Royal Holloway -
University of London
Postgraduate
MSc and Postgraduate Diploma in Information Security
DOs and
DON'Ts - Some advice concerning the preparation of MSc Projects
Keith
Martin, Information Security Group, Royal Holloway
Revised
December 2001
This document
contains a few tips on how to go about preparing, researching and writing
MSc projects for either the Royal Holloway MSc in Information Security
or MSc in Secure Electronic Commerce. These tips have been gathered
from several project markers on these courses – people who have seen
the results of students who DID and students who DID NOT.
Every DO
and every DO NOT has been included because of a past project
problem or deficiency. Please take time to read this document and try
to DO and DO NOT as much as you can. Your project just
might be all the better for it.
If you
want a more printer-friendly version of this document then you can
download a Word version.
We begin
with the project process itself by discussing what you should
be doing when with regard to your project during the MSc year(s).
We then consider the vital stage of choosing a project topic and go
on to consider issues concerning the conduct of your research. We continue
by taking a detailed look at the pitfalls of writing and discuss every
student’s favourite topic - referencing. We end with a little checklist
of the kinds of things that make examiners happy. Make sure that you
get to the end!
Contents
1 The Project
Process
1.1
The Process (First Semester)
1.2
The Process (Second Semester)
1.3
The Process (The Exam Semester)
1.4
The Process (Life after the Exams: The Summer)
2 The Project
2.1
Choosing a Topic
2.2
Conducting the Research
2.3 Writing
Up – Presentation
2.4
Writing Up – Style
2.5
Writing Up – Content
2.6
Referencing
3 The Project
Assessment
3.1 Pleasing
the Examiners
1
The Project Process
We start
by describing the MSc year and what you should be doing when with regard
to your project as the months unfold.
1.1
The Process (First Semester)
The
summer project – surely another lifetime away….
DO start
thinking about your project as soon as you can. You can never begin
too early! It is a very good idea to have at least identified a number
of possible areas of interest that you would like to work on by Christmas.
DO take
every opportunity to get advice on the project process. In particular,
make sure that you attend any tutorial sessions that are organised during
the first semester.
DO speak
to any members of staff who you think might be particularly suitable
to supervise your project.
DO discuss
possible project options with external speakers on the course. You never
know what project ideas they might have, nor what doors this might open
for you.
DO complete
the form Project – Areas of Interest by the end of the first
semester. The main purpose of this form is to help the ISG to allocate
you a supervisor (who must be a staff member of the ISG). Completion
of this form will ensure that you are allocated an appropriate supervisor
for your stated areas of interest.
DO, by
all means, nominate a preferred supervisor on the form Project –
Areas of Interest . However, if you do this, DO make sure that you
have already spoken with that supervisor and checked that they are happy
to supervise in the areas that you have nominated.
But
please…
DO NOT
panic about trying to identify the staff member best suited to supervise
you. As long as you nominate areas of interest on this form then the
allocation of an appropriate supervisor will be done on your behalf
by the ISG.
DO NOT
feel the need to have a clear idea of exactly what you want to
do by the end of the first semester. Indeed, it is quite a good idea
to wait until later in the course before getting more detailed in your
project plans – chances are that you will change your mind anyway. Relax
– you’ve still got time on your side!!
1.2
The Process (Second Semester)
The
assignment of the oracles. At the start of this semester you should
find out which staff member has been allocated to you as your supervisor.
DO make
contact with your allocated supervisor as soon as you have discovered
who they are. Do this even if you have not got any ideas about what
you want to do your project on (in fact in this case it is even more
important to make contact with them!) Use this meeting to get some advice
on what steps you should be taking next and to set up a communication
link with your supervisor.
DO, by
all means, talk to other members of the Information Security Group (or
anyone) about your project. If you (and your supervisor) feel that there
is another member of staff more qualified in the topic of your project
then this does not mean that you need to change supervisor. Your
supervisor will be fully qualified to advise you on the management of
your project. The other staff member may be a useful person to talk
to regarding the technical content of your project.
