CSE 481S: Computer Security Capstone (Winter 2019)


Deliverables


A list of deliverables and dates is below. Some details (e.g., dates, or what we ask for) are subject to change as the quarter progresses. We will provide finalized instructions in class.

All assignments are to be done in groups unless otherwise noted. It is sufficient for one group member to submit via Canvas; please note the names and UW Net IDs of all group members in your submission.

Please submit your files on Canvas unless otherwise specified.


Name: Project proposal
Type: Slides/Presentation
Deadline: Jan 11, 12pm
Percent of Total Grade: 1%

Before the first class, prepare (individually, not in groups) a one-slide pitch for a possible project. Sample projects include: password manager, secure email or messaging client, secure escrow for passwords in case of emergencies, mobile money application, web shopping cart, electronic voting system, two-factor authentication system, fake news detector. You may use the above list as inspiration, and your idea does not need to be original -- that is, it can be a better version of something that already exists (e.g., secure email client).

Also include in your single slide your name, and during your in-class presentation, please be prepared to introduce yourself and mention why you are taking this course.

Your submission should be a 1-slide PowerPoint file. Do not include any animations. We will load each presentation into a single slide deck, and automate timings to flip between presentations during class, to make sure that we remain on time. Each presentation will be given 3 minutes. You do not need to use all 3 minutes (we can advance the presentation if you finish early). The final slide deck will be shared with the whole class. If you would like to present more than one idea, you are welcome to do so, but you must still use only one slide, not have animations, and must use at most 3 minutes.


Name: Group selection and tentative project plan
Type: In Class
Deadline: Jan 14, 5pm
Percent of Total Grade: 0.5%

One group member should email course staff, cc’ing all other group numbers, with the following information: (a) your team name; (b) the names and UW net IDs of every group member; (c) a short description (one brief paragraph) of your tentative project.


Name: Project selection reflection
Type: In Class
Deadline: Jan 14, 5pm
Percent of Total Grade: 0.5%

On Canvas: individually, submit a short reflection (one brief paragraph) about what influenced your project choice and how the project changed from its initial presentation at the start of class, if at all. Describe the factors the lead to your current formulation of the project; some projects might closely reflect the original presentation in class; other projects might be the result of merging multiple projects; other projects might be the result of taking an initial project idea and evolving it through the in-class exercises; other projects might also be purely the result of the in-class exercises and peer dsicussions. (Examples of project choice influencers may include: you have done work in XXX previously and had already decided to work on something related, you knew you wanted to work with certain people before the class started, you had a conversation during the WYR activity that made you interested in someone’s project or changed your perspective on a project, someone’s project slide piqued your interest).


Name: Draft of Section 2-4, Appendix A.1
Type: Design Doc
Deadline: Jan 18, 12pm
Percent of Total Grade: 2.5%

See the design doc template for more details. This is a draft and does not need to be fully polished. These draft documents will be shared with other groups so that they can complete the threat modeling assignment for the following week.


Name: Presentation of Sections 2-4 of design doc
Type: Slides/Presentation
Deadline: Jan 18, 12pm
Percent of Total Grade: 1%

The slide deck should be short, not just a re-hash of what's in the document. Target an 8 minute presentation with 5 minutes for Q&A. These slides will be shared with other groups so that they can complete the threat modeling assignment for the following week.


Name: Implementation plan and git setup
Type: Implementation
Deadline: Jan 25, 12pm
Percent of Total Grade: 1.75%

(1) Submit a 1-2 page document containing a preliminary implementation plan. Includes planned time schedule and people assignments for different components of the project. The planned time schedule should note which portions (if any) of the implementation have already been completed.
(2) Get your gitlab setup working, do test comments. Please give the instructors access to the repository.


Name: Threat model analysis of other projects
Type: Peer Analysis
Deadline: Jan 25, 12pm
Percent of Total Grade: 5%

Document containing threat model analysis for each other group’s project (based on their draft documents and the slides that they presented last week). The specific format of the document will be made available the week before.


Name: Presentation of peer threat model analysis
Type: Slides/Presentation
Deadline: Jan 25, 12pm
Percent of Total Grade: 1%

Prepare ~1 slide for each other group’s project, summarizing your threat model analysis of that project. Target an 8 minute presentation with 5 minutes for Q&A.


Name: Threat model reflection
Type: In Class
Deadline: Jan 25, 5pm
Percent of Total Grade: 2%

This reflection should be a ~1 page written summary of the feedback you received from other groups, which (if any) new threats arose that you hadn’t already thought of, and what you found valuable about the peer threat modeling process.


Name: Meet with course staff about user-centered design activity (WYR or Security Cards or other) plan (Appendix A.1)
Type: Misc
Deadline: None -- no longer required
Percent of Total Grade: 1%

Meet with course staff for ~20 minutes to go over plan for WYR. The goals are to make sure the plan fits the project, and to identify any logistical issues/hurdles.


Name: Revisions to Sections 2-4, Appendix A (Appendix A.2-6 are new; A.6 is extra credit) (Appendix A changes now due on Feb 8, not today)
Type: Design Doc
Deadline: Feb 1, 12pm
Percent of Total Grade: 6.5% (Now 5%)

Revisions to these sections of the design doc based on the peer threat modeling process of the previous weeks, as well as your execution of the user centered design activity (WYR or security cards).


