ASRG Topics for Fall 2001
We briefly went over the proposed meeting times. I received
two e-mails indicating that Wednesday's 2-3pm were bad; there
were nine people who attended today's meeting. I will reserve
Wednesday 2-3pm for the rest of the semester.
The following topics were presented as ideas for future
meetings:
- Interesting papers from USENIX security?
- Interesting papers from ACM Conference on Computer and Communications
Security.
Can we produce any techniques to prevent classes of problems found
on bugtraq?
- SSH (and other protocol) traffic/timing analysis.
- Social issues concerning crypto; crypto regulation. DMCA. etc.
- CodeRed, NIMBA and other worms. Propogation characteristics.
Code breakdown.
- Cookie collection project. (See http://cookies.lcs.mit.edu)
- Risk measurement: how to do it? what is it?
- How can one test that one can not access a service? Can we
approximate such testing (which would take exponential time?)
- Wireless security.
- Forensics. How to figure out what happened after a compromise?
See http://project.honeynet.org/.
(Maybe we can do some of the exercises they have, for some hands-on
experience.)
Please feel free to e-mail additional topics that you may be
interested in.
Brought to you by the MIT LCS Applied Security Reading
Group