Revised Apr 16, 2016

CS 458: Computer Security and Privacy


Watch a video introduction to this course on YouTube.

General description

This course introduces students to security and privacy issues that affect various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. The course examines the causes of security and privacy breaches and provides methods to help prevent them.

Logistics

Audience

  • CS major students in third or fourth year

Normally available

  • Fall, Winter, and Spring

Related courses

  • Pre-requisites: CS 350 or SE 350; Computer Science students only
  • Anti-requisites: ECE 458

For official details, see the UW calendar.

Software/hardware used

  • Linux, including virtualized Linux environments
  • Common Linux development and debugging tools, including gcc, gdb, and text editors
  • Mathematics software, such as Maple
  • Secure shell (ssh) and secure copy (scp)
  • Client and server network applications, such as web servers and curl
  • Network traffic analysis tools, such as wireshark
  • A program to produce PDF-format documents
  • Submit command for assignment submission

Typical reference(s)

  • Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Security in Computing, fifth edition

Required preparation

At the start of the course, students should be able to

  • Write, test, and debug programs of moderate size
  • Explain basic properties of the C memory model: bytes vs. words, memory as an array, run-time stack and stack frames, memory allocation on the heap vs. automatic allocation on the stack, pointers as memory addresses
  • Describe memory management (as related to operating systems) and virtual memory
  • Explain the concepts of threads, processes, and address spaces
  • Explain how processes can communicate within the same machine
  • Understand and use basic algebra and probability

Learning objectives

At the end of the course, students should be able to

  • Create programs that can defend against active attacks, not just against random bugs
  • Analyze programs and computing systems to point out security and privacy vulnerabilities
  • Identify and explain security and privacy related threats and issues across a range of computing systems
  • Identify and explain common approaches to protecting security and privacy in computing systems and evaluate the effectiveness of their deployments
  • Enumerate and differentiate key components of security and privacy policies, and evaluate proposed content for them
  • Demonstrate knowledge of legal and ethical issues in computing, particularly as applied to security and privacy

Typical syllabus

Introduction to computer security and privacy (1.5 hours)

  • Meaning of computer security, comparing security with privacy, types of threats and attacks, methods of defense

Program security (6 hours)

  • Secure programs, nonmalicious program errors, malicious code, controls against program threats

Operating system security (6 hours)

  • Methods of protection, access control, user authentication

Network security (4.5 hours)

  • Network threats, firewalls, intrusion detection systems

Internet application security and privacy (9 hours)

  • Basics of cryptography, security and privacy for Internet applications (email, instant messaging, web browsing), privacy-enhancing technologies

Database security and privacy (4.5 hours)

  • Security and privacy requirements, reliability, integrity, and privacy, inference, data mining, k-anonymity

Non-technical aspects (4.5 hours)

  • Administration of security systems, policies, physical security, economics of security, legal and ethical issues