6.893 Fall 2009 Lab 4: Final project
| Handed out: |
Monday, October 26, 2009 |
| Proposals due: |
Friday, November 13, 2009 |
| Presentations due: |
Wednesday, December 9, 2009 (in class) |
| Code and write-up due: |
Friday, December 11, 2009 (11:59pm) |
Introduction
In this lab, you will work on a final project of your own choice. Unlike
in previous labs, you may work in pairs on the final project. You will be
required to turn in both your code and a write-up describing the design and
implementation of your project, and to make a short in-class presentation
about your work.
Below are some ideas for final projects that you might use as inspiration.
We encourage you to come up with your own ideas for what you would like to
work on; don't restrict yourself to this list.
- Use KLEE to find interesting bugs in certain classes of software.
- Find an interesting use for trusted hardware, and figure
out how to expose trusted hardware safely to applications.
- Build an XFI-like system for Linux kernel modules or packet filter
code.
- Write a tool to help privilege-separating PHP applications.
- Implement more flexible protection mechanisms for Linux (so that any
user can create additional protection domains -- sub-users -- to run
code with less privileges, without having to be root).
- Implement taint tracking / information flow control / Resin for Java,
perhaps using bytecode rewriting.
- Based on Google's caja
library, sandbox existing Javascript mashups/applets (what to do
about existing uses of globals in the Javascript environment?)
- Write a browser plugin to prevent cross-site scripting attacks when
both the server and the client are following some rules (e.g.
explicitly annotating privileged JS code). Bonus points for
allowing untrusted JS code using something like caja!
- Starting with Google's
Native Client
(or by extending Javascript), add support for browser-based apps to
do more stuff on the client side, safely. File system access,
network access (peer-to-peer client in your browser), etc.
- Implement an encrypted file system with plausible deniability (i.e.
where there can be multiple encrypted file system images within a
single FS, and without the right password, you don't know if unused
blocks are free or part of another encrypted FS you don't have the
password for.) See paper on
deniable file systems and
TrueCrypt.
- Allow admins to undo operations from the past that an attacker
performed. For instance someone broke into your blog or forum,
added a user, changed permissions, and posted garbage messages.
You may want to undo all these changes without manually inspecting
every page. Could be done with some help from an x86 virtual
machine, or done at the language level (ala Resin).
- Explore the extent to which covert channels / side channels matter,
e.g. in EC2 or other shared VMs, vs. shared OS, vs. other environments.
See this paper for
some background information.
There are three concrete steps to the final project, as follows:
Decide on the project you would like to work on, and whether you would
like to work by yourself or in a pair. Discuss your proposed idea with
course staff before the proposal deadline, to flesh out the exact problem
you will be addressing, how you will go about doing it, and what tools
you might need in the process.
Prepare a short in-class presentation about the work that you have done
for your final project. We will provide a projector that you can use
to demonstrate your project.
Write a document describing the design and implementation of your project,
and turn it in along with your project's code by the final deadline.