CSc 466/566 Computer Security is an introductory course covering the fundamentals of
computer security. In particular, the course covers basic
concepts of computer security such as threat models and
security policies, and shows how these concepts apply
to specific areas such as communication security, software
security, operating system security, network security, web
security, and hardware-based security.
The class page for 2012 is here.
Lecture notes can be found here.
- Communication security:
cryptography and cryptographic protocols, including
encryption, message authentication codes, hash functions, one-way functions,
public-key cryptography, digital signatures, cryptographic protocols.
- Software security:
secure software engineering, defensive programming, control-flow
hijacking attacks (buffer overflows, format string bugs, integer overflows,
heap attacks), exploitation techniques (string analysis, fuzzing, bug finding),
analysis of code for security errors, safe languages, sandboxing techniques,
and tools for writing secure code.
- Operating system security:
memory protection, access control, authorization,
authenticating users (something you know, something you have, something you are,
- Network security:
firewalls, port scanning attacks, intrusion detection systems,
denial of service attack and defense, VPNs.
worms, spyware, rootkits, botnets, key-loggers, and defenses against them.
- Web security:
same-origin policy, cross-site scripting attacks, SQL injection attacks.
- Hardware-based security:
The trusted computing architecture and its applications.
- Intellectual property protection:
digital rights management, copy protection,
- Advanced topics:
privacy, mobile code, electronic voting, phishing, cybercrime,
cyber-terrorism, financial security, spam, covert channels.