RE: Need help with research topics

["Krpata, Tyler" <tkrpata () bjs com>]

It always seems like everything has been done before, but it never seems
to be the case. A couple of things that have room for further
innovation:

*The browser as a jumping-off point into the internal network, More Fun
With XSS, etc...lots of stuff located at http://www.gnucitizen.org/, but
this is fairly new stuff

*Vulnerabilities and exploits in the Windows kernel pool...couple of
starting points might be
http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-jack-update.pdf
and http://packetstormsecurity.nl/Xcon2005/Xcon2005_SoBeIt.pdf

*Point-of-sale endpoint security 

These are just a couple of ideas off the top of my head where I think a
couple of months of dedicated research might turn up some new and
interesting stuff.

-----Original Message-----
From: graceandglory13 () sbcglobal net
[mailto:graceandglory13 () sbcglobal net] 
Sent: Tuesday, October 03, 2006 3:56 PM
To: security-basics () securityfocus com
Subject: Need help with research topics

Hello, 
  This is my first posting.  I am a PhD student at Nova and I needed
some help finding new research topics to write about in the areas of
Computer Forensics, Network Security, Information Security etc.  I am
new to this school and I haven't done much research before.  My problem
is that to me it seems that everything has been done before.  I am also
afraid of choosing a topic that I will not be able to write code for or
build later (in two months).
  Below is the assignment:
For those in DCIS 830, a reminder.  I need for you to include in your
proposal what you are planning to do.  Exactly what you are planning to
do.  Phrases like "I plan to investigate...", 
"I will review...", and "I would like to research..." don't tell me
much.  Alternatively, phrases like "I will develop a prototype _____ and
use data from ____ to test the effectiveness of this approach", or "I
will conduct a case study of four ______ efforts and create a set of
best practices from the lessons learned" are much more specific.  I
don't need to know your 
results (you won't have those until you've finished the work) but I do
need to understand the research process that you will be following.
Dr. C

The objective of this exercise is to provide students with the
experience of
conducting research and writing an article on information security for
submission to a peer reviewed journal. The project involves the
submission of
a preliminary report and the final paper.
(Note: Topics must be approved in advance by the instructor)
Proposal (Due October 8, 2006)
The preliminary report should be in the form of a research plan. You
must state
the targeted journal for your manuscript. The preliminary report should
follow
the style required by the journal and address the following issues:
1. Problem addressed
Clearly state the research problem that you plan to
address.
2. Prior research
Briefly discuss the body of literature that is used to
motivate the
research. Emphasize the shortcomings in the prior literature that
you plan to address.
3. Significance
Explain why you think your work makes a significant
contribution
to the field. Cite references wherever possible to establish that
there is a consensus among researchers that the problem
addressed in the article is indeed an important one.
4. Methodology
Discuss the methodology you plan to use for the study.
Justify the
appropriateness of the selected methodology. Be as precise as
you can. Identify the knowledge representation scheme and the
search strategy where appropriate.
Make sure that you cite all relevant articles that are referenced in
your paper.
Please submit a copy of the paper that you believe is most significant
in
motivating your work. If relevant, you may also send copies of any other
supporting articles.
Final Report 
This is the final manuscript that you plan to submit to the targeted
journal. You
should use the style and the format that is appropriate for the journal,
(note: the
use of the GSCIS Idea Paper format is not acceptable). A suggested
guideline
for the article is presented below. Note that this is just a suggested
outline and
that your article need not have the same structure.
1. Introduction
Provide the necessary background and discuss the
relevant
literature to motivate the research problem that your article
addresses.
2. The Problem
Discuss the problem in detail and formulate it a manner
that
makes it tractable.
3. The Method
Describe the method used to address the problem. Justify
the
approach that you have adopted.

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------