Learning Outcomes
This assignment addresses the following learning outcomes:
Evaluate approaches to the management of IT Security
Investigate, summarise and review contemporary topics in IT security
Apply ideas from research and current practices to address problems of IT system security
Assignment Description
This assignment is individual, You have to write a paper with a total size of 2400 words in the ACM SIG template (excluding references). Please check the Section 5 for more info on the template.
Research Paper Structure
The paper should contain at least the following sections. Note that you may add sections and subsections to improve the paper and its structure; for example, you may want to organise the literature review in sub-sections.
An abstract provides a compact summary of the report, which hightlight what you have done, and usually include the major findings and their significance. It is very important that based on the abstract a reader should be able to tell whether your paper will be useful to them. (ideally 200-300 words)
An introduction summarizes your research question and its context/ background (such as trends, statistics, recent developments in the field), the practical relevance of this question, the initial goal of your paper (how you expected to answer your research question), the relevance of the question for practitioners or researchers, how you did answer your question, and how the paper is structured.
A critical analysis of existing literature relevant to your research question. Identify any interesting results, insights, how effective are the proposed methods, and their limitations. Where applicable, also review relevant practices from high quality sources. Additionally, consider the extent to which methods proposed in research papers have been tested in industry. Due to the constraint on page number, only consider the most relevant, recent papers in the field.
Based on the drawbacks and limitation identified in this field, propose and discuss a possible (future) direction to improve or overcome some of these drawbacks. You may also discuss the mitigations or counter measures collected from research and/or current practices that minimise or avoid issues identified by the literature review.
Note that you do not have to develop a method (since it is out of scope of this assignment), but only provide some interesting thoughts and discussion on a possible direction (i.e., mainly expressing your idea).
A conclusion drawing conclusions about what you have achieved, reflecting on your initial goal, and summarize the main findings.
3 Selecting a Research Topic
The following research questions are provided to give you an idea of the type of question that you are expected to answer. Before you start, you should locate a paper that will help you to find other papers.
Important: Let your tutor know about your chosen topic before you start.
You should specify a research question, and you should narrow down the topic. Otherwise, you will run out of space quickly.
3.1. Web Security
Phishing attack
SQL injection
Cross site scripting (XSS)
Cross site request forgery (CSRF)
Browser security
Certificate vulnerabilities (e.g., Heartbleed bug)
Typosquatting
3.2. Coping with Internal Attackers/Threats
Based on honeynet/honeypot/honeytokens
Based on trap documents
Based on intrusion detection system (IDS)
3.3. Authentication Methods
Multi-factor authentication
CAPTCHA
Biometric authentication
Graphical Passwords
Shoulder Surfing
Single Sign On (SSO)
3.4. Security and Privacy of Cloud services
Client-side/end-to-end encryption vs. server side encrytion scheme
Privacy and accountability of cloud services
from the data subjects (user), data controller (service provider), and legal perspective.
Big data problem in cloud computing and storage
Data theft in cloud (e.g., Fog computing)
Automated malware analysis in the cloud
Health-care management in the cloud
3.5. Advanced Persistent Threats (APT)
Zero-day type attacks and their detection
coping with attacks based on zero-day or unknown vulnerabilities
3.6 Botnets
Detecting and mitigating botnets
Online social networks based command and control (C&C) methods and detection
3.7 Smart City Security (IoT)
Secure vehicular communications
Security of smart road traffic control systems
3.8 Security and Privacy in Social Networks
Centralized and decentralized (peer 2 peer) social networks
Privacy and accountability of social networks
from the data subjects (user), data controller (service provider), and legal perspective.
Protecting children in online social networks
Crowdturfing activities in online social networks and detection
Sybil (fake) account problem in online social networks and detection
3.9 Mobile Security
Privilege escalation attacks
Android security problems
IOS security problems
3.10 Firewall, IDS Security
Firewall/IDS misconfiguration problems
Inconsistency/Anomaly in firewall and IDS rulesets
Conformation between high-level firewall/IDS policy and low-level firewall/IDS configuration
3.11 Hardware security modules (HSM)
Security of Banking Hardware Security Modules
Security HSM API analysis
3.12 Shilling attacks against recommender systems
How effective are recommender systems against shilling attack
E.g., Amazon, Netflix
TOP CONFERENCES AND JOURNALS IN CYBER SECURITY AND PRIVACY
You may browse the websites of the following top conferences and journal for the most relevant related works. Note that each conference and journal have a different version each year, e.g., CCS 2014, CCS 2015, etc., therefore you can Google based on the conference name + year + keywords. Also, keep in mind that these are only recommendation, you are allowed to work with papers from other places.
