Special Topics in Software Engineering: Dependable Systems
ECE 1724, Fall 2007
University of Toronto
validate
Instructor: Ashvin Goel
Course Number: ECE 1724
Course Time: Thursday, 4-6 pm
Course Room: GB 221
Start Date: Sep 20, 2007
Project Suggestions
Some suggested projects are described below.
- A Study of Phishing Sites
The SpyProxy, HoneyMonkeys and the crawler-based study of spyware papers
described methods for detecting malicious content on the web. This project
will involve doing a crawler-based study of phishing sites on the web. Is
it easy to detect phishing sites? How long do phishing sites exist on the
web? How would you do such a study? Talk to the instructor for ideas.
- Analyzing Buffer Overflow Attacks
Replay frameworks have several applications such as debugging applications
as well as analyzing intrusions. In this project, you will use a simple
existing replay technique to analyze intrusions. Choose a common
application such as a web browser with known buffer-overflow
vulnerabilities. Similar to Rx, replay the application in a different
environment (e.g., different address space layout) to test if the attack
was successful (e.g., buffer overflow failed with a different address space
layout) by comparing the outputs of the application during the original
application and the replay.
- A Debugging and Profiling Tool for Isolation Environments
The instructor's research group has developed a prototype system that
allows running applications with restricted privileges in a file-system
based isolation environment. Applications running in this isolation
environment can sometimes fail mysteriously because the application does
not have sufficient privileges to execute correctly. In this project, you
will develop a profiling tool that helps extract the correct set of
privileges needed to run applications in the isolation environment and that
also allows debugging the isolation environment.
- Mashup OS for Firefox
The Mashup OS paper described protection mechanisms for web browsers. This
paper implemented these mechanisms in the Internet Explorer. In this
project, you will implement a subset of the mechanisms in the Firefox browser.
- A Safe Password Manager
The Information Flow Control For Standard OS Abstractions paper describes
the Flume system that uses the (Decentralized Information Flow Control)
DIFC model for protecting privacy and integrity of applications running on
standard OSs. Choose an application such as a password manager (e.g.,
gnome-keyring-manager or gpass) and use the Flume system to provide strong
privacy for passwords.
- Detecting Windows Rootkits
The Automated Detection of Persistent Kernel Control-Flow Attacks paper
discusses a variant of the control-flow integrity property that is used to
detect rootkits in the Linux kernel. The aim of this project is to perform
an analysis of Windows rootkits to determine whether the same CFI property
can be used to detect Windows rootkits. The project requires experience
with Windows and virtual machine programming.
- Implementing a Windows Rootkit Framework
The aim of this project is to understand how hackers subvert OSs. You will
study how a Windows Rootkit can be built and start the initial design and
implementation of a framework for implementing Windows rootkits. Talk to
the instructor for ideas. You must have strong Windows programming skills.
- Recovery via Restarting Applications
The "Microreboot" paper described a method by which parts of an application
are rebooted to allow recovery of the application. This approach gets rid
of faulty state in the application. In this project, you will choose either
a content download application (e.g., bittorrent
) or an
instant messaging application (e.g., gaim
) and implement a
recovery via "reboot" method for this application. You need to make sure
that the persistent data (e.g, the music repository or the instant messages
received) in the application is not lost. How fine is your reboot
granularity? Can you tune it? How often is reboot possible? What types of
faults or bugs can the reboot handle? How does the reboot affect user
perception?
- Application-Level Undo and Recovery
The "Undo for Operators" paper implemented an undoable email service. In
general, their application-level undo and recovery service requires
applications whose operations have well-defined semantics and can be
serialized. Another example that satisfies this criteria is a calendar
service. Can you think of other such applications? Choose a calendar
service or any one such application and implement an undoable service for
that application. Describe the properties of this undoable application. How
does application-specific recovery improve on generic recovery as described
in the "Exploring Failure Transparency" paper?
- Misconfiguration Detection
The "PeerPressure" paper automatically detected misconfiguration in the
Windows registry by comparing the registry entries across multiple
machines. This comparison was done using a simple heuristic that determined
whether a registry entry was very similar or dissimilar across machines. In
this project, choose other heuristics such as clustering to determine
misconfiguration. Compare this approach with the original PeerPressure
approach. You can use any registry-like application.