50.044 System Security
Course Description
This course covers the security of users, individual computer systems, including personal computers, smart cards and embedded platforms. The course starts with considerations of common security flaws in a computer system, security of widely used computer platforms and user authentication. Then, topics such as physical‐layer attacks and tamper resistant hardware are discussed. Finally, the course ends with a set of selected security topics like biometrics, computer forensics, and Bitcoin.
Prerequisites
Learning Objectives
- Define security objectives for a given computer system based on problem setting and requirements
- Explain how computer systems are compromised
- Learn how to defend against common attacks to various computer systems
- Apply basic security design principles to a secure computer system design and implementation
Measurable Outcomes
- Identify the security objectives of a computer system by defining and assessing the security level of an existing computer system properly and comprehensively, through a design project
- Demonstrate ability to apply and analyse common attacks on various computer systems, through successfully compromising a computer system in a laboratory environment
- Analyze and apply defensive technology and software to defend various computer systems, by demonstrating security level improvement of existing vulnerable computer systems
- Demonstrate mastery of applying system security design principles and best practices by interpreting the process of securing a computer system in a design project
Topics Covered
- Introduction
- Memory safety attacks
- Defenses for memory safety
- Authentication
- Privilege Separation
- Isolation
- Hardware Security
- Mobile Security
- Web Security
- Secure Channels
- Secure Messaging
Textbook(s) and/or Other Required Material
- Ross Anderson, Security Engineering, John Wiley & Sons, 2001
- Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, 2011
Course Instructor(s)