Lecture: 3 hours

Project: 1 hour

Prerequisite: Course ECS 150; 152A recommended

Grading:Letter. Homework (30%), project (50%), paper reviews and class discussion (20%)

Catalog Description:
Modern topics in computer security, including: protection, access control, operating systems security, network security, applied cryptography, cryptographic protocols, secure programming practices, safe languages, mobile code, malware, privacy and anonymity, and case studies from real-world systems. Not open for credit to students who have taken course 235.

Introduces modern topics in computer security. Shows how to apply sound principles to designing secure systems and to discovering vulternabilities in existing systems. Prepares students to do research in computer security.

Expanded Course Description:

  1. Introduction: goals of computer security, threat model, principles
  2. Access control: access control lists, capabilities, confinement
  3. Software security: common software vulnerabilities, static analysis, secure coding practices
  4. Mobile code security: Java security architecture, proof-carrying code
  5. Network security: vulternabilities in the Internet, firewalls, intrusion detection
  6. Cryptography: symmetric key cryptography, public key cryptography, cryptographic protocols, authentication
  7. Malware: propagation, detection, prevention
  8. Anonymity: anonymous routing, servers, and cash
  9. E-voting

Instructor’s notes and research papers

Each student team is expected to do original research in computer security. The students are expected to spend considerably more time outside the classroom to work on their projects. With proper class scheduling and student mentoring, original research is doable, as demonstrated by previous classes.

Instructor: H. Chen

Prepared by: H. Chen (January 2006)

Overlap Statement:
This is an introductory graduate computer security course, focusing on the application aspect of computer security. This course has little overlap with other courses.