CS297 Proposal: USB Key Profile Manager for Mozilla
Yun Zhou (zhouadel@yahoo.com)
Advisor: Dr. Chris Pollett (pollett@cs.sjsu.edu)
Description:
Browsers normally use a local cache to store important user
information, such as passwords and automatically filled-in forms.
Since this information is maintained on the local drive, it is not
difficult to be stolen by other users using the same computer. To
solve this problem, a secure profile manager using Universal Serial
Bus (USB) key will be implemented in this project to enhance cache
security. Once the user completes her task and leaves the computer,
she can remove the USB key and the information stored in the key will
also be safely removed. Besides, the profile manager can also achieve
location independence. The user should be able to select different
levels of profile settings or simply use the traditional cache. When
the USB key is selected, the profile manager should automatically
detect and apply user information stored on the key with reasonable
performance. Advanced Encryption Scheme (AES) is considered to be
used to ensure the cache security. Ideally, the USB key profile
manager should be an add-on component instead of a modification of
the existing profile manager in order to achieve backward
compatibility with older versions of Mozilla. The USB key profiler
manager will support both Firebird and Thunderbird. Linux will be the
main development platform, although I hope to deploy the component on
different platforms, such as Windows and Unix.
Schedule:
Week 1 & 2: Jan.26-31, Feb.1-7 | Read: "Running Linux", 4th Ed., online book "Creating
XPCOM Components"http://www.mozilla.org/projects/xpcom/book/cxc/
Task: Install Linux, download Mozilla source code and compile
on Linux. Get familiar with Mozilla development tools such as LXR,
Bonsai, and Tinderbox |
Week 3: Feb.8-14 | Read: Online documents on Netscape Portable Runtime, "Rapid
Application", chapter 1
Task: Research benchmarks for USB keys, including startup, page
load, buffering mechanisms, and write limit. |
Week 4: Feb.15-21 | Read: “Rapid Application", chapter 16
Task: Learn how cache is implemented in Mozilla |
Week 5 & 6: Feb.22-29, Mar.1-6 | Read: Online documents on Mozilla's Personal Security Manager
(PSM) projects and component security.
Task: Isolate places in Mozilla where writes are done.
|
Week 7: Mar.7-13 | Read: Online documents on Mozilla's Network Security Services
(NSS), the Official Red Hat Linux Reference Guide, Chapter 5. The
ext3 File System Task: Learn how Linux journaling ext3 file system works |
Week 8 & 9: Mar.14-27 | Task: Modify journaling ext3 file system |
Week 10: Mar.28-Apr.3 | Spring Break |
Week 11-13: Apr.4-24 | Task: Start modifying Mozilla's cache implementation to save
backups on USB keys.
|
Week 14-15: Apr.25-May 8 | Task: Research and experiment on advanced encryption
algorithms.
|
Week 16: May 9-15 | Task: Write cs297 report and cs298 proposal |
Deliverables:
The full project will be done when CS298 is completed. The following will
be done by the end of CS297:
1. Reports on literature review.
2. Modified implementation of Linux journaling ext3 file system.
3. Modified cache implementation mounted to USB drive.
4. CS297 report.
References:
[2003] "Creating XPCOM Components", Retrieved on
1/12/04, from http://www.mozilla.org/projects/xpcom/book/cxc/.
[2003] Rapid Application Development with Mozilla. Nigel
Mcfarlane. Prentice Hall. 2003.
[2003] Running Linux. Matthias Kalle Dalheimer, Terry Dawson, Lar
Kaufman, Matt Welsh. O'Reilly. 2003.
[2003] "Netscape Portable Runtime", Retrieved on 1/8/04,
from http://www.mozilla.org/projects/nspr/.
[2003] "XPCOM". Retrieved on 1/8/04, from
http://www.mozilla.org/projects/xpcom/.
[2003] "Security Projects", Retrieved on 1/8/04, from
http://www.mozilla.org/projects/security/.
[2003] Understanding the Linux Kernel. Daniel P. Bovet, Marco
Cesati. O'Reilly. 2003.
[2003] Linux Device Drivers. Jonathan Corbet, Alessandro Rubini.
O'Reilly. 2003.
[2002] Building Secure Servers with Linux. Michael D. Bauer.
O'Reilly. 2002.
[2002] The Cathedral & the Bazaar. Eric S. Raymond. O'Reilly.
2002.
[2001] "An FPGA-based performance evaluation of the AES block
cipher candidate algorithm finalists". IEEE Transactions on Very
Large Scale Integration (VLSI) Systems. Elbirt, A.J. 2001.
[2000] "Sub-Operating Systems: A New Approach to Application
Security". Sotiris Ioannidis, Steven M. Bellovin. 2000.
[1999] "State-of-the-art ciphers for commercial
applications". Computers & Security. Preneel, Bart. 1999.
Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide.
Retrieved on 1/8/04, from
http://linux.web.cern.ch/linux/redhat73/documentation/redhatcd/RH-DOCS/rhl-rg-en-7.3/ch-ext3.html.
|