Radu Sion

Introduces the basic concepts and terminology of computer security. Covers basic security topics such as cryptography, operating systems security, network security, and language-based security.

Bulletin Link

• Conversant with the basic terminology and concepts of computer security.
• Understand basic security threats to systems and networks.
• Be familiar with basic strategies used to protect systems and networks.
• Be able to analyze, design, and build secure systems of basic complexity.

Ross J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition", Publisher: Wiley; 2 edition (April 14, 2008), ISBN-10: 0470068523, ISBN-13: 978-0470068526

• Week 1. Introduction to computer security. Basic concepts, threat models, common security goals. Basic Cryptography.
• Week 2. Cryptography and cryptographic protocols, including encryption, authentication, message authentication codes, hash functions, one-way functions, public-key cryptography, secure channels, zero knowledge in practice, cryptographic protocols and their integration into distributed systems, and other applications.
• Week 3. Cryptography and cryptographic protocols. Software security. Secure software engineering, defensive programming, buffer overruns and other implementation flaws.
• Week 4. Language-based security: analysis of code for security errors, safe languages.
• Week 5. Language-based security: sandboxing techniques. Operating system security: Memory protection, access control, authorization, authenticating users.
• Week 6. Operating system security. Memory protection, access control, authorization, authenticating users, enforcement of security, security evaluation, trusted devices, digital rights management.
• Week 7. Operating system security. Memory protection, access control, authorization, authenticating users, enforcement of security, security evaluation, trusted devices, digital rights management.
• Week 8. Malicious code analysis and defense. Worms, spyware, rootkits, botnets, etc., and defenses against them.
• Week 9. Network security. Firewalls, intrusion detection systems, DoS attacks and defense. Case studies: DNS, IPSec.
• Week 10. Network security. Firewalls, intrusion detection systems, DoS attacks and defense. Case studies: DNS, IPSec.
• Week 11. Web security. XSS attacks and defenses, etc.
• Week 12. Advanced topics and case studies, to be chosen according to instructor and student interest. (Possible examples: privacy, mobile code, digital rights management and copy protection, trusted devices, denial of service and availability, network based attacks, security and the law, electronic voting, quantum cryptography, penetration analysis, ethics, full disclosure.)
• Week 13. Advanced topics and case studies, to be chosen according to instructor and student interest. (Possible examples: privacy, mobile code, digital rights management and copy protection, trusted devices, denial of service and availability, network based attacks, security and the law, electronic voting, quantum cryptography, penetration analysis, ethics, full disclosure.)