DO use
the second semester to flesh out your project plans. Start to do some
reading, do some preliminary research, seek out useful contacts.
DO identify
any external contacts (if appropriate) who might be useful in your project.
If you are seeking an industrial placement, or want to conduct interviews,
or want to study external case studies, then it might take time to find
the right people and organisations. Start to make these enquiries now.
DO make
sure that you have the skills to conduct your project and to prepare
your project report. Take the luxurious time available to you now to
fill in any gaps in your knowledge. Do you know how to write in a technical
writing style? Do you understand how to use references? If not, then
find out now!
DO aim
to complete the form Working Title and Short Outline of Scope by
the end of the second semester. This consists of a working project title
and a one page project plan that has been signed by your supervisor.
Make this your goal for the semester and get as much help as you need
from your supervisor in completing this. Even if you have no desire
to ever talk to your supervisor (most foolish!) then you do have to
contact them at least once to have them sign this form.
DO (by
all means) complete the form Working Title and Short Outline of Scope
well before the end of the second semester and get started on your project!
Part-time students: you may want to consider this option fairly seriously
because you are probably not in the position to throw your entire summer
at the project – the sooner you start the better. Note that you do not
even technically need to wait until your second year to kick this process
off…
However…
DO NOT
launch off on your project in a demented frenzy of enthusiasm without
at least a brief visit to your supervisor to check that your plan is
suitable. One short visit can save a lot of later frustration.
DO NOT
forget about the form Working Title and Short Outline of Scope.
It is vital to have this form signed by your supervisor. This is not
bureaucracy gone crazy – this is your insurance that someone in the
ISG has agreed that your plan looks suitable. No form = no approval
= no leg to stand on.
DO NOT
forget about your project until after the exams. This is too late.
It really is.
1.3
The Process (The Exam Semester)
I suspect
that you are rather pre-occupied with other things at this time.
DO take
a brief time-out while you are reading this document (yes – NOW) and
imagine just how much peace of mind you will have gained if you succeeded
in sorting out your project title and plan before the Easter break.
Give yourself that peace of mind. Make it happen!
1.4 The Process
(Life after the Exams: The Summer)
Yes – it really is that time of year
already – where are our lives going?
DO get
cracking as soon as your batteries have recharged after the exams. Of
course you can have a break after the exams – but not a three-month
break! The clock is now ticking…
DO use
at least the entire summer term to conduct your project. A satisfactory
project requires a full effort. If you cannot spend the whole summer
on your project then make sure that you start your project before the
exams.
DO contact
your supervisor as often as you feel necessary during the summer term.
This is a private thing to be sorted out between you and your supervisor.
DO manage
your time carefully and meet the project deadline. Meeting the deadline
is part of the project exercise in itself.
DO feel
free to show your supervisor a project draft at least two weeks
before the project deadline (and preferably long before that). Advice
at this stage can be very helpful in producing the final project report.
Supervisors cannot guarantee you good marks, but they can help you to
avoid receiving bad ones.
But…
DO NOT
decide in late August that your project will not work and that you need
to change direction. Decide this long long long before then. Make contingency
plans right at the start and discuss potential pitfalls with your supervisor.
DO NOT
cheerily ask your supervisor to quickly check over your project
for the first time just two days before the project deadline. They
might not be as cheery as you are about this idea and almost certainly
will not have the time.
DO NOT
be shocked and appalled to receive a bad project mark for a project
that you never showed a draft of to the supervisor that you never bothered
going to meet to ask them to sign the form Working Title and Short
Outline of Scope that you never completed.
DO NOT
try to do your whole project in the last two weeks of August. You will
fail.
2 The Project
We now
describe the project itself. We begin with the hardest part, selecting
a topic. We go on to consider issues concerning the conduct of your
research. We continue by taking a detailed look at the pitfalls of writing
and lastly (but not leastly) discuss every student’s favourite topic
- referencing.
