Course catalog: Basic notions of confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; and risk assessment.
You should come out of this course with a broad understanding of information security, focusing on software security, network security, web security, cryptography, and privacy technologies, as well as how these security issues can impact real world systems.
In 2016 more than 2 billion records and $450 billion were lost due to publicly-reported criminal and nation-state cyberattacks across the globe, and over 100 million medical records were stolen in the United States alone. The failure of our existing security infrastructure motivates the need for improved technologies, and cryptography provides a powerful tool for doing this. Over the past several years though, we have seen a number of serious vulnerabilities in the cryptographic pieces of systems, some with large consequences.
This course will teach cryptography and cryptographic design principles as they are applied to real world systems, both in how to correctly use cryptography to build secure systems as well as examining flaws and "breaks" in already deployed systems. We will also discuss the mistakes that led to these flaws, how these flaws could have been prevented, and various tools and techniques that exist for building cryptographic systems in practice. Students will have the opportunity to implement cryptographic schemes and explore cryptographic failures in practice, as well as engage in a semester-long research project related to applied cryptography. The course will be largely lecture-based.