1 / 13

Team Project

Team Project. Investigate, Discover, Formulate, Propose. "If we knew what it was we were doing, it would not be called research, would it?“ ‐ Albert Einstein. The Project Goal. Apply security at the design level by: Investigating a technology;

art
Télécharger la présentation

Team Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Team Project Investigate, Discover, Formulate, Propose

  2. "If we knew what it was we were doing, it would not be called research, would it?“ ‐ Albert Einstein

  3. The Project Goal • Apply security at the design level by: • Investigating a technology; • Discovering its foundations, components and usefulness; • Formulating its application in a new way; and • Propose changes

  4. Security Research • Computer Science • The formalists • Those who work from a mathematical/theoretical tradition • Assumes that the world is well-modelled by simple theories • The empiricists • Those who are usually very careless about their experimental designs • They don't usually bother to formulate a hypothesis • The engineers • Those who often don't actually have a stakeholder, but instead do some sort of hack and then argue it • Essentially as a philosopher • Information Systems • Formalized methodologies • Such as • Nunamaker, J., Chen, M., and Purdin, T., “Systems Development in Information Systems Research”, Journal of Management Information Systems, 7(3) (1991).

  5. Optional Research Readings • Dieter Gollmann. “Security Models.” The history of information security: a comprehensive handbook (2007): 623 • Dodig-Crnkovic, Gordana. "Scientific methods in computer science." Proceedings of the Conference for the Promotion of Research in IT at New Universities and at University Colleges in Sweden, Skövde, Suecia. 2002. • Akhawe, Devdatta, and Adrienne Porter Felt. "Alice in warningland: A large-scale field study of browser security warning effectiveness." Proceedings of the 22th USENIX Security Symposium. 2013.

  6. Pre-research Research • Use this approach LOOSELY and lets see what develops • Often as researchers we need to formulate a basic understanding before we engage in a research project • That’s what this project is about Nunamaker, Chen, and Purdin(1991)

  7. Project Orientation • The development of mobile applications is an ever expanding domain. • These applications continue to expand their integration with larger data systems and greater connectivity. • With the proliferation of more sophisticated malware, a major concern is the secure design of said applications. • For this semester long project, your team will be conducting a series of efforts that will culminate in a report that will demonstrate the need to comprehensively consider and integrate security into the development of mobile applications.

  8. Phase 1 – Initial Design • Initially, your team will begin by identifying the services and mechanisms needed to secure a simple file transfer between devices • In essence, what is being asked for is the ability to create a recording or voice message on a mobile device and transfer said message to another mobile device in a secure manner • This message must be delivered via any wireless transfer medium available that exists between mobile devices (i.e. cellular, WiFi, NFC, Bluetooth, etc.) • The design must include ALL of the following security services: • Confidentiality • Integrity • Authentication • non-repudiation • access control • Auditing • Availability

  9. Phase 2 - Artefact • In this phase your team will select one of the required security services proposed in phase 1 (except availability) and build a proof of concept that incorporates all the mechanisms and protocols that are available in either the iOS or Android development kits (i.e. your team’s choice) • The goal here is to build an artefact that represents one security aspect in the use of mobile file transfers between devices that maximises pre-built mechanisms and protocols in this environment • Your team must identify the processes, mechanisms and protocols used to generate the message and secure the transfer in a report • This report must stand on its own as a document

  10. Phase 3 – Analysis and Proposal • In this phase your team will conduct an analysis of the differences and discrepancies between theoretical security design and the development realities that currently exist • Including important information from previous phases, your team must now streamline the previous phases and assemble a proposal for mitigating those things that are lacking in mobile security development • This proposal needs to clearly identify what your team has discovered as the best approaches to securing mobile applications and the foundational technologies they reside on • This report must stand on its own as a document

  11. Deliverables – Phase 1 • Each team will need to research mobile device wireless technologies and identify what security services, mechanisms and protocols are available for each • What is not available for each • Apply these to your file transfer example in a report • Formal report • Bound with a cover page • Table of contents • Diagrams, charts, tables, etc • Appendix • References (properly formatted) • Peer evaluation

  12. Project Team • Each team will select their own members and appoint a team captain • This is the person who handles all team project communications with me, AND cc’s all team members when doing so • See me privately for more serious team issues • All members of the team are required to “pull their own weight” in completing the project phases for the full semester • Failure to pull your weight may result in being fired from your team AND a reduced grade for any given phase report • Peer reviews are acknowledged with initials on the reports • The number of members per team will be assigned in class based on total enrolment • Let’s decide now

  13. Questions?

More Related