2.1
Choosing a Topic
Water
water everywhere and not a drop to drink. This is perhaps the hardest
part of the project process and needs a bit of time and care. Get the
topic right and the rest is easy…
DO carefully
read the project guidelines and make sure that you understand exactly
what does - and does not – constitute an acceptable project. Attend
any relevant tutorials, talk to your supervisor, other staff, fellow
students, and any past students, to get a feeling for what is expected
of you. It’s not easy and even the students who live and breathe SSH,
TCP/IP, BLP, AES, ISO8732, BS7799 need help with this.
DO pick
an area that you are interested in! That might sound rather obvious
but, believe me, it is good advice. You are going to be spending several
months working on this project so it will definitely help. Pick a topic
that you want to know more about.
DO consider
choosing a topic that will involve a degree of novelty – either involving
personal research, novel experimentation, exploring a topic not well
covered in the lectures or looking at a familiar topic from a different
angle. While these are not necessary for a satisfactory project, the
best projects often fall into one of these categories.
DO make
sure that your project plan involves adding value to existing knowledge.
You can certainly add value by doing any of the things in the last DO
suggestion. However you can also add value by more humble activities
such as comparing things, analysing things, proposing things, or conducting
a critique of things.
DO consider
(if appropriate) involving other organisations in your project. This
is often another component of good projects but of course is not necessarily
appropriate for the topic that you have chosen. If you have trouble
finding appropriate external contacts then consult your supervisor for
advice. Bear in mind that it often takes time to establish suitable
links.
DO make
sure that your project involves a significant component on security.
It can be surprisingly easy to get lost amongst fascinating details
of other aspects of a problem, but you are on a security related MSc
(in case you hadn’t yet noticed)!
DO by all
means conduct a practical project. Take special care in such situations
to make sure that you can write a report that fairly reflects the practical
effort involved and make sure that you have a contingency plan in case
the unthinkable happens.
Umm…
but…
DO NOT
choose a very broad project topic without discussing it carefully with
your supervisor. If your topic is too broad then you are in grave danger
of lacking aim and direction and of having to write too shallow a report.
DO NOT
choose such a narrow topic that you run out of steam after ten pages.
This is yet another reason for talking to your supervisor. It is their
job to try to help you avoid this kind of error.
DO NOT
be overly ambitious in your plans. You know yourself better than anyone
else (I hope). Try to make your project interesting but make sure above
all else that it is a project that you are confident you can deliver
on time.
2.2 Conducting
the Research
DO appreciate
that the research phase of the project will take time. As we all know,
you can waste hours zipping around the Internet chasing that elusive
European Union Directive or conference presentation. And even more time
reading it! This is a good reason for starting this phase of your project
well before the exams.
DO make
a considerable effort to find out the latest information on the topic
that you are researching. Use as many sources as you can find. Regard
the project as a means to educate yourself (and your markers!). Read,
question, investigate. Books, papers, Internet, your grandmother, whatever.
DO seek
a variety of viewpoints. Information security is occasionally a science
- often it’s a black art.
DO be very
considerate when requesting information from external people or organisations.
Why should they waste their time doing you a favour? Explain what you
are doing and why you would like their advice.
On the
other hand…
DO NOT
believe everything you read on the Internet!! (Do I really have to say
this?)
DO NOT
automatically believe anything you read anywhere. There
is a considerable amount of rubbish written about security on the Internet,
in books, in talks (on this course?) Cast a critical eye over all the
information you are presented with. Especially from vendors!! Notice
when information from one source contradicts that from another. Make
your own judgements.
DO NOT
use a single source as your information on anything. Maybe you had better
check another document for advice on project writing!
DO NOT
send requests for information out to mass mailings of three hundred
organisations. If you wish to use techniques like this, choose a select
few organisations and explain to them exactly what you are doing, why
you are doing it, how many other organisations you have contacted and
why they were chosen. It doesn’t guarantee a reply – but it doesn’t
guarantee a rejection either.
