cis 6930 - cellular and mobile network security: class ... · • creativity is the essence of this...

Florida Institute for Cybersecurity (FICS) Research

CIS 6930 - Cellular and Mobile Network Security:

Class Projects

Professor Patrick Traynor9/4/2018


What’s the Difference?• What is the difference between an BS, MS and PhD?

• How many points do you need to draw a line?

• This is a graduate class, so your best effort is not just required, it is expected.

• The work that you do here needs to have the goal of becoming publishable.

• Fine fine... how the heck do you do that??

2


Projects• Lots of questions have been sent to me via email in regards to the course

project.• “Please tell me a project that I can do”• It’s not as easy as that.

• “This is going to be a hard course”

• You need to be creative!• Graduate students need to be able to identify and solve problems• Simply building someone else’s idea is not going to cut it.

3


What is research?• Which activities are research?

• Designing a new protocol?• Building an implementation of a protocol?• Measuring the cost of the protocol?• Formally evaluating the correctness of a protocol?• Developing methods of implementing/evaluating a protocol?

4


What is not research?• Arguing the quality of a protocol?• Arguing the appropriateness of a protocol?• Surveying a field?• Illustrating a limitation of a common practice or system?

5


A Cynical Definition• That which counts on your vita... is research.

• The hardest thing about a PhD is figuring out what “research” is...

6


Research vs. Engineering• Novelty...• Importance... (sort of)• Discovering a new fact or idea

• Engineering is often harder than research• One must be careful to understand the difference

7


Research vs. Opinion• Arguing a position is not research unless it uncovers some new thought or

methodological device.• Difference is very subtle

• Experts will often produce manifesto about an area• E.g., Ten Risks of PKI: What You’re Note Being Told About Public Key

Infrastructure. C. Ellison and B Schneier, Computer Security Journal, v 16, n 1, 2000, pp 1-7.

• The key here is that they are experts and have the bona fides to make such an argument.

• This is not research

8


Why is there so much bad research?• Most papers (90+%) I encounter are bad -- for one or more of the following reasons. The

authors ...• ...don’t formulate the problem well (or at all).• ...don’t motivate the problem well (or at all).• ...address an unimportant or moot problem.• ...are not familiar with the breadth or depth of the area.• ...do not discuss important related work.• ...do not have a coherent solution or it does not solve the problem.• ...do not have a coherent or appropriate methodology.• ...do not apply the methodology well.• ...do not draw the correct conclusions from the results.• ...do not present the work well enough to be understandable.• ...do not articulate the impact/take away.

• Any paper failing to do any of these things is a failure.

9


Security Research• Can be as diverse as computer science itself

• Systems design• Formal analysis• Programming languages• Hardware design• Software engineering• Human Computer Interfaces• Networking...

• Some are specific to security• Cryptography• Secure protocol design• Security policy

10


Idea Formulation• The essential part of successful research is picking good problems and

solutions.• If it is so easy, just jump in...

11


Idea Formulation (cont)• Good approaches to finding ideas:

• Read lots of papers in a particular area you think is interesting• Read the newspaper and figure out what problems people have• Read slashdot and learn about new emerging technology.

• ...but ignore the vast majority of user comments • Then as the following questions (write down answers)

• What are the problems that this area asks?• What methodological tools are people using to address problems in this area?• How do your set of skills apply to these problems?• How is the field evolving?• How are expected changes in the larger computer science community going to

affect the known problems and solutions?

12


Hammers• How do you solve problems?

• Are you an expert in performance analysis? Formalism? Are you a policy specialist? Complexity reductions? Simulation master? Are you a systems builder? Interested in static analysis?

• Understand what techniques are being used in each area so that:• You can speak the language of that sub-community.• You can understand the shortcomings of their methods and bring in

your own “hammers”

13


Idea Formulation - Jumbles• Do the following exercise:

• (5 minutes) Take four pieces of paper out of the bag being passed around and come up with as many paper titles as you can.

• This is not an outline, there is no ordering.• Use your imagination!• Creativity is the essence of this exercise (don’t overthink)• Some of the list will be nonsense - do not filter thoughts!

• Example: If I got “Web 2.0” and “Location”, I might come up with the following (just a start):• “Large-scale Localization of Users based on Social Network Group Behaviors”, “The Impact

of Web 2.0 on Network Stability”, “The Leakage of Private Information from Web 2.0 Applications”.

• Of course, this is general - focus your thoughts specifically on the paper• e.g., better algorithm than the authors -- use graph theory

14


Notes on Authorship• This is the most dangerous part of publishing. This has led to very serious rifts in

the profession...• Make sure that anyone involved knows the policy (what one needs to do to be

an author) the expectations and the repercussions of not participating as expected.

• Ordering matters in some fields (systems), not in others(math).• Make sure everything is clear to everyone before getting started.

• I know of best friends who no longer speak to each other.• A paper is never worth that kind of heartache, but people will surprise you.• Do you have a policy and what is it?

15


Teams, Ideas, etc• Students must form into groups of 2 with the expectation of creating a

publishable work by the end of the semester.• I expect more from groups than individuals.• Graduate students are all considered to be at the same level - PhD.• Undergrads can focus more on an application, but are highly encouraged to

join a team with graduate students.• Having a publication before grad school/the real world is a big plus on your

resume.

• You must come together as a group and pick a project.

16


Idea Assignment: 9/18/18• Everyone has 5 minutes to present idea (3 slides)

• Area• Problem• Related Works• Solution• Methodology• Expected Results• Expected Take Away

• Everyone should practice timing and presentation. If the idea is not appropriate (tough love), or you don’t finish in 5 minutes, you will do it again next class.

17

Slide 1}} Slide 2

} Slide 3

cis 6930 - cellular and mobile network security: class ... · • creativity is the essence of this...

Documents