The research component of this project will consist of helping to refine a cutting-edge asynchronous replication protocol, reasoning about session guarantees (can applications observe uncommitted changes, etc.), and developing an expressive interface that allows these choices to be made. Note: We need help now, so this could turn into a summer job. 4-8-00

When he was a graduate student, Prof. Keleher worked on parallelizing the code in the FASTLINK project described there. Some of the code in FASTLINK and CASPAR, and much of the code in MSA was written by undergraduate students, and is in active use by hundreds of scientists around the world. These large software projects are ideally suited to providing small pieces that undergraduates can complete; once the pieces are complete, the new code can almost immediately be used by the existing user community. Dr. Schaffer also works on implementing pieces of the widely-used BLAST package (http://www.ncbi.nlm.nih.gov/BLAST) for biological sequence comparison, and there are good opportunities for students on the BLAST project also.

Students should have some knowledge of algorithms and unix programming, preferably unix socket programming.

The initial project will be working on an implementation of a Java visualization interface. A student working in these areas should consider themselves experienced working in a Sun Workstations environment in C or C++. Preference will be given to students who know Java, but those who demonstrate excellence in object-oriented programming or GUI interface programming will be strongly considered.

Project #1: E-COMMERCE SECURITY EVALUATION: C#/ASP.NET. The goal of this project is to study how the attackers locate vulnerabilities and launch attacks against an e-commerce infrastructure. This will also enhance one¡Çs understanding of best programming practices that can be used to improve the security of code as well as the application architecture. In this project the student will develop and implement a small e-commerce infrastructure using C#/ASP.NET and use a framework to collect the attack data. The outcome of this project will be a paper describing the different types of attacks and attack strategy used against the developed e-commerce infrastructure. The paper will also describe the programming practices that can be used to prevent these types of attacks.

Project #2: IIS WEB SERVER LOGGING FOR WEB-BASED ATTACK ANALYSIS. IIS is a famous web server developed by Microsoft. IIS has some default logging capability to provide information regarding the functionality and statistics of the web server. This information however is often not sufficient to recreate the attack scenario. This project deals with enhancing the logging capability of the IIS server for this purpose. It will utilize the Application Programming Interfaces (APIs) available in IIS to enhance the logging capacity. A vulnerable web site will be used as a bait to capture attacks. Custom scripts will then be developed to parse this collected data to understand the web-based attack strategy.

Project #3: EXPANDING FERRET FOR WINDOWS SYSTEMS. Dr. Michel Cukier¡Çs research team is currently developing Ferret, a new software tool for checking host vulnerabilities. Ferret helps system administrators by quickly finding vulnerabilities that are present on a host. It is designed and implemented in modular way: a different plug-in module is used for each vulnerability checked, and each possible output format is specified by a plug-in module. As a result, Ferret is extensible, and can easily be kept up-to-date through addition of checks for new vulnerabilities as they are discovered; the modular approach also makes it easy to provide specific configurations of Ferret tailored to specific operating systems or use environments. More precisely, this project consists of: 1. The identification of critical host vulnerabilities for Windows systems, 2. For these vulnerabilities, the development of vulnerability checking plug-in modules for Windows systems, and 3. A demonstration of Ferret using these newly developed plug-in modules.

Project #4: HOST INTRUSION DETECTION SYSTEM STIMULATOR. The project aims at monitoring intruder actions to stimulate host intrusion detection systems (HIDSs). In particular, this project will monitor activities on an existing honeypot, create a database of intruder actions on the honeypot, and translate this into a HIDS stimulator. The project has a double objective: understanding the actions of attackers at the host level to improve prevention, and developing a HIDS stimulator.

Project #5: TRUSTED INTRUSION DETECTION. System The project¡Çs objective is to create an intrusion detection system (IDS) whose output has been verified from a Trusted Computing Base (TCB) perspective. Specifically, an intrusion detection system (i.e., a network IDS or a hardware host IDS) will be modified so each of its components will report the integrity status of the next component before submitting IDS data. The output will contain a signed hash of this contents created by a TCB compliant chip, which may be verified by any listening party.

Project #6: INTRUSION DETECTION TRANSPARENCY. The objective of this project is to evaluate intrusion detection system (IDS) transparency for the user. The task will be to create an automated program, which performs stress tests on a computer system. The stress tests will be created with the IDS executing and in the absence of the IDS. The stress tests then will be compared to create metrics on IDS resource usage. Additionally, the project will evaluate IDS transparency for the attacker. The student should compare stealth techniques from different IDSs and evaluate if automated tools will be sufficient to counter them.

Project #7: HONEYPOT COMPARISON AND CLASSIFICATION. The project consists in building several honeynets with different characteristics, in order to test and compare different collecting architectures, according to their limitations. The different characteristics of these architectures would be the level of interaction offered to attackers and the level of limitation imposed on outbound connections.

Project #8: NETFLOW IMPLEMENTATION AND DEVELOPMENT. The project consists in implementing a Netflow architecture to monitor and analyze attack traffic on a network of honeypots. A second phase will be to review and then develop queries and algorithms to detect patterns inside malicious activity.

Project #9: VULNERABILITY DATABASE. New vulnerabilities are discovered everyday. The security community and software development community communicate on this new vulnerability and respective patch releases using bulletin boards and vulnerability databases. These databases are very useful for system administrators trying to fix bugs in software but it do not provide sufficient information on the specifics of the vulnerabilities. The goal of this project is to develop a database to document these vulnerabilities, patches and respective attacks by analyzing existing vulnerability databases.

The Explicit Multi-Threading (XMT) project, see http://www.umiacs.umd.edu/users/vishkin/XMT/, which is part of a broader PRAM-On-Chip vision, addresses this crisis and opportunity. Computer Science and Engineering undergraduates who are interested in doing undergraduate research within the XMT project should plan on taking the course ENEE759K/CMSC751: Parallel Algorithmics (see http://www.umiacs.umd.edu/users/vishkin/TEACHING/enee759k-s06.html) during their junior year. Don't be intimidated by the the fact that this is a 700-level class. Quite a few undergrads have taken it before and did very well. The only prerequisite that Dr. Vishkin requires for ENEE759K/CMSC751 is CMSC351 and a GPA of 3 or higher. However, you need special permissions to be allowed to register: If you are a computer science student: send an e-mail to vishkin@umd.edu along with your transcript/resume. Once you get his permission, submit your request along with a degree plan to the CS undergraduate office for heir approval. If you are a computer engineering student: obtain the appropriate form from the ECE undergraduate office, have Dr. Vishkin sign the form, and then submit it as per the instructions you will get from the ECE undergraduate office. You can count ENEE759K towards your Category B courses.