Revised Apr 16, 2016
CS 458: Computer Security and Privacy
Watch a video introduction to this course on YouTube.
General description
This course introduces students to security and privacy issues that affect various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. The course examines the causes of security and privacy breaches and provides methods to help prevent them.
Logistics
Audience
- CS major students in third or fourth year
Normally available
- Fall, Winter, and Spring
Related courses
- Pre-requisites: CS 350 or SE 350; Computer Science students only
- Anti-requisites: ECE 458
For official details, see the UW calendar.
Software/hardware used
- Linux, including virtualized Linux environments
- Common Linux development and debugging tools, including gcc, gdb, and text editors
- Mathematics software, such as Maple
- Secure shell (ssh) and secure copy (scp)
- Client and server network applications, such as web servers and curl
- Network traffic analysis tools, such as wireshark
- A program to produce PDF-format documents
- Submit command for assignment submission
Typical reference(s)
- Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Security in Computing, fifth edition
Required preparation
At the start of the course, students should be able to
- Write, test, and debug programs of moderate size
- Explain basic properties of the C memory model: bytes vs. words, memory as an array, run-time stack and stack frames, memory allocation on the heap vs. automatic allocation on the stack, pointers as memory addresses
- Describe memory management (as related to operating systems) and virtual memory
- Explain the concepts of threads, processes, and address spaces
- Explain how processes can communicate within the same machine
- Understand and use basic algebra and probability
Learning objectives
At the end of the course, students should be able to
- Create programs that can defend against active attacks, not just against random bugs
- Analyze programs and computing systems to point out security and privacy vulnerabilities
- Identify and explain security and privacy related threats and issues across a range of computing systems
- Identify and explain common approaches to protecting security and privacy in computing systems and evaluate the effectiveness of their deployments
- Enumerate and differentiate key components of security and privacy policies, and evaluate proposed content for them
- Demonstrate knowledge of legal and ethical issues in computing, particularly as applied to security and privacy
Typical syllabus
Introduction to computer security and privacy (1.5 hours)
- Meaning of computer security, comparing security with privacy, types of threats and attacks, methods of defense
Program security (6 hours)
- Secure programs, nonmalicious program errors, malicious code, controls against program threats
Operating system security (6 hours)
- Methods of protection, access control, user authentication
Network security (4.5 hours)
- Network threats, firewalls, intrusion detection systems
Internet application security and privacy (9 hours)
- Basics of cryptography, security and privacy for Internet applications (email, instant messaging, web browsing), privacy-enhancing technologies
Database security and privacy (4.5 hours)
- Security and privacy requirements, reliability, integrity, and privacy, inference, data mining, k-anonymity
Non-technical aspects (4.5 hours)
- Administration of security systems, policies, physical security, economics of security, legal and ethical issues