This course provides an introduction to security and privacy issues in various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.
Students completing this course should be better able to produce programs that can defend against active attacks, and not just against random bugs.
CS 658 is a course intended for CS graduate students
Prerequisites: CS 350 or ECE 354
Required text: Security in Computing, 4th Edition, Charles P. Pfleeger and Shari Lawrence Pfleeger.
Three hours of lectures per week (held with CS 458). Offered in F,W.
Graduate Student Research Paper
Students registered in CS 658 must write a research survey paper on a topic related to computer security or privacy. The topic must be approved in advance by the instructor. In writing the paper, the student must become familiar with the research literature relevant to the topic. The paper should be a summary of past and current work on the topic, as well as an overview of known open problems and potential future directions in the area. The paper should provide a concise summary of work, emphasizing major accomplishments, rather than a detailed accounting of individual pieces of research activity.
Introduction to Computer Security and Privacy (1.5 hours)
The meaning of computer security; comparing security with privacy; types of threats and attacks; methods of defense
Program Security (6 hours)
Secure programs; nonmalicious program errors; malicious code; controls against program threats
Operating System Security (6 hours)
Methods of protection; access control; user authentication
Network Security (4.5 hours)
Network threats; firewalls, intrusion detection systems
Internet Application Security and Privacy (9 hours)
Basics of cryptography; security and privacy for Internet applications (email, instant messaging, web browsing); privacy-enhancing technologies
Database Security and Privacy (4.5 hours)
Security and privacy requirements; reliability, integrity, and privacy; inference; data mining; k-anonymity
Non-technical Aspects (4.5 hours)
Administration of security systems; policies; physical security; economics of security; legal and ethical issues