Project 1: Security Incident Tracking (COMP 5407 - Sept.2003)
Due:
Wednesday Oct. 15 in class (at the start of class). No extensions.
Carry out a 4-week watch of software security problems reported in the
real world and prepare a selective summary report.
The 4-week period is 12 Sept. (Friday noon) through 10 Oct. 2003 (Friday).
Here software security problems should be broadly interpreted to
include any security incidents affecting
user security or perception thereof, including system availability.
Begin by determining which web sites, mailing lists, or other
resources to use as your primary information sources.
For each of the 4 weeks, select one high-profile security incident which
either occurred during that week, was first publicly announced,
received major publicity, or appeared on a relevant security incident list
in an entry dated from that week.
Clearly identify the incident; explain why you chose it
(higher marks for the highest profile or most serious incidents);
explain the problem in detail (within space limit - see below),
e.g. what was exploited and the mechanism by which attackers succeeded;
and how the problem can be fixed or ameliorated (if possible).
Format and length:
Maximum overall length 20 pages.
Maximum 4 pages per incident; start each incident on a new page.
Begin with up to 2 pages of discussion comparing information sources
and recommending which are most helpful, etc.;
and finish with up to 2 pages of concluding remarks
including trends, concerns, your own reflections, etc.
Information sources:
Continuously updated lists of high-profile security incidents and
vulnerabilities are widely available,
including government-funded cites such as CERT
(www.cert.org/advisories
and
www.cert.org/nav/index_red.html);
sites from anti-virus vendors such as Symantec and McAfee;
sites from major software vendors such as Microsoft
(e.g. at
http://www.microsoft.com/technet,
in the left menu select "Security", then sub-select "Bulletins");
and the Internet Storm Center
http://isc.incidents.org
(supported by the SANS Institute).
These are examples only; you may find others to be superior.
Use your own explanations:
Most of this information will be available from online reports.
Don't plagiarize.
After locating and gaining an understanding of the appropriate information,
explain things in your own words with sufficient detail to
demonstrate your understanding.
Clarify technical jargon, operating system details, etc. sufficiently
to allow understanding by a computer science undergraduate.
Make explanations as self-contained as possible within the stated
limits; include additional background as necessary.
Cite your sources:
Clearly identify your primary information sources,
and explain why and how you selected them.
Seperately identify the specific sources used for information for each
of the 4 incidents you select.
This is an individual project.
Cite references within each incident summary.
Read the "Policy re: Unethical Behaviour" on the course web page.
All specific ideas obtained from other students or sources must be
cited as such.
Last updated: 8 September 2003 (11:00am)