Dates: A title and short abstract are due on Thursday, March 9. Projects are due on Thursday, April 6.

Description: You are to choose a topic in computer security, investigate it, and write a careful description. We wrote out a short list of possible topics in class, but you are not limited to it. You should concentrate on the underlying principles and/or analysis, not implementation details: what are the foundational ideas underlying Kerberos and why are they important, or how does the WEP protocol fail and why is that failure critical to security, or what are the characteristics of a secure password and what analysis supports that claim? Although we didn't mention it in class, a topic involving computer forensics or "human engineering" is acceptable provided it meets the standards above.

Demonstration/experiment (optional): If it fits your topic, you may observe (legally!) existing systems or put together a prototype from existing libraries. This is not an implementation exercise, so don't write extensive code.

Sources: Give complete citations, and use authoritative sources. Papers from refereed journals and conferences are fine, as are standards documents from government agencies and professional organizations. Books and white papers from commercial firms are acceptable when they are the appropriate source of information. Use primary sources whenever possible. Avoid superficial summaries, blogs, marketing material, and random web postings.

Length: Whatever it takes to do justice to the topic. We expect that most papers will be at least 2500 words and few will require more than 5000 words. (We've given up on counting pages because it is too easy to monkey with margins, spacing, and fonts.)

Progress reports: Mike or Rett will be meeting a couple of times with each of you individually or in small groups to discuss your progress and make suggestions. The first such meetings will occur during class on March 9.