Security Proof of Everyday Connections

Generally when we discuss computer security, we are concerned with network protocols, or with physical access to the keyboard/monitor. What about other types of connections? While work has been done on analyzing electronic emissions to produce truly hardened systems, is there a potential for virus-like attacks on general purpose systems that are connected to external devices other than networks? As an example, could you write a virus that could attack a machine via a VGA connection (e.g., is the Plug & Play Display Standard secure?)

In performing this project, you will learn to analyze system components to determine if they are secure. This will involve readings in both security and the underlying hardware component specifications.

Background

Performing this project requires an understanding of the theory behind analyzing and validating systems and protocols, and some level of hardware design knowledge. A computer engineering undergraduate background and CS 526 should be sufficient.

Expectations

What you will produce will include:

• A plan of the connection/device types you will study (due before the project begins
• A report describing existing work for the items in the previous bullet, along with a selection of a specific connection/device to pursue (due in the first month of the project).
• A plan for analyzing that device, including a comparison of formal methods that might be appropriate and a selection of a method to use.
• An analysis of the security of the device.

Process

It is expected that you will have at least biweekly meetings with me, and email a weekly status report consisting of:

1. A status report: What you have accomplished in the preceding week.
2. Problems: Is there anything you need to proceed?
3. Expected accomplishments for the upcoming week.

If interested, see instructions on how to proceed.