CSE 481S: Computer Security Capstone (Fall 2019)


Deliverables


A list of deliverables and dates is below. Some details (e.g., dates, or what we ask for) are subject to change as the quarter progresses. We will provide finalized instructions in class.

All assignments are to be done in groups unless otherwise noted. It is sufficient for one group member to submit via Canvas; please note the names and UW Net IDs of all group members in your submission.

Please submit your files on Canvas unless otherwise specified.


Name: Project proposal
Type: Slides/Presentation
Deadline: Oct 1, 10am
Percent of Total Grade: 1%

Before the first class, prepare (individually, not in groups) a one-slide pitch for a possible project. Sample projects include: password manager, secure email or messaging client, secure escrow for passwords in case of emergencies, mobile money application, web shopping cart, electronic voting system, two-factor authentication system, fake news detector. You may use the above list as inspiration, and your idea does not need to be original -- that is, it can be a better version of something that already exists (e.g., secure email client). It should be something that you're excited about building and that has a non-trivial need for security.

Also include in your single slide your name, and during your in-class presentation, please be prepared to introduce yourself and mention why you are taking this course.

Your submission should be a 1-slide PowerPoint or similar file. Do not include any animations. We will load each presentation into a single slide deck, and automate timings to flip between presentations during class, to make sure that we remain on time. Each presentation will be given 3 minutes, but you do not need to use all 3 minutes. The final slide deck will be shared with the whole class. If you would like to present more than one idea, you are welcome to do so, but you must still use only one slide, not have animations, and use at most 3 minutes.


Name: Group selection and tentative project plan
Type: In Class
Deadline: Oct 3, 5pm
Percent of Total Grade: 0.5%

One group member should email course staff, cc’ing all other group numbers, with the following information: (a) your team name; (b) the names and UW net IDs of every group member; (c) a short description (one brief paragraph) of your tentative project.


Name: Project selection reflection
Type: In Class
Deadline: Oct 3, 5pm
Percent of Total Grade: 0.5%

On Canvas: individually, submit a short reflection (one brief paragraph) about what influenced your project choice (e.g., interest in a topic or technology, desire to work with a specific person) and how the project changed from its initial presentation at the start of class, if at all (e.g., by merging projects or new brainstorming in post-class discussion).


Name: Draft of Section 2-4
Type: Design Doc
Deadline: Oct 8, 10am
Percent of Total Grade: 3%

See the design doc template for more details. This is a draft and does not need to be fully polished. These draft documents will be shared with other groups so that they can complete the threat modeling assignment for the following week.


Name: Presentation of Sections 2-4 of design doc
Type: Slides/Presentation
Deadline: Oct 8, 10am
Percent of Total Grade: 1%

The slide deck should be short, not just a re-hash of what's in the document. Target an 8 minute presentation with 5 minutes for Q&A. These slides will be shared with other groups so that they can complete the threat modeling assignment for the following week.


Name: Implementation plan and git setup
Type: Implementation
Deadline: Oct 15, 10am
Percent of Total Grade: 1.75%

(1) Submit a 1-2 page document containing a preliminary implementation plan. Includes planned time schedule and people assignments for different components of the project. The planned time schedule should note which portions (if any) of the implementation have already been completed.
(2) Get your gitlab setup working, do test commits or other activities. Please give the instructors access to the repository.


Name: Threat model analysis of other projects
Type: Peer Analysis
Deadline: Oct 15, 10am
Percent of Total Grade: 5%

Document containing threat model analysis for three other groups' projects (based on their draft documents and the slides that they presented last week). You should submit a document that follows the format in the following template: https://docs.google.com/document/d/1EJYSyBSG5uN0jwar0kF4NIV6nNW_psQHoKedSGMleO4/edit?usp=sharing. We will assign specific groups to you (3 each) during class.


Name: Presentation of peer threat model analysis
Type: Slides/Presentation
Deadline: Oct 15, 10am
Percent of Total Grade: 1%

Prepare ~1 slide for each other group’s project, summarizing your threat model analysis of that project. Target an 8 minute presentation with 5 minutes for Q&A.


Name: Threat model reflection
Type: In Class
Deadline: Oct 16, 11:59pm
Percent of Total Grade: 2%

This reflection should be a ~1 page written summary of the feedback you received from other groups, which (if any) new threats arose that you hadn’t already thought of, and what you found valuable about the peer threat modeling process.


Name: Revisions to Sections 2-4
Type: Design Doc
Deadline: Oct 22, 10am
Percent of Total Grade: 4%

Revisions to these sections of the design doc based on the peer threat modeling process of the previous weeks.


Name: Summary of implementation accomplishments so far
Type: Implementation
Deadline: Oct 22, 10am
Percent of Total Grade: 1.75%

Submit a summary (~1 page, based on your implementation plan) of what you have accomplished up until now. If your recent efforts have been more focused on design than implementation, that is fine - please just explain what you've been working on.


Name: Stakeholder analysis reflection
Type: In Class
Deadline: Oct 22, 5pm
Percent of Total Grade: 2%

This relfection should be a ~1 page written summary of what you learned from the stakeholder analysis activity, and how it will impact your threat model and/or design plans.