2.3 Writing Up
– Presentation
Hello world, here comes my masterwork…
DO try
to present your project as clearly and neatly as possible. Use diagrams,
figures and tables where appropriate. Make it look as nice and easy
to read as you can. It never does any harm.
DO take
the time to carefully think out the overall structure of your project.
Organise your project into sensible bite-sized chunks. Well-defined
chapters and organised subsections go a long way towards making a project
readable. Use paragraphs. Let your writing breathe!
DO tell
a story. Have a beginning where you clarify and justify the aims of
your project. Have a middle where you go into detail about your chosen
topic. Have an end where you conclude.
DO make
your dissertation easy to navigate around. Include a breakdown of the
various major chapters (sections) at the start of the project. Do this
on a smaller scale at the start of each chapter – provide a short overview
of the pending subsections.
DO number
all sections and number all pages. This is also a good navigation aid.
DO clearly
label all diagrams, figures and tables with an identifying number and
a title. Always refer to these somewhere in the text and include a short
informal description of the contents. An unlabelled figure that is never
called in the text looks like a lost cloud drifting aimlessly across
your page.
DO consider
putting slightly off-topic details into an appendix if it detracts from
the story that you are telling. (For example, details of an algorithm
that you are not analysing in detail, source code of the program that
you wrote, screen shots of the graphical user interface of your demonstrator.)
DO consider
using a standard layout format for your document if you are not sure
whether you have enough of an artistic touch yourself. Many word processors
(such as MS Word) offer standard templates that you can work from.
It might
sound trivial but…
DO NOT
hand in a project without putting it through a spell-checker. It doesn’t
take long and it mayks a diference. It shows you care.
2.4 Writing
Up – Style
The frustrated author within.
DO be careful
with your writing style. Take time to establish what is appropriate.
DO be interesting
(otherwise your examiners will fall asleep) but DO NOT put in too many
silly analogies and clichés (otherwise your examiners might think you
are a tabloid journalist).
DO be yourself
when you write. Bruce Schneier is a clever writer, but one Bruce Schneier
is quite enough in this World thank you.
DO avoid
writing in the first person singular (me, myself, I) unless you are
expressing an opinion (see next comments). I don’t think that you should
do this.
DO provide
your own personal opinions and analysis of issues whenever this is appropriate.
This is highly encouraged. If you are expressing an opinion then make
it clear that it is your opinion and also make sure that you provide
evidence to support your opinion. DO NOT misrepresent your personal
opinion as if it is a fact. In my opinion expressing your opinion is
good because it shows an examiner very clearly that you have at least
been thinking (about something).
DO ustify
claims with suitable evidence, either by means of argument or referencing
of appropriate sources (see later).
DO e authoritative
(to prove that you know what you are talking about) but DO NOT be authoritative
when you have no idea what you are talking about! This will not go down
well with examiners.
DO e-emphasise
important points throughout your project but DO NOT repeat yourself
endlessly. Avoid needless repetition. Don’t go on and on about the same
thing. Make sure you aren’t saying the same thing over and over again.
Check your text to make sure that SSL has not been described in five
consecutive chapters.
DO if absolutely
necessary and appropriate, reproduce verbatim text from another source
directly in your dissertation BUT DO cite the source of the text and
DO use this technique sparingly!!! If you fail to acknowledge a source
of verbatim text then you may be in breach of copyright law. Be aware
that even if an author gives you permission to use their writing then
they will still be expecting to be acknowledged when this text is used.
DO feel
free to use humour in your writing, but use it sparingly and wisely,
unless you are writing your thesis on ZX80 security mechanisms.
And…
DO NOT
worry if you are not a native English speaker (writer). Your project
does not need to be a literary masterpiece. You will not be marked down
for poor English grammar. Keep it simple and clear rather than convoluted
and incomprehensible. Use all tools at your disposal (e.g. spell-checkers).
Ask a friend to proofread.
DO NOT
use marketing speak in your dissertation. Use adjectives sparingly and
carefully! Your company’s CA might well be very good in your opinion,
but it is not necessarily a centre of excellence. Your favourite organisation
may be competent in your opinion, but without careful justification
you should not claim that they are second to none in the topic that
you are investigating.
