In addition to the regularly-offered courses listed below, various topics courses are offered each year. In 2012-2013, we will offer the following topics courses:
- Cyber-Physical Systems (fall 2012) with Professor Krishna Venkatasubramanian (CS)
- Online Privacy (fall 2012) with Professor Craig Wills (CS)
- Spring 2013 courses TBA
CS557. Software Security Design and Analysis
Software is responsible for enforcing many central security goals in computer systems. These goals include authenticating users and other external principals, authorizing their actions, and ensuring the integrity and confidentiality of their data. This course studies how to design, implement, and analyze mechanisms to enforce these goals in both web systems and programs in traditional languages. Topics include: identifying programming choices that lead to reliable or flawed security outcomes, successful and unsuccessful strategies for incorporating cryptography into software, and analysis techniques that identify security vulnerabilities. The course will cover both practical and theoretical aspects of secure software, and will include a substantial secure software design project.
Prerequisites: Programming and software engineering experience (commensurate with an undergraduate Computer Science major), and background in foundational models of computing systems (on par with CS5003 or CS503).
CS558. Computer Network Security
This course covers core security threats and mitigations at the network level. Topics include: denial-of-service, network capabilities, intrusion detection and prevention systems, worms, botnets, Web attacks, anonymity, honeypots, cybercrime (such as phishing), and legality and ethics. The course prepares students to think broadly and concretely about network security; it is not designed to teach students low-level tools for monitoring or maintaining system security. Assignments and projects will assess each student’s ability to think both conceptually and practically about network security.
Prerequisites: a strong background in computer networking and systems, either at the undergraduate or graduate level, and moderate programming experience.
CS564. Advanced Topics in Computer Security
This course examines one or more selected current issues in the area of computer security. Specific topics covered are dependent on the instructor. Potential topics include: modeling and analyzing security protocols, access-control, network security, and human-centered security.
Prerequisites: a graduate level security course or equivalent experience. See the SUPPLEMENT section for descriptions of courses to be offered in this academic year.
CS571. Case Studies in Computer Security
This course examines security challenges and failures holistically, taking into account technical concerns, human behavior, and business decisions. Using a series of detailed case studies, students will explore the interplay among these dimensions in creating secure computing systems and infrastructure. Students will also apply lessons from the case studies to emerging secure-systems design problems. The course requires active participation in class discussions, presentations, and writing assignments. It does not involve programming, but assumes that students have substantial prior experience with security protocols, attacks, and mitigations at the implementation level. This course satisfies the behavioral component of the MS specialization in computer security.
Prerequisites: A prior course or equivalent experience in technical aspects of computer security, at either the software or systems level.
ECE 578/CS 578. Cryptography and Data Security
This course gives a comprehensive introduction to the field of cryptography and data security. The course begins with the introduction of the concepts of data security, where classical algorithms serve as an example. Different attacks on cryptographic systems are classified. Some pseudo-random generators are introduced. The concepts of public and private key cryptography are developed. As important representatives for secret key schemes, DES and IDEA are described. The public key schemes RSA and ElGamal, and systems based on elliptic curves are then developed. Signature algorithms, hash functions, key distribution and identification schemes are treated as advanced topics. Some advanced mathematical algorithms for attacking cryptographic schemes are discussed. Application examples will include a protocol for security in a LAN and a secure smart card system for electronic banking. Special consideration will be given to schemes which are relevant for network environments. For all schemes, implementation aspects and up-to-date security estimations will be discussed.
Prerequisites: Working knowledge of C; an interest in discrete mathematics and algorithms is highly desirable. Students interested in a further study of the underlying mathematics may register for MA 4891 [B term], where topics in modern algebra relevant to cryptography will be treated.
ECE 673. Advanced Cryptography
This course provides deeper insight into areas of cryptography which are of great practical and theoretical importance. The three areas treated are detailed analysis and the implementation of cryptoalgorithms, advanced protocols, and modern attacks against cryptographic schemes. The first part of the lecture focuses on public key algorithms, in particular ElGamal, elliptic curves and Diffie-Hellman key exchange. The underlying theory of Galois fields will be introduced. Implementation of performance security aspects of the algorithms will be looked at. The second part of the course deals with advanced protocols. New schemes for authentication, identification and zero-knowledge proof will be introduced. Some complex protocols for real-world application— such as key distribution in networks and for smart cards—will be introduced and analyzed. The third part will look into state-of-the-art cryptoanalysis (i.e., ways to break cryptosystems). Brute force attacks based on special purpose machines, the baby-step giant-step and the Pohlig-Hellman algorithms will be discussed.
Prerequisites: ECE 578/ CS 578 or equivalent background.