CS 563 - Advanced Computer Security: Upcoming Project Milestones Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)
Project Milestones Throughout the remainder of the semester you will be incrementally building conference-style papers and presentations: • Oct. 26 : Abstract, Background, Related Work • Nov. 2 : Experimental Proposal • Nov 16 : Status Slides • Dec 7/12 : Project Presentation (In-Class) • Dec 18 : Term Paper Security & Privacy Research at Illinois (SPRAI) 2
Milestone #1 (Oct 26) Based on your project choice that has been approved by the teaching staff, prepare the following: • Abstract • Background • Related Work Format: LaTeX Two Column ACM • Viable template: https://github.com/acmccs/format Submission: Submit before class on Compass. Security & Privacy Research at Illinois (SPRAI) 3
Milestone #1 (Oct 26) HOW DO I ABSTRACT? • One (maybe two) paragraphs • The “Elevator Pitch” of your paper, should cover: 1. Area 2. Problem 3. Solution 4. Methodology 5. Results 6. Takeaway Security & Privacy Research at Illinois (SPRAI) 4
Milestone #1 (Oct 26) WHY START WITH BG + RW? 1. Be smart and conduct a literature survey so that you can understand the space before committing to a research direction. 2. Easiest part of the paper to write. Once they’re ‘locked in’ there is no need to change them, so it’s best to get them out of the way. Security & Privacy Research at Illinois (SPRAI) 5
Milestone #1 (Oct 26) HOW DO I BACKGROUND? • What knowledge does a reviewer need to possess before they can evaluate your work? • Concept-driven, not paper-driven • Specifications, RFCs, Schematics, Workflows • Citation Density: Low - Medium • Examples from our class: A Placement Vulnerability Study -> Public Clouds, Placement Policies, Launch • Strategies Co-Residency Detection Draco -> WebView Implementation, WebView API, Javascript and HTML5 • Security & Privacy Research at Illinois (SPRAI) 6
Milestone #1 (Oct 26) HOW DO I RELWORK? • Goals: • Demonstrate understanding of area • Distill prior work into easily understood taxonomy • Identify gaps in the literature, differentiate your idea • Appease your reviewers by citing their work • Citation Density: High • Requirement for your submission: 25 peer-reviewed citations • Quantity != Quality, but it’s a start Security & Privacy Research at Illinois (SPRAI) 7
Milestone #1 (Oct 26) RELWORK EXAMPLE • DRACO -> “ Vulnerability of WebViews has been extensively discussed by previous work [7, 8, 1, 9, 10]. In [7], the authors present several classes of attacks that can be launched against apps that use WebViews. Chin et al. present a static analysis tool that can identify whether an app is vulnerable to WebView attacks [8]. Mutchler et al. present a large-scale analysis on mobile web applications, and present the trend of vulnerabilities in these applications. None of these work implement any defense mechanism targeting WebViews [1]. In [27], the authors present an access control mechanism for WebViews. Their approach uses static analysis to identify the use of security-sensitive APIs in the exposed Java class, and notifies the user if any such use is found. The user is then prompted to allow or completely block the binding of the Java object. The main drawback of this approach is that after the user allows the binding, they do not provide any originbased access control, so all the origins still have the same access rights. Additionally, their focus is only on the permission-protected resources.” Security & Privacy Research at Illinois (SPRAI) 8
Milestone #2 (Nov 2) • Last submission we “locked in” the background and related work sections of our paper. This submission will be a living document as you begin to do the real work. • Purpose: Tell me specifically what are you doing to DO in your project • Format: Add a new section called “Experimental Proposal” to your LaTeX document from Milestone #1. • Submission: Submit before class on Compass. Security & Privacy Research at Illinois (SPRAI) 9
Milestone #2 (Nov 2) Be sure to include: • Hypothesis: Based on what you’ve learned so far, “commit” to a prediction that is the basis of your paper. What does a hypothesis in a defensive paper look like? • • Methodology and/or Design: What techniques are you going to use? How are you going to use them? Will you leverage existing tools? Convince me that you will succeed in executing your methodology. • Evaluation and/or Analysis: How will you determine the extent to which you have succeeded in your goal? Security & Privacy Research at Illinois (SPRAI) 10
Milestone 3: Status Slides • Two Objectives: 1. Force you to begin preparing your presentation : ) 2. Report on the progress of your project • 4-5 slides will suffice: • Slide 1: Draft of Motivation slide (Objective #1) • Slide 2: Draft of Introduction slide (Objective #1) • Slide 3: Draft of Background slide (Objective #1) • Slide 4: Research Tasks Accomplished(Objective #2) • Slide 5: Research Tasks Remaining (Objective #2) • Look ahead to project presentation requirements for guidance on slides 1-3. Security & Privacy Research at Illinois (SPRAI) 11
Project Presentation • Objective: Deliver a conference-quality short talk • 10 Minute time slot (7 minutes presenting, 3 Q&A) • Only 7 minutes! Easy, right…? • Nope. Short talks are much harder than long ones • The easiest way to lose points will be for failing to deliver a *complete* presentation in the allotted time. • If you’re less familiar with research presentations, watch some video recordings from conferences • Practice! Partially memorize your talk and clock it to make sure it comes in at 7 minutes. Security & Privacy Research at Illinois (SPRAI) 12
Project Presentation • At 7 minutes, you should have ~7 slides (1 minute/slide) • A viable slide deck layout: 1. Motivation 2. Introduce your project 3. Cover background concept (if needed) 4. Present your design/methodology 5. Continue presenting design/methodology 6. Share one evaluation result 7. Conclude, or discuss your future plans for project • Not everything in your term paper needs to be in your presentation. You will need to make some tough editorial decisions in order to deliver a compelling presentation. Security & Privacy Research at Illinois (SPRAI) 13
Final Deliverable Submit (on compass) a tarball containing: • PDF of your final paper • PDF of your final presentation slides • Project source code and/or materials (e.g., survey) • Should read like a conference-quality submission. I will (in part) approach • grading like I would as a program committee member. Structure: Follow a paper layout that we have seen in this course that is • well-suited for your project. You already have your BG and related works, expecting a quality • Introduction Section as well as appropriate combination of the following: Design/Methodology, Implementation, Evaluation and/or Analysis. • Strategy — find an assigned paper you liked, and imitate Security & Privacy Research at Illinois (SPRAI) 14
Final Deliverable • Discussion Section — required! • A good opportunity to recover points for teams that ended up with negative results or didn’t get as far as they wanted (probably everyone). • What were the limitations of your study? How could they be overcome in future studies? • What are the next steps following this project? Important unanswered questions? Future work? • Of course, if you have positive results, discuss their implications! Security & Privacy Research at Illinois (SPRAI) 15
Final Deliverable Minimum acceptable standards: • • At least 6 pages in ACM conference two column format (excluding references). More OK, but cap at 10. • Paper should make good use of these 6 pages. • • PDF compiled in LaTeX • Provides correct and complete citations for referenced work • Includes illustrative figures and tables that help to explain the paper “Filler” figures (i.e., too large, not useful, pointless screen • captures) will lose you points. Security & Privacy Research at Illinois (SPRAI) 16
Recommend
More recommend