2.5 Writing Up
– Content
Nice wrapping paper – but what’s inside?
DO make
sure that you "have enough". A lightweight project is a borderline
project. The rough guideline is about 50 pages. A better guideline is
you. You will know when there is enough.
DO try
to make sure that the content of your dissertation is always relevant
to the aims and objectives of your project. While a series of amusing
pages featuring the logos of your favourite cult hacking organisation
might be a kind of fun thing to put in your dissertation, it is not
exactly relevant unless your thesis was on cyber art (which it won’t
be, by the way). Ten pages of irrelevance in a 50-page project no longer
make it a 50-page project.
DO make
sure that you introduce your project well. Make sure that the examiners
know exactly what you are trying to do and why you are trying to do
it. Include a concise but clear introduction that puts your project
into context. DO NOT assume that the examiners have the faintest idea
what your project is about, but DO NOT devote your entire project to
trying to tell them.
DO make
sure that your personal contribution is clearly identified. If you did
new research then make sure that the examiner is aware of this when
you explain it. If you wrote some software then, when you refer to it,
make it clear to the examiner that it was your code.
DO make
sure that the write up of the project fairly represents the work that
you undertook to do it. If you spent one month writing a relevant demonstrator
that you think is just the coolest thing then DO NOT refer to it in
passing in the conclusions. Have a chapter called The Demonstrator and
make sure that the examiners appreciate exactly what you did.
DO make
sure that if you claim that you are going to analyse something in your
project then you do actually analyse it. There is a big difference between
analysing something and describing something. One is a vital component
of a good project, and the other is a necessity in all projects but
an exclusive component of poor to average projects. Know and recognise
that difference!
DO consider
the alternatives. (There are other ways of providing project guidelines.
For example, could write a book and sell it and become rich and happy,
instead of stupid internal documentation, which nobody reads or pays
attention to…)
DO consider
implications. (Writing project guidelines results in hundreds of students
coming to your door asking further questions…
DO include
a well-argued and justified conclusion that answers the following questions.
Did you achieve your aims? How well? If not, then why not? Consider
the future. Where is your project topic going? Will we see implementations?
Will there be standards? What technologies are on the horizon that will
change things?
DO have
a bibliography that contains the list of all the relevant sources that
you used to compile your project. Try to link as many of these to the
major body of your report (see notes on referencing). This is not just
good form – it also clearly says hello examiners, look what resources
I can find…
DO consider
adding a list of the abbreviations that you used in your thesis. Make
sure that it is easy for a reader to recall why the DA serves the CKI
by using secure HTTQ to encrypt the HSB.
But on
t’ other hand…
DO NOT
regard 50 pages as a definitive benchmark – it’s not only size that
matters.
DO NOT
assume that by making your project 150 pages then it will get a higher
mark. The guideline is around 50 pages and so it is quite possible to
get a distinction for a 50-page project. Your contribution to those
50 pages is what counts. Of course there is no page limit – but remember
the remarks about padding with unnecessary and irrelevant material and
boring your examiners!
DO NOT
make your project 50 pages long by using double spaced size 24 font.
Your examiner might be easily fooled about some things…
DO NOT
try to sell or advertise a product, organisation or service in your
dissertation! The idea of your project is that you take a balanced approach
to a particular topic. By all means concentrate on your organisation’s
product or service, but justify why you are doing so and approach it
with an open mind. Blindly singing the praises of a product, service
or organisation without full justification will make your examiners
cringe – especially if that organisation is sponsoring or employing
you!!!!!
DO NOT
– and this applies almost exclusively to part-time students – submit
a work report as your project without discussing this carefully with
your supervisor. If you have an appropriate piece of work then DO make
sure that the normal project presentation and content requirements are
satisfied. DO provide an introduction explaining the context within
which the work was done and DO make it clear exactly what your contribution
was.
