider concurrent or distributed security monitors
  • consider hardware/compiler support for parallelizing execution of security monitors with the mainline application
  • consider type-system support for making security monitors compose with one another; implement it in the context of Polymer
• Verifying availability properties
  • recently, researchers have a great progress verifying cryptographic protocols and establishing authenticity and secrecy properties
    • Multi-set writing protocols (Cervesato et al.)
    • Types for protocols (Gordon and Jeffrey)
  • can we do the same for availability properties and developing robust distributed algorithms?
    • eg: can we developed techniques for verifying consensus and other group communication protocols? Under what failure models?
• Study the effectiveness of security analysis tools
  • How do we evaluate security analysis tools to determine how effective they are?
  • What properties should they have?
  • What metrics can we use to analyze tools?
  • Can we develop a benchmark for testing these tools?
  • Take two or more existing tools and analyze them.
• Extend a programming language
  • Polymer is a compiler framework for extending Java
    • add some form of program monitors based on automata
    • add Cryptic-like support to Java for verifying cryptographic protocols
  • Binder is a logic-programming language with built-in secuiry
    • implement a linear-logic programming version of binder
• information flow
  • consider tracking information flow in a unique programming model
    • tuple space model
    • distributed logic programming model
    • typed assembly language
• Survey paper option
  • choose a relatively broad area and do an in-depth analysis of the research in the area
    • come up with a creative way to classify the work in the area
    • summarize the major contributions
    • determine the most important avenues for future research
  • focus on producing a particularly well-written report by working on multiple drafts
  • eg: software program monitors; hardware support for security; security in distributed programming models
• Come up with a own topic related to your own research
  • Good topics may bridge gaps between areas
    • Networking and distributed programming
    • Algorithms for reliable computing and cryptography and languages to support their implementation or verification
    • Architecture or compilers to improve performance of security mechanisms