2023–24 Projects:
Advisor: Jeff Ondich
Every year, dozens of conferences are devoted to sharing security research reports. For example, Black Hat's annual USA conference typically draws about 20,000 attendees, and DEF CON draws more than 30,000. (Their websites also try to evoke an annoying cyberpunk-cool-hacker vibe—that'll be a good liberal arts topic for discussion by this comps team on another day.)
Many of the presentations at these conferences describe concrete hacks of real security systems. Occasionally, these hacks can make big news, like the Black Hat 2015 presentation on how some researchers took over a Jeep Cherokee's computer while the Jeep was driving. But even the more modest hacks highlight concrete vulnerabilities in existing software and hardware, while also exemplifying more general principles.
In this project, you'll get the opportunity to read and view many presentations from practical security conferences, which will broaden your understanding of the security field. Then, you'll select one particular presentation to replicate—that is, you'll do the hack yourself—which will give you a deeper understanding of one narrow topic. This combination of reading-for-breadth and replicating-for-depth is a great way to learn about and keep up with security research. Plus, it should be lots of fun.
We'll use a comps model devised by Dave Musicant that goes roughly like this:
None