Tentative Topics for ISA 767

This page will be updated frequently.

Form:

Individual or group with 2 students. The group members and topics will be posted here.
Each group has a presentation about 30 minutes (25 minutes for presentation + 5 minutes discussion), with about 15-20 slides.
Final report format guideline: about 12-15 pages including cover page and references, single-spaced, single-column, 11 font, times new roman. Abstract should be no longer than 300 words.

Please send me email to preserve the day you want to do presentation.

Proposed Topics:

Order

Group Members

Topic

1

Andrew J. Woods & John F. McLaughlin (11/16)

An Encryption Performance Strategy for Bulk Transfers in Secure Electronic
Commerce (Slides)

2

Mohamed K.Kamara (11/16)

Active Directory Access Control (ADAC) model in Role-Based Access Control model (RBAC) (Slides)

3

Hosuk Choi (11/16)

Advanced Adaptive Intrusion Response with Graph at E-Commerce (Slides)

4
Zhixiong "Jim" Zhang (11/16)

Role & Organization Based Access Control for Web Applications (Slides)

5

Ram Krishnan (11/30)

Trusted Computing (Slides)

6

David Kelly (11/30)

Web Services Security (with SAML & XACML) (Slides)

7

Paul Southerington & Robert Salembier (11/30)

Digital Rights Management in the Era of Ubiquitous Computing (Slides)

8

Anil Rangi (11/30)

Implementation of RBAC in an Enterprise: A Case Study on SA Catalog Manager (Slides)

9

Ahmed Darwish (11/30)

Towards Secure P2P architectures (Slides)

10

KamalEldin Mohamed & Ramesh Byanjankar (12/07)

Identity Management (Slides)

11

Anthony Abbruzzese (12/07)

Information sharing and legal content distribution (Trusted Computing for P2P) (Slides)

12

Imran Shah & Kamau Njuguna (12/07)

E-payment and micro-payment in E-commerce: Protocols and Security Analysis (Slides)

13

Charlie Lambert (12/07)

Security analysis and comparison of SELinux, TrustedBSD, Trusted Solaris, NGSCB, etc. (Slides)

14

Justin Davis (12/07)

Comparisons and analysis of certificate standards: (X.509 public key certificate, PGP, IETF X.509 attribute certificate (RFC3281), SPKI/SDSI certificate, etc.) (Slides)

Tentative Topics:

RBAC constraints and conflictions
RBAC delegations
RBAC in Workflow systems
RBAC for Web Services
Access control (RBAC, UCON, etc) architectures and mechanism for collaborative computing (e.g., Grid, ad-hoc group-based)
Attribute-based authorizations and delegations
Comparisons and analysis of policy languages: PolicyMaker, KeyNote, Ponder, XACML, etc.
Comparisons and analysis of certificate standards: X.509 public key certificate, PGP, IETF X.509 attribute certificate (RFC3281), SPKI/SDSI certificate, etc.
Using SAML/XACML to support UCON
Security analysis in SAML/XACML/Liberty Alliance protocols
Trusted Computing for P2P, information sharing, and legal content distribution
DRM policies, models, architectures, and technologies
E-payment and micro-payment in E-commerce: protocols and security analysis
Identity Management
Risk analysis in access control models. (this paper introduces extra hierarchy beyond the RH in RBAC1 to capture risk aspects.)
Security analysis and comparison of SELinux, TrustedBSD, Trusted Solaris, NGSCB, etc.
... (to be added)

You are encouraged to propose your own topic.

Tentative Schedule:

09/21: Research topic, one paragraph (max 1/2 page) of research direction, and a list of references due in class.
10/05: Abstract, outline with short description for each section and partial references due in class.
10/26: Individual research topic discussion in class if necessary
11/16, 11/30, 12/07: Student presentations (Slides due the day before your presentation).
12/16: Paper due

Order	Group Members	Topic
1	Andrew J. Woods & John F. McLaughlin (11/16)	An Encryption Performance Strategy for Bulk Transfers in Secure Electronic Commerce (Slides)
2	Mohamed K.Kamara (11/16)	Active Directory Access Control (ADAC) model in Role-Based Access Control model (RBAC) (Slides)
3	Hosuk Choi (11/16)	Advanced Adaptive Intrusion Response with Graph at E-Commerce (Slides)
4	Zhixiong "Jim" Zhang (11/16)	Role & Organization Based Access Control for Web Applications (Slides)
5	Ram Krishnan (11/30)	Trusted Computing (Slides)
6	David Kelly (11/30)	Web Services Security (with SAML & XACML) (Slides)
7	Paul Southerington & Robert Salembier (11/30)	Digital Rights Management in the Era of Ubiquitous Computing (Slides)
8	Anil Rangi (11/30)	Implementation of RBAC in an Enterprise: A Case Study on SA Catalog Manager (Slides)
9	Ahmed Darwish (11/30)	Towards Secure P2P architectures (Slides)
10	KamalEldin Mohamed & Ramesh Byanjankar (12/07)	Identity Management (Slides)
11	Anthony Abbruzzese (12/07)	Information sharing and legal content distribution (Trusted Computing for P2P) (Slides)
12	Imran Shah & Kamau Njuguna (12/07)	E-payment and micro-payment in E-commerce: Protocols and Security Analysis (Slides)
13	Charlie Lambert (12/07)	Security analysis and comparison of SELinux, TrustedBSD, Trusted Solaris, NGSCB, etc. (Slides)
14	Justin Davis (12/07)	Comparisons and analysis of certificate standards: (X.509 public key certificate, PGP, IETF X.509 attribute certificate (RFC3281), SPKI/SDSI certificate, etc.) (Slides)