Our growing reliance on information systems for daily activities, ranging from remote communications to financial exchanges, has made information security a central issue of our critical infrastructure. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective, taking into account technical, economic, and policy factors. Some of the topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; policy and export control laws in the U.S., Japan, and elsewhere; privacy; management and assurance; economics of security; and special topics in information security.
This course primarily aims at providing a level of literacy in information security adequate enough to understand the security implications on a number of diverse domains including software engineering; networking; privacy; and policy.
A secondary objective is to provide a working knowledge of topics such as cryptography, privacy, network security, and infrastructure management, so that students can acquire the necessary background for more advanced security courses.
After completing this course, students should be able to reason about systems from the perspective of a security engineer. That is, they should be able to define the system to protect; determine the security properties that are desired for this system; identify the possible threats to these security properties and their likelihood of occurrence; and consider possible mitigations against these threats.
The course will cover the following topics:
- Threat models
- Basic security properties
- Basic policy overview
- Cryptography I: history, private key algorithms
- Cryptography II: DES, stream cyphers
- Cryptography III: public key algorithms
- Cryptography IV: unkeyed algorithms, hashes
- Access control I: Operating systems
- Access control II: Multilevel & multilateral security
- Buffer overflows and software vulnerabilities
- Security protocols
- SSL, Networks I: TCP vulnerabilities
- Networks II: DDoS attacks
- Networks III: Anonymity
- Guest lecure/Applications:TBD
- Wireless Security, Intelligent Jamming
- Elements of Web Security
- Copyright law and P2P
- Security economics
- Management, assurance
The course assumes a basic working knowledge of computers, networks, C and UNIX programming as well as an elementary mathematics background. But, it does not assume and prior exposure to topics in computer or communications security. Students lacking technical background (e.g. students without any prior exposure to programming) are expected to catch up through self-study.