Deliverables must be submitted via e-mail to course e-mail address t-110.5230@tml.hut.fi with deliverable files attached to the e-mail as a ZIP file (preferred; tar.gz is OK too). This is a change from previous years.

Peer review is sent to group members directly as well as the course e-mail address.

Deliverable: Table of contents and reference list for paper

The deliverable simply consists of a single PDF file containing a sketch of your paper structure as section and subsection headings. Also describe shortly what you intend to say in each section.

The reference list should be close to final; the staff should be able to verify your references based on your reference list. You don't need to pay too much attention to style or language at this stage, as long as your deliverable is understandable. The content matters most, i.e. your structure should be sound, and your references both relevant and valid.

This deliverable is a precursor to your paper, so it must be typeset in LaTeX. See the LaTeX information page for details.

Finding information

Information on vulnerabilities can be found from many sources. As in everything, Google is your friend, but you may also seek for information and ideas from CERT, Securityfocus (Bugtraq), 2600, Insecure.Org, Atstake. You might also find interesting ideas by dipping into CiteSeer. Steve Bellovin has also written a lot about security, especially in IP networks.

For IP-related standards, the relevant IETF sources are: Main IETF page, RFC Editor, Watersprings (old drafts).

Deliverable: Attack plans

The intent of this deliverable is to ensure your attacks seem relevant and realistic, and that you know how to carry them out. Use the attack plan template (see files attached to second lecture on Lectures page) as a basis.

You don't need to pay too much attention to style or language at this stage, as long as your deliverable is understandable. (E.g. writing a text file and running it through enscript + ps2pdf is just fine.)

Peer review of the attack plans: see files attached to second lecture on Lectures page.

Deliverable: Vulnerability reports

A vulnerability report describes a single vulnerability. The required parts for each vulnerability are:

Threat and Vulnerability
Preconditions for the Attack
Analysis of the Attack
Detection and Tracing
Protecting against the Attack
Test results

The deliverable consists of three such vulnerability reports, one for each vulnerability you study. Return one PDF file which contains all your vulnerability reports. Include a cover page with your topic and names. LaTeX is strongly suggested, but not mandatory.

Content, style, and language all matter for this deliverable.

Deliverable: Final paper

The final paper is not a vulnerability report. Instead, the paper is a stand-alone document, comprehensible on its own, describing the set of vulnerabilities you are investigating, the root cause of the vulnerability, the attacks and their impact, and protecting against the attacks.

The paper should refer to your vulnerability reports, as they are preliminary work for your paper. The paper may contain a summary of the vulnerability reports, but the technical details of the vulnerabilities themselves do not need to be described.

The paper should be 8-10 pages long; if you feel you need more pages, contact the course staff. The suggested structure for the paper is (NB: these are not the suggested section headings!):

Title and authors

Abstract

Introduction

Background

Vulnerabilities explained (refer to vulnerability reports for details), include description of you attacks (plans, carrying out, results)

Impact

Protection - countermeasures, detection, etc

Conclusions

References

If your topic requires a different structure, feel free to use it.

This deliverable must be typeset in LaTeX. See the LaTeX information page for details. The document structure in the LaTeX template is informative, and not the suggested structure.

Content, style, and language all matter for this deliverable.

Peer review of the paper draft: see files attached to second lecture on Lectures page.

Deliverable: Presentation slides

There is no fixed template for your presentation slides; use any structure you believe is the best for your topic.

Note that the version you return as the deliverable is the one which will be graded - you may continue to improve your slides for the presentation, but the improved slides will not be taken into account when grading. If you improve your slides, send revised versions to the course e-mail address, along with a note about the things you have improved. This is important because the PDF files used in the seminar will be primarily the ones you have sent to the course e-mail address. (Please use a version number as part of the filename if you improve the slides.)

Content, style, and language all matter for this deliverable.

You may use PowerPoint, OpenOffice, or whatever you like, as long as you can produce a PDF file compatible with Acrobat Reader.

Seminar presentation

The presentations will be 20 minutes each, with about 5 minutes for questions and answers.

The course staff will bring the latest PDF file versions you have e-mailed to course e-mail address. Bring your presentation with you (on a USB stick or a CD/DVD). By default we'll use the PDF files, but if something goes wrong, we'll try whatever you have with you. Bringing your laptop for the presentation is OK, but it will only be used if something goes wrong with the PDF.