populate teaching/topics/ with available topics
authorStefano Zacchiroli <zack@upsilon.cc>
Wed, 16 Jul 2014 12:44:39 +0000 (14:44 +0200)
committerStefano Zacchiroli <zack@upsilon.cc>
Wed, 16 Jul 2014 12:45:48 +0000 (14:45 +0200)
teaching/topics/01-debian-checksums-service.mdwn [new file with mode: 0644]
teaching/topics/02-tails-integrity-client.mdwn [new file with mode: 0644]
teaching/topics/03-windows-of-vulnerability.mdwn [new file with mode: 0644]
teaching/topics/04-tails-self-dpi.mdwn [new file with mode: 0644]
teaching/topics/05-etherpad-encrypted.mdwn [new file with mode: 0644]
teaching/topics/06-etherpad-in-a-box.mdwn [new file with mode: 0644]
teaching/topics/07-rtce-characterization.mdwn [new file with mode: 0644]
teaching/topics/08-functional-simulation.mdwn [new file with mode: 0644]
teaching/topics/09-firmware-integrity.mdwn [new file with mode: 0644]

diff --git a/teaching/topics/01-debian-checksums-service.mdwn b/teaching/topics/01-debian-checksums-service.mdwn
new file mode 100644 (file)
index 0000000..88894bd
--- /dev/null
@@ -0,0 +1,21 @@
+**Title**: *Large-scale repository of binary checksum for integrity checks*
+
+**Description**: implement and deploy a public repository of checksum
+information for the binary packages of the Debian distribution. Design and
+implement an API for the service that allows to query it for integrity checks
+and forensic purposes. Inject into the repository a substantial subset of the
+distribution history; analyze the resulting data set.
+
+**Technologies**:
+
+- Python, SQLite, PostgreSQL
+- [Debian duplication detector](http://dedup.debian.net/) (which will need to
+  be adapted/extended in collaboration with the author)
+- <http://snapshot.debian.org>
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/02-tails-integrity-client.mdwn b/teaching/topics/02-tails-integrity-client.mdwn
new file mode 100644 (file)
index 0000000..7f76afa
--- /dev/null
@@ -0,0 +1,19 @@
+**Title**: *Design and implementation of an integrity/forensic client for the
+Tails live distribution*
+
+**Description**: build a software tool (to be integrated in Tails) that is able
+to check the integrity of (some part of) the binaries installed on a Debian PC,
+accessible from the running Tails instace. As a backend, the client will use
+either the service developed by (1a), or http://dedup.debian.net/
+
+**Technologies**:
+
+- [Tails](https://tails.boum.org/)
+- [Debian duplication detector](http://dedup.debian.net/)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo) 
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/03-windows-of-vulnerability.mdwn b/teaching/topics/03-windows-of-vulnerability.mdwn
new file mode 100644 (file)
index 0000000..decd92c
--- /dev/null
@@ -0,0 +1,24 @@
+<span class="strike">**Title**: *Windows of Vulnerability (WoVs)*</span>
+
+**Description**: design and implement a forensic tool capable of reviewing the
+upgrade history of a Debian(-like) distribution with respect to the history of
+publicly known software vulnerabilities (e.g., CVEs, NVD, etc). The output of
+the tool should be a series of time intervals, stating to which vulnerabilities
+the machine might have been exposed in the past, and for how long it has been
+the case.
+
+**Technologies**:
+
+- Debian administration (see, e.g., [handbook](http://debian-handbook.info/))
+- Security standards:
+  - [CVE](https://cve.mitre.org/data/downloads/)
+  - [CPE](http://scap.nist.gov/specifications/cpe/)
+  - [CVRF](http://www.icasi.org/cvrf)
+- [Debian security tracker](https://security-tracker.debian.org/tracker/)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo) 
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: taken
diff --git a/teaching/topics/04-tails-self-dpi.mdwn b/teaching/topics/04-tails-self-dpi.mdwn
new file mode 100644 (file)
index 0000000..828cda7
--- /dev/null
@@ -0,0 +1,24 @@
+**Title**: *Self Deep Packet Inspection for Tails*
+
+**Description**: instrument the Tails distribution to be able to perform "self"
+Deep Packet Inspection, to prevent unintended leaks of private information
+(e.g., IP adress, browser fingerprinting information, etc). It should be
+possible to use the instrumentation for both distribution development/testing
+and real use (provided that a suitable UI, which is outside the scope of this
+work, can be devised).
