Chris Pollett > Students >
Yun
    ( Print View )

    [Bio]

    [Project Blog]

    [CS297Proposal]

    [Del1-PDF]

    [Del2-PDF]

    [SecuritySlides-PDF]

    [Del4]

    [CS297Report-PDF]

    [CS298Proposal]

    [CS298Final Source-ZIP]

    [CS297Presentation-PDF]

    [CS298Report-PDF] 

                          

























CS297 Proposal: USB Key Profile Manager for Mozilla

Yun Zhou (zhouadel@yahoo.com)

Advisor: Dr. Chris Pollett (pollett@cs.sjsu.edu)

Description:

Browsers normally use a local cache to store important user information, such as passwords and automatically filled-in forms. Since this information is maintained on the local drive, it is not difficult to be stolen by other users using the same computer. To solve this problem, a secure profile manager using Universal Serial Bus (USB) key will be implemented in this project to enhance cache security. Once the user completes her task and leaves the computer, she can remove the USB key and the information stored in the key will also be safely removed. Besides, the profile manager can also achieve location independence. The user should be able to select different levels of profile settings or simply use the traditional cache. When the USB key is selected, the profile manager should automatically detect and apply user information stored on the key with reasonable performance. Advanced Encryption Scheme (AES) is considered to be used to ensure the cache security. Ideally, the USB key profile manager should be an add-on component instead of a modification of the existing profile manager in order to achieve backward compatibility with older versions of Mozilla. The USB key profiler manager will support both Firebird and Thunderbird. Linux will be the main development platform, although I hope to deploy the component on different platforms, such as Windows and Unix.

Schedule:

Week 1 & 2: Jan.26-31, Feb.1-7

Read: "Running Linux", 4th Ed., online book "Creating XPCOM Components"http://www.mozilla.org/projects/xpcom/book/cxc/

Task: Install Linux, download Mozilla source code and compile on Linux. Get familiar with Mozilla development tools such as LXR, Bonsai, and Tinderbox

Week 3: Feb.8-14

Read: Online documents on Netscape Portable Runtime, "Rapid Application", chapter 1

Task: Research benchmarks for USB keys, including startup, page load, buffering mechanisms, and write limit.

Week 4: Feb.15-21

Read: “Rapid Application", chapter 16

Task: Learn how cache is implemented in Mozilla

Week 5 & 6: Feb.22-29, Mar.1-6

Read: Online documents on Mozilla's Personal Security Manager (PSM) projects and component security.

Task: Isolate places in Mozilla where writes are done.

Week 7: Mar.7-13

Read: Online documents on Mozilla's Network Security Services (NSS), the Official Red Hat Linux Reference Guide, Chapter 5. The ext3 File System

Task: Learn how Linux journaling ext3 file system works

Week 8 & 9: Mar.14-27

Task: Modify journaling ext3 file system

Week 10: Mar.28-Apr.3Spring Break
Week 11-13: Apr.4-24

Task: Start modifying Mozilla's cache implementation to save backups on USB keys.

Week 14-15: Apr.25-May 8

Task: Research and experiment on advanced encryption algorithms.

Week 16: May 9-15

Task: Write cs297 report and cs298 proposal

Deliverables:

The full project will be done when CS298 is completed. The following will be done by the end of CS297:

1. Reports on literature review.

2. Modified implementation of Linux journaling ext3 file system.

3. Modified cache implementation mounted to USB drive.

4. CS297 report.

References:

[2003] "Creating XPCOM Components", Retrieved on 1/12/04, from http://www.mozilla.org/projects/xpcom/book/cxc/.

[2003] Rapid Application Development with Mozilla. Nigel Mcfarlane. Prentice Hall. 2003.

[2003] Running Linux. Matthias Kalle Dalheimer, Terry Dawson, Lar Kaufman, Matt Welsh. O'Reilly. 2003.

[2003] "Netscape Portable Runtime", Retrieved on 1/8/04, from http://www.mozilla.org/projects/nspr/.

[2003] "XPCOM". Retrieved on 1/8/04, from http://www.mozilla.org/projects/xpcom/.

[2003] "Security Projects", Retrieved on 1/8/04, from http://www.mozilla.org/projects/security/.

[2003] Understanding the Linux Kernel. Daniel P. Bovet, Marco Cesati. O'Reilly. 2003.

[2003] Linux Device Drivers. Jonathan Corbet, Alessandro Rubini. O'Reilly. 2003.

[2002] Building Secure Servers with Linux. Michael D. Bauer. O'Reilly. 2002.

[2002] The Cathedral & the Bazaar. Eric S. Raymond. O'Reilly. 2002.

[2001] "An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists". IEEE Transactions on Very Large Scale Integration (VLSI) Systems. Elbirt, A.J. 2001.

[2000] "Sub-Operating Systems: A New Approach to Application Security". Sotiris Ioannidis, Steven M. Bellovin. 2000.

[1999] "State-of-the-art ciphers for commercial applications". Computers & Security. Preneel, Bart. 1999.

Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide. Retrieved on 1/8/04, from http://linux.web.cern.ch/linux/redhat73/documentation/redhatcd/RH-DOCS/rhl-rg-en-7.3/ch-ext3.html.