Computer system security is quickly becoming a critical aspect of computer engineering and system management. As more and more of the world's resources are controlled by or stored in computers, it becomes increasingly important to secure them from malicious and accidental attacks. This course will cover computer system security broadly, focusing on the "systems" aspects of the art -- what problems are faced, what tools are available, and how the tools can be utilized to address the problems.
For those familiar with 15-827 (Security & Cryptography): one should consider these courses as complementary, with neither being a pre-requisite to the other. There will be only a small amount of overlap, as 18-849 will utilize some of the tools (e.g., cryptography) derived in 15-827 but will not dive deeply into the derivations and inner workings. (18-849 will also shy away from the E-commerce topics that are covered solidly in 15-827, so as to further avoid overlap.)
Regular lectures by the instructor on core topics of computer system security. Critical study and discussion of recent literature in each of the core topic areas. This will include student involvement in discussions! Homework problems, constructed by the students and answered "publicly" to the class. Discussion of the problems and answers will be encouraged. Several guest lectures by experts in the field. A system security project consisting of some kind of hands-on experimentation with (building, evaluating, and/or breaking) security tools.
18-849 will be rather broad in scope, but will focus on the practical and design aspects of computer system security (as opposed to the formal and theoretical aspects). Topics covered will include:
There will also be a variety of additional readings, from books and the research literature, many of which will be handed out in class. See the Lectures & Readings page for an overview of these.
Most projects will be done individually or in teams of 2 students. Suggestions for projects will be provided by the staff, but you are free to make your own proposal for a project. Projects may overlap with the research for your Masters/PhD thesis research (if said research is in the area of computer system security, the instructor approves it, and your advisor does not mind).
More information about the project is available here.
Computer system security is a broad topic, and the instructor will assume solid background in major relevant areas, including operating systems, networking, and distributed systems. To make certain no one gets in over their head, explicit permission of the instructor is required.
This course will be under development as it is being offered, and the class size will be limited even though high demand is expected. Therefore, no one will be admitted without permission of instructor. If you wish to be a part of the course, please fill out a form at the ECE graduate office (HH/1115) as soon as possible. The instructor will try to address enrollment as soon as possible. Expect to receive e-mail from the instructor by Sunday 8/22.
Note: This course is intended mainly for research-track graduate students, and students further along in the graduate program will be given priority over newer students. We expect this course to be an annual offering.
Any careful examination of computer system security must include a study of factors that lead to insecure systems. During the course of this class, you may learn about vulnerabilities that could be exploited against other sites. Under no circumstances are students to "try out" attacks on arbitrary systems. Attempts to gain access to, otherwise abuse systems, or collect information from systems for which you are not authorized is a violation of the law. You will be prosecuted if discovered. If you would like to investigate a network or system attack, please consult with the instructor and, if feasible, arrangements will be made for you to experiment on completely isolated systems or networks.
Patents may apply to some of the algorithms discussed in this class. Be advised that you should not produce and distribute software and/or hardware in violation of patent or other legal restrictions.
Export restrictions must be considered when using cryptographic products. These restrictions may apply to either hardware or software. You are expected to honor export restrictions as they apply to a given hardware or software product. Foreign students take note: you can be arrested if you attempt to transfer export controlled software out of the United States in any way.
* This center-of-the-target statement is adapted from one of Cynthia Irvine's course descriptions (CS3690 at Naval Academy).
This is the first offering of this course -- students should expect the going to be rough and awkward at times. The instructor promises to work his petutie off trying to make it as rich, educational, and fun as possible. The instructor has high hopes for the term.
In turn, the instructor expects maturity and effort from the students. Since this is an advanced graduate course, the instructor does not intend to spend much time checking up on the students effort -- the instructor simply expects it to be there. This includes doing the readings ahead of class, attending every meeting of the class (except when not possible), and working steadily and actively on the project. This also includes issues of appropriate behavior as outlined above (Computer and Network Ethics). Again, the instructor has high hopes and no doubt that the hopes will be realized.