Project proposals are due February 15. A proposal should be 2-3 pages
long and include the following:
Names of team members (at most 2 students per team).
Description of the system or network protocol that you are planning to
analyze or implement, or the tool that you will be building or extending.
Security properties you intend to investigate.
Tools and/or analysis techniques you are planning to use.
Clear description of project deliverables. Possible deliverables
are a software prototype, a substantial case study, or, in the case of
a purely theoretical project, proofs (manual or machine-assisted).
Here are some project ideas, but you are encouraged to propose
your own project topic.
- Tackle the Aircloak Challenge.
- Amazon cloud services
- What does Amazon
Inspector do? What are its limitations? Set up a web server
using AI services and show how to break it.
- Develop and demonstrate a side-channel attack on AWS Lambda
(or similar service).
- Build a system that verifies the location and date of photos
posted to social media.
- Analyze security and privacy protections of NYC open municipal data.
Can private information about NYC residents be extracted or inferred
from these datasets?
- Analyze security and privacy of Google's AutoML platform
for building custom machine learning models.
- Investigate the security and privacy aspects of some consumer
device, for example, Oculus, Kinect, or FitBit.
- Develop inference attacks against secure protocols for
computing on genomic data.
- Analyze domain fronting in Signal and develop a technique
for detecting Signal traffic on the network.
- Build a system for censorship-resistant communications that hides
information in BitTorrent or other P2P traffic.
- Does this idea for preventing art forgery seem workable?
What alternatives are there using machine vision, RFID tags, etc.?
- Extend libsignal to natively handle message franking protocols,
as needed for cryptographically verifiable abuse reporting (see
- Reverse-engineer examples of spyware used by abusers in
intimate partner violence.
- Comprehensively investigate algorithmic/computational aspects of some
privacy law or policy (e.g., for financial or educational data).