For this case study, your goal is to investigate one of the following:
-- a vulnerability/attack (for example, vulnerabilities in Windows Vista or later, MAC OS, 
one of the later versions of Ubuntu, your favorite web-server, web-browser, mobile device, etc.)
-- a protection/prevention/detection technology/method/technique (in depth study of protection
against memory attacks in modern OSs, a cryptographic scheme, intrusion detection system, etc.)
-- or a mix of the two

The goal of this case study is to focus in depth on one particular topic and learn about it.
Feel free to choose something relatively simple and understand it properly, as opposed to
to choosing something complicated and understanding little about it. Please find a
partner or send me an email if you need help finding one. You need to play with code,
perform the vulnerability, setup the software, etc. (NOT just read and summarize). 

You need to choose a topic and email me a paragraph with the proposal and a few of the starting
references to the courses that you will be using. You need to get my approval to move on!

Making Breakdown:
0.5 points : 1 paragraph proposal (Due Oct 18)
5.0 points : 2 page report containing: 
             clear description of your project +
             what you have done (attach screenshots, code, etc.) +
             conclusions you made  (Due Nov 15)
4.5 points: 5 minute presentation of your case study (no live demos, 
but you are strongly encouraged to include screenshots, code, etc. in
your presentation). Keep it simple. (Times to be determined)

NOTE: screenshots, code, etc. do not contribute to the 2 page report limit. 

A list of possible topics and STARTING references. You are free to choose anything 
you like, use on-line tutorials, videos, etc. 


1) Hardware Backdoors: http://www.toucan-system.com/research/blackhat2012_brossard_hardware_backdooring.pdf

2) Web-browser Security: http://www.adambarth.com/papers/2009/barth-caballero-song.pdf,
https://www.usenix.org/legacy/event/sec09/tech/full_papers/robertson.pdf

3) Side-channel attacks on cryptography:
http://blog.cryptographyengineering.com/2012/10/attack-of-week-cross-vm-timing-attacks.html

4) ARP and DNS flooding
http://www.watchguard.com/infocenter/editorial/135324.asp
http://research.microsoft.com/en-us/um/people/hiballan/pubs/ccs08-staledns.pdf
http://classes.soe.ucsc.edu/cmps223/Spring09/Jackson%2007.pdf

5) Honeypots and Honeyclients
http://nms.lcs.mit.edu/HotNets-II/papers/honeycomb.pdf
http://cs.ucsb.edu/~vigna/publications/2011_kapravelos_cova_kruegel_vigna_MonkeyIsland.pdf

6) Mobile security (Android)
http://www.eecg.toronto.edu/~lie/Courses/papers/UnderstandingAndroidSecurity.pdf
http://www.cs.berkeley.edu/~afelt/android_permissions.pdf

7) Reverse engineering malware 
http://www.iseclab.org/people/andrew/download/oakland09.pdf
http://xplqa30.ieee.org/stamp/stamp.jsp?tp=&arnumber=5504796	

8) Fuzzing Software to find vulnerabilities
http://lenx.100871.net/papers/taintscope-oakland.pdf
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.187.7988&rep=rep1&type=pdf