Log in
Skip to sidebar
Skip to main content
MIT Wiki Service
Spaces
Create
Create
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
About Confluence
Log in
6.858
Pages
Home
net.customware.confluence.plugin.scaffolding.action.CopyScaffoldContentAction.action.name
search
attachments
weblink
advanced
image-effects
image-attributes
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
Colour picker
More colours
Formatting
Strikethrough
Subscript
Superscript
Monospace
Clear formatting
Bullet list
Numbered list
Task list
Outdent
Indent
Align left
Align center
Align right
Page layout
Link
Table
Insert
Insert content
Files and images
Link
Markup
Horizontal rule
Task list
Date
Emoticon
Symbol
Insert macro
User mention
Table Plus
SQL Query
Gliffy Diagram
Info
Status
Gallery
Table of Contents
LaTeX Math Block
LaTeX Math Inline
LaTeX Unit
Forms
Other macros
Page layout
No layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard shortcuts help
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account.
This page is also being edited by
. Your changes will be merged with theirs when you save.
<p>Please fill in your name, email address, and general idea you'd like to explore for your final project.</p> <p>Michael McCanna <acrefoot@mit.edu>, Duncan Townsend <duncant@mit.edu>: Implementing a deniable steganographic filesystem (possibly in a FUSE module). The medium for the stenography is MP3 files, or possibly certain video files (for larger filesystems).</p> <p>Ben Bitdiddle <benbit@mit.edu>: Helping Android users track what permissions each application exercises over time.</p> <p>Paul Medlock-Walton <paulmw@mit.edu>: Add security to communications between mobile phones and the server when playing a geo-location multiplayer game using TaleBlazer <a href="http://education.mit.edu/projects/taleblazer">http://education.mit.edu/projects/taleblazer</a> (Need 1 more person, server and mobile code both in JavaScript)</p> <p>Ilia Lebedev <ilebedev@mit.edu> I would like to Implement dynamic permissions in android: in addition to asking the user to approve permissions during installation, high-risk permissions must be prompted when the application generates an intent. The user can chose to deny or approve the intent, and to optionally remember his decision for current session, for current version of the app, or forever. This approach to access control may or may not require that the intent be handled in a safe way, even if denied, if the application blocks and waits for a response . If time permits, I would also like to explore fine-grained network access policies in Android. I believe it may be possible to construct a demo in google's emulator, or even on a dev phone.</p> <p>Emily Stark <estark@mit.edu>, Meelap Shah <meelap@mit.edu>: We plan to build a tool to convert existing web apps into a form that provides data confidentiality guarantees to clients. Our tool will take as input server side code and partition it into two pieces; one piece will remain on the server and the other will be pushed to the client. Data fields containing sensitive client data will be encrypted on the client so that nothing is revealed to the server. The code will be partitioned so that the piece that remains on the server can operate on ciphertext. This will maintain the application's functionality while providing the confidentiality guarantees we desire.</p> <p>Isaac Gutekunst <igutek@mit.ed>, Jelle van den Hooff <jelle@mit.edu>: We would like to create an application framework that performs tainting of all data, and allows controlled inter-application communication. The framework may allow the concept of a secure clipboard that allows pasting between certain privileged applications. For example, copying from a list of quiz solutions, and a pasting into a new quiz would be allowed, but copying answers into a quiz would not.</p> <p>Ryan Lopopolo <lopopolo@mit.edu>, Edgar Salazar <esalazar@mit.edu>, William Ung <willcu@mit.edu>: We would like to allow users to revoke a subset of dangerous android permissions on a per app basis. We will wrap applications in their own sandboxes and interpose on their intents, possibly redirecting them to dummy services.</p> <p>Josh Hodosh <jo21979@mit.edu>, Philip Marquardt <ph22824@mit.edu>, Michael Specter <mi22536@mit.edu>, Frank Moda <fr21205@mit.edu>: Examine the security of NFC in Android mobile phones with respect to the digital wallet. Exploit any potential vulnerabilities and offer mitigation techniques. </p> <p>Adin Schmahmann <adin@mit.edu>: I'd like to work on creating a GUI for defining dependencies to help with specifying security considerations. However, if anyone would be interested in createing a version of UserFS, but using capabilities, or finding a way to properly sandbox a web browser binary let me know. </p> <p>Katherine Fang <katfang@mit.edu>, Yuzhi Zheng <yuzhi@mit.edu>, Deb Hanus <dhanus@mit.edu>, Elizabeth Hawkins <elhawk@mit.edu>: Examining the security of Google's Chromebook laptops.</p> <p>Eva Rose <evarose@mit.edu> : To allow safe mobile code-exchange between Android components, for example, to permit sending callback code fragments that avoid unnecessary, actual callbacks. </p> <p>Matthew Falk<mfalk@mit.edu>, Ryan Terbush<rterbush@mit.edu>, Arkady Blaykher<rkadyb@mit.edu>: Exploiting human physiology to enhance security of otherwise trivially guessed passwords by adding timing analysis to password inputs.</p> <p>Mark Zhang <mzhang@mit.edu> (Jet) Sizhi Zhou <zhou2011@mit.edu>: Implement a predicate encryption file system, which will allow a master to give parties different file permissions with only one encryption key. Looking to implement on a service such as Dropbox, using Python.</p> <p>Madars Virza <madars@mit.edu>: I would like to add a polymorphic backend to LLVM, which could be used to generate deeply watermarked code. Alternatively I would like to work on the PKI problem by implementing additional kinds of notaries for Convergence like SSL Observatory-based notary (currently there is only a perspectives-type notary).</p> <p>Mikhail Kazdagli <kazdagli@mit.edu>: I'd like to use IntelPIN's binary instrumentation to implement emulation mechanism for unmodified binaries. This feature should allow to analyze dynamic behavior of x86 code, and if it reveals suspicious behavior, this security system should block its execution.</p> <p>Chris Calabrese <cbreezy@mit.edu>: Possibly working with the Android operating system and writing/analyzing some cool exploits to take advantage of the security model and any implementation flaws in a particular version of the software.</p> <p>Joe Colosimo <colosimo@>: Hardware side-channel attacks. I'm interested in looking at some basic cryptography libraries for Atmel AVR microcontrollers and potentially exploiting them through side-channel attacks. Existing papers point to these kinds of vulnerabilities as being very real and very measurable. Between measuring timing (which is usually very precise with microcontrollers) and current (which can help mitigate preventions to timing attacks through spinlooping), data should be extractable from the controller. This has applications in embedded devices that have secret keys inside them.</p> <p>Stefan Gimmillaro <stefang@mit.edu>: Interested in exploring PHP/MYSQL vulnerabilities; creation automatic testing of php websites to search for common exploits. Also interested in p2p data encryption.</p>
If you are unable to use this CAPTCHA please <a href="administrators.action" tabindex="5">contact your administrator</a> for assistance.
Edit
Preview
Save
Close
{"serverDuration": 199, "requestCorrelationId": "7da1c83bdc9f4630"}