CS 4401 (A11): Software Security Engineering
Presentation Expectations

Table of Contents:

Audience Role
Topics and Dates


Please organize yourselves into groups of 2-3 to prepare a presentation on one of the topics below. Each presentation should consume a third to a half of a class meeting.

A two-person group should prepare a 15-minute presentation, including a few minutes for questions and discussion. A three-person group will have 20 minutes. This gives a bit more time for coordination and transitions, and for somewhat more material, which you can develop with the extra manpower.

You and your partner(s) can split this time however you want (even including having one of you do all the talking). However, you should give one cohesive presentation, rather than separately-prepared segments. You should design the presentation (content, structure, etc) as a team. You will receive one grade as a team. One goal of having you work in teams is to get stronger presentations.


Each group should send me email with your group members and an ordered list of about three topics you'd be interested in. If your group cannot present on Rosh Hashanah, please let me know that. The first day of Rosh Hashanah is 29 September.

Audience Role

As you listen to the other presentations, I'll ask you to fill out a simple feedback form. This is the same feedback form I'll use in grading the presentations. However, students should gather their forms, giving them directly to the presenters, not to me. The feedback form will ask the degree of effectiveness of the presentation along several axes. Roughly, they'll be: The form will also ask you to mention one or two things that were particularly effective, and some improvement you would recommend.

Initial References

Here are some starting links relevant to each topic (I'll be getting them up for all topics over the next few days). You don't have to present exactly the content of these papers, but I expect these to figure into your presentation to some extent unless you clear different references with me beforehand. (This is mainly to ensure that presentations are aiming for the appropriate technical depth). Some of the papers contain references to other useful information, so check those out in preparing your presentation.

To access links into ACM's Digital Library, you will need to be inside the WPI network (either directly or via VPN).

Topics and Dates

Automated Teller Machines and Credit Cards
26 September 2011
F Carnevale, I Lonergan, J Namias

Stuxnet and other Malware
26 September 2011
A Grant, T Jaskoviak, M Solano

Stuxnet was a worm using USB devices and Windows vulnerabilities to target industrial control systems, allegedly focused on delaying the Iranian nuclear program.

Electronic Cash using Bitcoin
27 September 2011
P Malmsten; H Moreno; L Seruwagi

Hijacking a modern car
27 September 2011
E Baicker-McKee; S Ruck; B Pham

Data Aggregation across Social Networks
30 September 2011 W Jones-Mulaire, S Murdy, S Zutshi

Stealing and securing open-access wifi connections
30 September 2011
S Maguire; J Mehta; A Becker

Presentation should include how to steal someone's data in a public wifi hotspot.

VPNs and Network Security
3 October 2011
X Ma; Z Wu

Privacy on Facebook
3 October 2011
P Balasubramanian; F Martell

Generally a rich topic with lots to be found. No need to stick to these, but do bring socio-technical dimensions into the discussion.

Android security Model
7 October 2011
P Dharani; B Lipson; D Thomas

Google Chrome security architecture
7 October 2011
M Gheorghe; W Mulligan; N Thorn

Electronic Voting
10 October 2011
K Luli, J Marokhovsky

Cyber-war (between nations)
10 October 2011
F Clinckemaillie; A Kuang

Richard Clarke and Herbert Lin are two useful names from which to start searches on this topic.

Online Games
10 October 2011
C Phillips; A Mitnik

Unused Topics

Mobile banking (security aspects)

Look into socio-technical issues as well as how mobile banking works technically.

Denial of Service

A case study or two on successful attacks and their broader implications would make sense here.



Tor Anonymity tool

Digital Rights Management

Strong Security in Linux

How can the Linux kernel protect you if a program misbehaves (possibly because of injected code)? AppArmor and Security-Enhanced Linux are two approaches.