ACM Conference on Computer and Communications Security (CCS)
USENIX Security Symposium (USENIX)
IEEE Symposium on Security and Privacy
Network & Distributed System Security Symposium (NDSS)
European Symposium on Research in Computer Security (ESORICS)
ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC)
ACM Symposium on Information, Computer and Communications Security (ASIACCS)
Privacy Enhancing Technologies Symposium (PETS)
Workshop on Privacy in the Electronic Society (WPES)
Annual Privacy Forum (APF)
Black Hat
DEF CON
IEEE Transactions on Information Forensics and Security Journal
IEEE Security & Privacy Journal
TDSC - IEEE Transactions on Dependable and Secure Computing Journal
TISSEC - ACM Transactions on Information and System Security Journal
IEEE Communications Magazine
ACM Computing Surveys (CSUR)
Penalty
For every 10% you exceed your word limit, you will have 10% of your marks removed until a maximum of 100%. Your word limit does not include references, but does include citations (quotes).
6 Late work
Late work must be submitted to eLearn in the required assignment slot.
6.1. Penalties for late submission
Except where an extension of the hand-in and presentation deadline dates has been approved (using extenuating circumstances forms), lateness penalties will be applied in accordance with University policy as shown in Table 12.
Table 1: Late submission penalty
7. Mitigating circumstances
Extensions are granted when there are serious and exceptional factors outside your control. Everyday occurrences such as colds and hay fever do not normally qualify for extensions. Where possible, requests for extensions should be made before the hand-in date.
Information about how to submit :
9 Unfair Means to Enhance Performance
The University operates an electronic plagiarism detection service (Turnitin) where your work will be automatically uploaded, stored and cross-referenced against other material. You should be aware that the software searches the World Wide Web, extensive databases of reference material and work submitted by members of the same class to identify duplication.
To avoid accusations of plagiarism, give an in-text citation and provide bibliographic details of any source used in the references list. Remember that you can reuse ideas from different sources but not literal text.
10 Reassessed Work
Reassessment in written examinations and coursework is at the discretion of the Course Assessment Board and is dealt with strictly in accordance with University policy and procedures. Revision classes for referrals will take place during ’reassessment revision, appeals and guidance week’ as marked on the academic calendar.
The mark for the reassessed module is subject to a maximum of 50%.
Please see the UCLAN Academic Regulations and Assessment Handbook for information and penalties related to “unfair means to enhance performance”3.
HELP AND SUPPORT Please edit the below to describe how any questions arising from this assessment brief should be handled – e.g. tutorials in seminars, online forum, etc.
| |
| |
| |
Disclaimer: The information provided in this assessment brief is correct at time of publication. In the unlikely event that any changes are deemed necessary, they will be communicated clearly via e-mail and a new version of this assessment brief will be circulated. | Version: 1 |
MARKING SCHEME
CO4510 Assignment
Student:
To be awarded a failing grade (less than 50%) your work will not have met the required standard. The following (non-exhaustive) list contains examples that may cause your work to fail (several of the following points together would lead to a fail).
|
To be awarded a pass mark (52, 55, 58) your work will be of a competent standard.
Can exceed slightly the word limit (2400 words +10%).
Your report structure, writing style (compact/focused), referencing quality/quantity will be used to determine whether you receive a low (52), mid (55) or high (58) pass grade.
|
To be awarded a merit grade (62, 65, 68) your work will be of a very good standard.
Your report structure, writing style (professional/compact/focused) and referencing quality/quantity will be used to determine whether you receive a low (62), mid (65) or high (68) merit grade.
|
To be awarded a distinction grade (74, 80, 87, 94, 100) your work will be of a very good standard.
Your report structure, writing style (professional/compact/focused) and referencing quality/quantity will be used to determine whether you receive a low (74), mid (87) or high (94, 100) distinction grade.
|
0 comments:
Post a Comment