Name: Additional revisions to Sections 2-4
Type: Design Doc
Deadline: Oct 23, 5pm
Percent of Total Grade: 1%

Revisions to these sections of the design doc based on the stakeholder analysis activity.


Name: Short update presentation
Type: Slides/Presentation
Deadline: Oct 29, 10am
Percent of Total Grade: 1%

Prepare 1-2 slides updating us on your implementation progress, new problems/challenges encountered, design changes made, and any changes to the implementation plan/timeline. Target a 5-8 minute presentations with 5 minutes for Q&A or discussion.


Name: Draft of Section 5
Type: Design Doc
Deadline: Nov 5, 10am
Percent of Total Grade: 4.5%

See the design doc template for more details.


Name: Demo presentation
Type: Slides/Presentation
Deadline: Nov 5, 10am
Percent of Total Grade: 5%

At this point, you should have completed your preliminary implementation to the point of being able to give a demo (live or video) in class. Target a 5-8 minute presentation with 5 minutes for Q&A or discussion.


Name: Draft of Section 6.1
Type: Design Doc
Deadline: Nov 12, 10am
Percent of Total Grade: 4.5%

See the design doc template for more details.


Name: Code prepared to share with analysis team
Type: Implementation
Deadline: Nov 12, 10am (NOTE: Part due by 11:59pm on Nov 11)
Percent of Total Grade: 10.5%

You should have code, documentation, and a test environment ready to hand off to another team that will be doing a security analysis of your project. The design doc you turn in for the Section 6.1 checkpoint will be shared with your analysis team, and you will spend time in class granting them access to your gitlab repository and answering their setup questions, if needed. By 11:59pm on November 11, please submit: (a) A list of technical requirements for your analysis team (e.g., Windows, Linux, MacOS, Android, iOS, certain software, etc.) (b) A list of the technical capabilities of your team (i.e., what devices you have that you can use to test other projects).


Name: Peer analysis doc + issues noted via gitlab
Type: Peer Analysis
Deadline: Nov 19, 10am
Percent of Total Grade: 10%

Please use this template for your peer security analysis document. Please also open issues on the project’s gitlab repository for each of the issues you investigate (regardless of the outcome of that investigation).


Name: Presentation of peer analysis
Type: Slides/Presentation
Deadline: Nov 19, 10am
Percent of Total Grade: 1%

Prepare a presentation summarizing the security analysis you’ve done of another group’s project. Target a 5-8 minute presentations with 5 minutes for Q&A or discussion.


Name: Peer security analysis reflection
Type: In Class
Deadline: Nov 19, 5pm
Percent of Total Grade: 2%

Submit a ~1 page document summarizing the issues found by the other group’s analysis of your project. Include a prioritization of those issues and assignments to team members to address them.


        Name: Summary of work done during class time, and updated implementation plan       
Type: Implementation       
Deadline: Nov 26, 5pm       
Percent of Total Grade: 1.75%       

        Today’s class is a work day. We encourage you to use this time to work on your implementation, as it is a time that you all have on your calendars, but we realize that groups may wish to reserve a significant amount of time on a different day or at a different time. At the end of the class period, please submit (1) a summary of what you did before 5pm on this date and (2) a revised implementation plan taking into account the progress you have made so far.       


Name: Issues addressed and updated in gitlab
Type: Implementation
Deadline: Dec 3, 10am
Percent of Total Grade: 8.75%

Address as many of the security issues raised by the peer analysis as you can, or explain why you have explicitly chosen not to address some of these issues. Use gitlab issues to ask for more details from the analysis team if necessary, and to track your progress.


Name: Final presentation
Type: Slides/Presentation
Deadline: Dec 3, 10am
Percent of Total Grade: 5%

Final presentations should include a summary of the whole design, testing, and fixing process, as well as a live or video demo of your final product. Target a 15 minute presentation with 5 minutes for Q&A or discussion.


Name: Finished design doc (Sections 1, 4.Z, 6.2, 6.3 are new)
Type: Design Doc
Deadline: Dec 10, 11:59pm
Percent of Total Grade: 8%

See the design doc template for more details. Please note that this template has been updated to include Section 4.Z.


Name: Finished code + test environment
Type: Implementation
Deadline: Dec 10, 11:59pm
Percent of Total Grade: 10.5%

Complete all git commits to your project code, documentation, and test environment. We should be able to clone and run your project.


Name: Final reflection
Type: Misc
Deadline: Dec 10, 11:59pm
Percent of Total Grade: 2%

Individually, not in groups, submit a final reflection. This reflection should include:
(1) Notes on other presentations: suggestions for improvement if the project were to continue,
(2) Notes on own project: what would you still do if the project were to continue, and
(3) Reflections on the overall process: what worked well, didn’t work well, would you do differently next time.


Name: Summary of individual contribution
Type: Misc
Deadline: Dec 10, 11:59pm
Percent of Total Grade: 1%

Individually, not in groups, submit a ~1 page summary of your individual contribution to your group’s project.