+
+**Technologies**:
+
+- [Tails](https://tails.boum.org/)
+
+**More information**:
+
+- [Deep Packet Inspection](http://en.wikipedia.org/wiki/Deep_packet_inspection)
+  (on Wikipedia, for a general overview)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/05-etherpad-encrypted.mdwn b/teaching/topics/05-etherpad-encrypted.mdwn
new file mode 100644 (file)
index 0000000..1de161e
--- /dev/null
@@ -0,0 +1,25 @@
+**Title**: *Encrypted Etherpad*
+
+**Description**: implement an encryption scheme that is suitable for real-time
+collaborative editing (a-la Google Docs) and integrate it into Etherpad. The
+scheme would allow to store the pad content on the server in an encrypted
+form. All of this has to be done without undermining real-time collaboration,
+and in particular it should use block-by-block encryption.
+
+**Technologies**:
+
+- [Etherpad](http://etherpad.org/)
+
+**More information**:
+
+- paper
+  [*Content cloaking: preserving privacy with Google Docs and other web applications*](https://upsilon.cc/~zack/research/publications/sac10-coclo.pdf)
+  (for a similar approach/solution, but *non-real-time*)
+- [Operational Transformation (OT)](https://en.wikipedia.org/wiki/Operational_transformation)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/06-etherpad-in-a-box.mdwn b/teaching/topics/06-etherpad-in-a-box.mdwn
new file mode 100644 (file)
index 0000000..209fafe
--- /dev/null
@@ -0,0 +1,24 @@
+**Title**: *Etherpad in a box*
+
+**Description**: implement an alternative Etherpad UI as a Firefox Add-on (more
+specifically a Firefox Extension). No extra features with respect to the
+Web-only version of Etherpad are planned, but minor modifications might be
+needed. Ideally, the Firefox-based UI should share as much (JavaScript+HTML5)
+code with Etherpad as possible, and should aim at being built directly from
+Etherpad sources.
+
+**Technologies**:
+
+- [Etherpad](http://etherpad.org/)
+- JavaScript
+- HTML5
+- Node.js (for Etherpad modifications, if needed)
+- <http://en.wikipedia.org/wiki/Add-on_(Mozilla)#Types_of_add-ons>
+- <https://developer.mozilla.org/en-US/Add-ons>
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/07-rtce-characterization.mdwn b/teaching/topics/07-rtce-characterization.mdwn
new file mode 100644 (file)
index 0000000..f9e7d86
--- /dev/null
@@ -0,0 +1,22 @@
+**Title**: *Characterization of real-time collaborative editing via Etherpad
+instrumentation*
+
+**Description**: instrument Etherpad to collect a wire range of live data
+during real-time collaborative editing of textual documents. A few examples of
+collected data: cursors position of each user, text and attribute changes,
+client-server http messages and network segments. The instrumentation should be
+enough to conduct experiments with real users and characterize usage patterns
+(yet unknown in the literature) of real-time collaborative editing.
+
+**Technologies**:
+
+- [Etherpad](http://etherpad.org/)
+- JavaScript
+- Node.js
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/08-functional-simulation.mdwn b/teaching/topics/08-functional-simulation.mdwn
new file mode 100644 (file)
index 0000000..e90c566
--- /dev/null
@@ -0,0 +1,17 @@
+**Title**: *Functional Adaptive Parallel and Distributed Simulation*
+
+**Description**: design and implement a parallel/distributed simulation model
+based on the Multi-Agent System paradigm using a statically typed, functional
+programming language (e.g., OCaml).
+
+**Technologies**:
+
+- [GAIA](http://pads.cs.unibo.it/dokuwiki/doku.php?id=pads:gaia)
+- [OCaml](http://ocaml.org/)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available
diff --git a/teaching/topics/09-firmware-integrity.mdwn b/teaching/topics/09-firmware-integrity.mdwn
new file mode 100644 (file)
index 0000000..eac3879
--- /dev/null
@@ -0,0 +1,19 @@
+**Title**: *Firmware retrieval and checksuming for integrity evaluation*
+
+**Description**: design and build a software tool (based on a Linux live
+distribution) that is able to retrive as much firmware information as possible
+about the devices installed on the PC, and checksum them to: a) verifiy if
+something has changed since the last known run of the tool (to detect tampering
+smells), and b) compare the obtained results against a (community-maintained)
+database of "well-known" firmware information.
+
+**Technologies**:
+
+- [Linux's firmware interface](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/firmware_class/README?id=HEAD)
+
+**Supervisors**:
+
+- [Gabriele D'Angelo](http://www.cs.unibo.it/~gdangelo)
+- [Stefano Zacchiroli](http://upsilon.cc/~zack)
+
+**Status**: available