Novel research topic relating to security evaluation methodologies

The project will consist of a written report. The subject of the report may be either a novel research topic relating to security evaluation methodologies or a systemization of knowledge.

Research papers should contain an element of security evaluation, and not merely demonstrate an attack, vulnerability, or tool for improving security. It can deal with any aspect of security: hardware (ASICs, smartcards, RFID, PUFs, etc.), firmware (embedded devices, medical devices, vehicles etc.), software (applications, operating systems, mobile, cloud computing, etc.), web (site vulnerabilities, cookies, etc.), networks (traffic analysis, censorship resistance, etc.), protocols (cryptographic protocols, provable security, HTTPS, email, etc.), procedures (airline, organizations, operational security, etc.), or data (privacy, deindentification, etc.).

Systemization of knowledge papers should survey a methodology or set of methodologies for security evaluation, while offering a useful perspective. They may also compare competing solutions to a security problem (or a problem with security considerations) by performing an extensive evaluation of each solution relative to each other. For a good example of this type of paper, see “The Quest to Replace Passwords” referenced in the second lecture.

You may work individually or in groups up to 5 people.

The report should be no more than 12 pages. This is a maximum and for projects by an individual, a shorter paper may be more appropriate. You can use any template with normal margins and font sizes.

To find resources on the subject, use Google and try scholar.google.com to find relevant research papers. When using these resources, you should look at the sources they themselves cite to discover the relevant sources. Be sure to cite all sources you use.