Syllabus


Course description: Computer systems have become a vital part of our everyday professional and personal life and are being used for several critical tasks (e.g., online banking, social networking). These tasks can however expose the users to various security threats (e.g., credit card number theft, personal information leakage). Therefore there is a need for designing secure computer systems.

This course teaches both theoretical and practical concepts of computer systems security. Topics include symmetric/asymmetric encryption, message authentication, digital signatures, access control, network security, web security, distributed systems security and cloud security. The class will provide students with the necessary tools for designing secure computer systems and programs and for defending against malicious threats (e.g., viruses, worms, denial of service). The class is designed to be accessible to students of various backgrounds and majors (such as EE, CE, CS).


Course prerequisites: ENEE150 or CMSC132 or permission of the instructor.


Topic prerequisites: Knowledge of programming and basic knowledge of algorithms and data structures.


Core topics:

  1. Introduction to computer security (threat model, attacks, defenses).
  2. Basic tools in computer security (symmetric and asymmetric encryption, message authentication, digital signatures, access control).
  3. Security protocols (key exchange, secure and private communication, anonymous communication).
  4. Systems security (permissions in Windows/Unix, buffer overflow, password-based authentication).
  5. Network security (basic internet technology, DNS, denial of service, WiFi security).
  6. Web security (XSS attacks, browser vulnerabilities, SQL injection attacks)
  7. Applications security (email security, e-cash, Bitcoin).
  8. Cloud security (authenticated data structures, verifiable computation, homomorphic encryption).
  9. Malicious software (backdoors, viruses, worms, rootkits, static and dynamic analysis).


Grading policy:

   
Homeworks (5) 20%
Programming projects (5) 30%
Build-It-Break-It project (1) 10%
Midterm 10%
Final 25%
In-class presentation of security vulnerability 5%
Extra credit (research project) Up to 10%


Readings: Slides and selected research papers will be provided.


References:

  1. Introduction to Computer Security (Goodrich and Tamassia, Addison Wesley, 2011).
  2. Introduction to Modern Cryptography (Katz and Lindell, Chapman & Hall/CRC, 2014).
  3. Cryptography and Network Security: Principles and Practice (Stallings, Pearson, Sixth Edition, 2014).