Course project
--------------

This semester, the class will do a joint project exploring issues around malicious
code and Trojan horses. The deliverable will be a paper written jointly by members of the
class and several software tools for hiding and finding Trojans. The students will be
split into groups that will be responsible for the various phases of the project. Each
task will have students assigned to it and deadlines. There will be time spent in class 
on the project, but most of the work will be done outside of class.

The project is divided into 4 tasks, and each student must participate in two of them.
Students must select one of task 1 and task 4 and one of task 2 and task 3. That is, it is
okay to do task 1 and task 3 or task 2 and task 4, but you cannot do task 1 and task 4 or
task 2 and task 3. If there are too many students in the class, then we will run two parallel
teams for each task.



Task 1
------

Literature Search

Team members will exhaustively search the computer security and programming literature for
papers about malicous code and code hiding. Anything related to hiding programs in other 
programs or finding programs in other programs should be looked at. Team members will read
all of the related papers and compile a list of the 5 most important papers in the literature.
Team members will write a report summarizing all of the previous research results
and include as exhaustive a bibliography as possible. The report is due September 30.

The list of 5 papers will be made available to the class on September 30, and the rest of
the class will be responsible for reading them. Each non team member in the class must
submit a one page write-up with feedback to the team on October 7.

Presentation: On Friday, October 1, team members will present the most interesting
research results and will cover all of the material in the most important papers found.
The team will lead a class discussion on the previous literature,
what is wrong with the papers, what is missing, and what could still be done. 
If necessary, the discussion will roll over to the next lecture. Team members
will be expected to have the class discussion organized so that there is plenty to
talk about. Based on the class discussion, the group will revise their report and 
turn it in on October 14.


Task 2
------

Hiding code

Team member will be responsible for coming up with as many possible techniques for
hiding code as they can. They should first focus on generalized techniques, and try
to produce a taxonomy of high level concepts for hiding code. Then, they should focus 
on specific techniques. The group should then build at least two tools to aid in the
automated hiding of malicious code in other programs. The group should also produce
a report outlining all of the generalized and then specific techniques and describing
the tools that were created. The report is due October 28. 

Each non-team member must provide feedback to the team in a one page report on November 4.

Presentation: On Thursday, October 28, the team will present the generalized techniques followed
by the specific techniques. They will also demo the tools. On Friday, October 29, the group
will lead a class discussion on hiding malicious behavior in software. Team members
will be expected to have the class discussion organized so that there is plenty to
talk about. Based on the class discussion, the group will revise their report and turn it
in on November 11.

Task 3
------

Finding mailicious code

Team member will be responsible for coming up with as many possible techniques for
finding malicious code as they can. The techniques can range from looking for certain
anomalies to systematic checks involving front end language grammars. The team should
build at least two automated tools for finding malicious code. The team should produce
a report describing the challenges of finding malicious code and explaining their approach,
as well as describing their tool.  The report is due on November 4.

Each non-team member must provide feedback to the team in a one page report by November 11.

Presentation: On Thursday, November 4, the team will present their report as well as
demo their tools. On Friday, November 5, the group will lead a class discussion on 
finding malicious software. Team members will be expected to have the class discussion 
organized so that there is plenty to talk about. Based on the class discussion, the group 
will revise their report and turn it in on November 18.

Task 4
------

Editing the final report

Team members will be responsible for collecting all of the final versions of all of the
other team reports and editing them and putting them together into a finished report. The
new report should read in a cohesive way, so that the report does not appear to be a bunch 
of other reports stitched together. This may require rewriting most of the text.
The full report should include a section on the feasibility of finding and hiding code and 
a comparison of the two taks. Also, the report should contain an abstract, an introduction
and a conclusion that makes predictions of where this type of research is likely to go.
The team will also be responsible for putting together a presentation on the entire project
and presenting it to the class on December 2. Also, they will lead a discussion on December
3 about future directions of this research.