Security and Privacy Technologies - CS 6431

Project proposals are due February 15. A proposal should be 2-3 pages long and include the following:

  • Names of team members (at most 2 students per team).
  • Description of the system or network protocol that you are planning to analyze or implement, or the tool that you will be building or extending.
  • Security properties you intend to investigate.
  • Tools and/or analysis techniques you are planning to use.
  • Clear description of project deliverables. Possible deliverables are a software prototype, a substantial case study, or, in the case of a purely theoretical project, proofs (manual or machine-assisted).

Here are some project ideas, but you are encouraged to propose your own project topic.

  • Tackle the Aircloak Challenge.
  • Amazon cloud services
    • What does Amazon Inspector do? What are its limitations? Set up a web server using AI services and show how to break it.
    • Develop and demonstrate a side-channel attack on AWS Lambda (or similar service).
  • Build a system that verifies the location and date of photos posted to social media.
  • Analyze security and privacy protections of NYC open municipal data. Can private information about NYC residents be extracted or inferred from these datasets?
  • Analyze security and privacy of Google's AutoML platform for building custom machine learning models.
  • Investigate the security and privacy aspects of some consumer device, for example, Oculus, Kinect, or FitBit.
  • Develop inference attacks against secure protocols for computing on genomic data.
  • Analyze domain fronting in Signal and develop a technique for detecting Signal traffic on the network.
  • Build a system for censorship-resistant communications that hides information in BitTorrent or other P2P traffic.
  • Does this idea for preventing art forgery seem workable? What alternatives are there using machine vision, RFID tags, etc.?
  • Extend libsignal to natively handle message franking protocols, as needed for cryptographically verifiable abuse reporting (see
  • Reverse-engineer examples of spyware used by abusers in intimate partner violence.
  • Comprehensively investigate algorithmic/computational aspects of some privacy law or policy (e.g., for financial or educational data).




Spring 2018
Tue Thu 1:25 - 2:40p
Gates 405 (Ithaca)
Bloomberg 397 (NYC)
Tom Ristenpart

Vitaly Shmatikov