Sightly OT: Re: [unisog] University virus-writing course?

Phillip G Deneault deneault at WPI.EDU
Thu May 29 00:59:13 GMT 2003

I had a professor who was interested in creating a research project.  It 
was to be a grand security system encompassing dynamic intrusion 
detection, malware defeating agents, and some kind of unspecified 
central management system.  I read his proposals and his timetables.  At 
its peak, the project would employ or involve no less than 20 people 
including about a dozen grad students, several full time staff members, 
and about a half-dozen faculity.  The project would run its course over 
four years.

I was highly skeptical.  

Besides being alot of work without any clear method of getting there and 
besides the timetable which seemed to pivot on the idea that nothing ever 
changes and no problems will ever occur, I was concerned with the content 
of the project.  Although many qualified people work on these topics 
everyday, there's so much involved with these topics that a project of 
this magnitude becomes very big very quickly.

To magnify the problem, our computer science program(which would be
working on this project) doesn't cover security at all.  We have two
graduate classes on the topic, and only a single lecture of a 4000-level
undergrad class in Operating Systems covers security.  Despite many people
pointing out this deficiency, things do not seem to be changing anytime
soon.  The faculity which would be working on this project are not well
versed in security themselves(except of course for the project proposer,
although I'm not too sure of his abilities either).

Now all this would be fine as long as they stay inside of the campus 
network(and preferably their own isolated network).  However the project 
has made strides to team up with other universities and companies to 
attack and counter-attack each other that test systems and sub-systems of 
the project.  This is the problem I have.  I'm concerned that untrained 
students will be attacking systems on both sides with all the sublity of 
a machine-gun.  

If they miss(mistyping an IP), or students on either side try to attack
other unrelated systems(DNS, switches, routers, or other hosts) in an
attempt to disable or break into the project, I'll need to block those 
sites and point out the fact that the project is in violation of our AUP, 
not to mention clean up the mess.  I'd rather not do that and head of the 
problem at the pass.

Does anyone have any thoughts this problem?  Does anyone think this is 
lunacy or that I'm way off base?  I'd like people's 2 cents if they've 
come across this problem before and possibly what they did to solve it.

Thanks in advance.

Phil Deneault     "We work in the dark, We do what we can,
deneault at   We give what we have. Our doubt is our passion,
WPI NetOps         and our passion is our task. The rest is the
InfoSec            maddness of art." - Henry James

More information about the unisog mailing list