DO NOT
DO NOT DO NOT lagiarise your dissertation from any source such as a
book or an Internet site – there are ways in which this can be detected,
including several very effective automated tools. This is cheating and
in most cases is an illegal act. It is also a complete and utter waste
of your own time (and examiners’ time). If you are caught then you will
leave Royal Holloway disappointed.
2.6 Referencing
The last
but not the least – yes, hello, you do need them!
DO ake
referencing very seriously. This is an important aspect of any technical
writing and professional projects have (professional) references. The
more the merrier (within reason).
DO ake
sure that you understand the formalities of referencing in a technical
document (when to do it and how to do it). You need to reference in
many situations such as when directly quoting from a source, when expressing
someone else’s idea in your own words, when you quote examples, when
you quote background theory, when you want to direct the reader to a
text for further details. If in doubt, look at books, look at journals,
look at articles and look at reports. Consult your supervisor.
DO all
your references in the text! Only references that are genuinely cited
in the text really show how widely you have researched your project
DO ake
your references traceable. Someone else should be able to find them
based on what you write. Very interesting article, Hitesh, October 7th
1999 is not an example of this.
DO try
to avoid web references. In most cases useful and reliable information
on the web can also be found in a so-called white paper (a more formal
report) that is probably also available on the web site (or elsewhere).
Hunt for such documents carefully (sometimes this takes a bit of work)
before resorting to a web reference. Feel free, however, to include
an appropriate URL in a formal reference as an additional guide to locating
the document. Consider the sole use of a web reference as a failure
on your part to find proper documentation elsewhere. J
DO - if
you have to resort to it - provide as much information as you can about
web references. URLs are very ephemeral beasts (as we all know to our
cost) so please try to include an article title, an author, a date,
an organisation, if possible. This might make it possible to hunt down
the web page in the event that it changes URL.
DO reference
all "reports" and "surveys". According to a report
by Cadburys …. What report? Where? Are you sure that the report actually
said this, or are you reporting someone else’s report of the report
(of the report)?
However…
DO NOT just
include an enormous list of source material at the back of your project.
This is not referencing. This is collecting. If you want to include further
resources as well as your formal references then please break these resources
up into meaningful groups and explain how they were used in your project
(or could be used by a reader).
3 The Project Assessment
We end by providing a short summary of the kinds of things that examiners
are looking for in your project. If you DO and DO NOT carefully and
comprehensively then you are probably home and dry.
3.1 Pleasing the Examiners
Ultimately, this is all you really have to do. So make sure you do
it!
DO realise that all these DOs and DON’Ts have come straight from the
horses’ mouths - the examiners themselves. Each of these equine beasts
has their own pet list of things that they like, and things that they
loathe, to see in an MSc project. As a rough summary of this entire
document, here is a list of the types of things that are likely to make
an examiner feel all soft and warm and fuzzy deep deep down inside,
when they read your final report.
- Clear
aims and objectives: Have you clearly identified the scope of your
project and told the world what you are trying to do?
- Quality
of content: Does your project contain a substantial amount of relevant
and sound information?
- Novelty:
Have you added value? Have you made a new contribution to the subject?
Have you taken a fresh view? Have you extended material and made a
critical analysis? Have you considered alternatives or implications?
Have you expressed and justified your opinions?
- Presentation:
Is your project structured sensibly? Have you presented the information
in a logical and coherent way?
- Clarity
and Style: Are you clear and precise in all the statements that you
make? Have you written fairly and intelligibly?
- Achievement:
Have you achieved your objectives? If not, why not?
- Conclusions:
Have you brought your results together and drawn fair and justifiable
conclusions from your work?
- References
have you sought out and made use of a variety of resources? Have you
gathered these in a full bibliography?
- Have
you referenced these sources appropriately throughout the text?
One last
of each for the road…
DO NOT
nderestimate the task in hand! Take the project seriously – it is a
vital component of your degree program and is worth one quarter (ouch!)
of the marks.
But…
DO have
fun conducting your project and the very best of luck.