Name: Summary of implementation accomplishments so far
Type: Implementation
Deadline: Feb 1, 12pm
Percent of Total Grade: 1.75%

Submit a summary (~1 page, based on your implementation plan) of what you have accomplished up until now. If your recent efforts have been more focused on design than implementation, that is fine -- please just explain what you've been working on.


Name: Summary of work done during class time, and updated implementation plan
Type: Implementation
Deadline: Feb 1, 5pm
Percent of Total Grade: 1.75%

Today’s class is a work day. We encourage you to use this time to work on your implementation, as it is a time that you all have on your calendars, but we realize that groups may wish to reserve a significant amount of time on a different day or at a different time. At the end of the class period, please submit (1) a summary of what you did before 5pm on this date and (2) a revised implementation plan taking into account the progress you have made so far.


Name: Short update presentation #1
Type: Slides/Presentation
Deadline: Feb 8, 12pm
Percent of Total Grade: 1%

Prepare 1-2 slides updating us on your implementation progress, new problems/challenges encountered, design changes made, and any changes to the implementation plan/timeline. Target a 5-8 minute presentations with 5 minutes for Q&A or discussion.


Name: Draft of Section 5 (Now also Appendix A updates)
Type: Design Doc
Deadline: Feb 8, 12pm
Percent of Total Grade: 4.5% (Now 6%)

See the design doc template for more details. (You may also changes parts of Sections 2-4, as a result of the activity that you capture in Appendix A.)


Name: Demo presentation
Type: Slides/Presentation
Deadline: Feb 15, 12pm
Percent of Total Grade: 4%

At this point, you should have completed your preliminary implementation to the point of being able to give a demo (live or video) in class. Target a 5-8 minute presentation with 5 minutes for Q&A or discussion.


Name: Draft of Section 6.1
Type: Design Doc
Deadline: Feb 22, 12pm
Percent of Total Grade: 4.5%

See the design doc template for more details.


Name: Code prepared to share with analysis team
Type: Implementation
Deadline: Feb 22, 12pm
Percent of Total Grade: 10.5%

You should have code, documentation, and a test environment ready to hand off to another team that will be doing a security analysis of your project. More details TBD.


Name: Peer analysis doc + issues noted via gitlab
Type: Peer Analysis
Deadline: Mar 1, 12pm
Percent of Total Grade: 10%

We will provide you with a template for a peer security analysis document. Please also open issues on the project’s gitlab repository for anything that you identify through your analysis.


Name: Presentation of peer analysis
Type: Slides/Presentation
Deadline: Mar 1, 12pm
Percent of Total Grade: 1%

Prepare a presentation summarizing the security analysis you’ve done of another group’s project. Target a 5-8 minute presentations with 5 minutes for Q&A or discussion.


Name: Peer security analysis reflection
Type: In Class
Deadline: Mar 1, 5pm
Percent of Total Grade: 2%

Submit a ~1 page document summarizing the issues found by the other group’s analysis of your project. Include a prioritization of those issues and assignments to team members to address them.


Name: Short update presentation #2
Type: Slides/Presentation
Deadline: Mar 8, 12pm
Percent of Total Grade: 1%

Please prepare 1 slide [[update: small number of slides]] updating us on your progress, what you’ve fixed, and any challenges you’ve faced. Target a 5-8 minute presentation with 5 minutes for Q&A or discussion.


Name: Issues addressed and updated in gitlab
Type: Implementation
Deadline: Mar 8, 12pm
Percent of Total Grade: 8.75%

Address as many of the security issues raised by the peer analysis as you can, or explain why you have explicitly chosen not to address some of these issues. Use gitlab issues to ask for more details from the analysis team if necessary, and to track your progress.


Name: Final presentation
Type: Slides/Presentation
Deadline: Mar 15, 12pm
Percent of Total Grade: 5%

Final presentations should include a summary of the whole design, testing, and fixing process, as well as a live or video demo of your final product. Target a 15 minute presentation with 5 minutes for Q&A or discussion.


Name: Finished design doc (Sections 1, 6.2, 6.3 are new)
Type: Design Doc
Deadline: Mar 19, 8:20pm
Percent of Total Grade: 7%

See the design doc template for more details.


Name: Finished code + test environment
Type: Implementations
Deadline: Mar 19, 8:20pm
Percent of Total Grade: 10.5%

Complete all git commits to your project code, documentation, and test environment. We should be able to clone and run your project.


Name: Final reflection
Type: Misc
Deadline: Mar 19, 8:20pm
Percent of Total Grade: 3%

Individually, not in groups, submit a final reflection. This reflection should include:
(1) Notes on other presentations: suggestions for improvement if the project were to continue,
(2) Notes on own project: what would you still do if the project were to continue, and
(3) Reflections on the overall process: what worked well, didn’t work work, would you do differently next time.


Name: Summary of individual contribution
Type: Misc
Deadline: Mar 19, 8:20pm
Percent of Total Grade: 1%

Individually, not in groups, submit a ~1 page summary of your individual contribution to your group’s project.