Project 1: Security Incident Tracking (COMP 5407 - Sept.2003)
Due: Wednesday Oct. 15 in class (at the start of class). No extensions.

Carry out a 4-week watch of software security problems reported in the real world and prepare a selective summary report. The 4-week period is 12 Sept. (Friday noon) through 10 Oct. 2003 (Friday). Here software security problems should be broadly interpreted to include any security incidents affecting user security or perception thereof, including system availability. Begin by determining which web sites, mailing lists, or other resources to use as your primary information sources. For each of the 4 weeks, select one high-profile security incident which either occurred during that week, was first publicly announced, received major publicity, or appeared on a relevant security incident list in an entry dated from that week. Clearly identify the incident; explain why you chose it (higher marks for the highest profile or most serious incidents); explain the problem in detail (within space limit - see below), e.g. what was exploited and the mechanism by which attackers succeeded; and how the problem can be fixed or ameliorated (if possible).

Format and length: Maximum overall length 20 pages. Maximum 4 pages per incident; start each incident on a new page. Begin with up to 2 pages of discussion comparing information sources and recommending which are most helpful, etc.; and finish with up to 2 pages of concluding remarks including trends, concerns, your own reflections, etc.

Information sources: Continuously updated lists of high-profile security incidents and vulnerabilities are widely available, including government-funded cites such as CERT (www.cert.org/advisories and www.cert.org/nav/index_red.html); sites from anti-virus vendors such as Symantec and McAfee; sites from major software vendors such as Microsoft (e.g. at http://www.microsoft.com/technet, in the left menu select "Security", then sub-select "Bulletins"); and the Internet Storm Center http://isc.incidents.org (supported by the SANS Institute). These are examples only; you may find others to be superior.

Use your own explanations: Most of this information will be available from online reports. Don't plagiarize. After locating and gaining an understanding of the appropriate information, explain things in your own words with sufficient detail to demonstrate your understanding. Clarify technical jargon, operating system details, etc. sufficiently to allow understanding by a computer science undergraduate. Make explanations as self-contained as possible within the stated limits; include additional background as necessary.

Cite your sources: Clearly identify your primary information sources, and explain why and how you selected them. Seperately identify the specific sources used for information for each of the 4 incidents you select. This is an individual project. Cite references within each incident summary. Read the "Policy re: Unethical Behaviour" on the course web page. All specific ideas obtained from other students or sources must be cited as such.

Last updated: 8 September 2003 (11:00am)