This graduate level course (4V+2Ü) begins with a historical perspective of cryptography and its importance today, followed by an introduction to the theory, principles and application of modern cryptography with a focus on the asymptotic security model. The course covers pseudorandomness, secret key and public key encryption, operation modes, hash functions, message authentication codes, digital signatures, homomorphic encryption, eavesdropping attacks, chosen plaintext attacks, chosen ciphertext attacks, secure message transmission schemes, the random oracle model, sequences of games, limitations of the asymptotic security model, key distribution and key management. Along the lines, students will learn to avoid common mistakes when designing cryptographic protocols and they learn to properly assess cryptographic protocol proposals at a high level. This parts of the course puts heavy emphasis on proofs of security and sound formal arguments. In the last part of the course we will cover security protocols in common use.
Prerequisites:
Literature:
This undergraduate level course (2V+2Ü) covers four topics from a theoretical and practical perspective. First, how do you define and measure security? Second, what are security policies, how are they defined formally and how are they represented in practice? Third, what are enforcement mechanisms and what is their relationship with security policies? Fourth, what functional aspects of a system impede the implementation of effective enforcement mechanisms? The course covers these topics with attention to operating systems, programming languages, networked systems and the human-machine interface. Some necessary cryptographic basics are introduced as well.
Graduates of this course understand common threats to information systems and security functions to counter them. They understand how security functions achieve security objectives and they can select security functions appropriately. For moderately complex scenarios, they can analyze threats, derive security objectives, select and implement appropriate security functions and reason soundly in favor of their choices and against others.
This undergraduate level course (2V+2Ü) begins with a historical perspective of computer security and its importance today, followed by an introduction to the concepts necessary to understand, model and assess computer security. The course covers topics such as passwords, access control theory, security policies, reference monitors, security kernels, capabilities, hardware security mechanisms, information flow control, compiler-based security mechanisms, Trojan Horses, covert channels, side-channel attacks, input validation, stack, heap and integer overflows, format string vulnerabilities, race conditions, computer security criteria, evaluation assurance, user interfaces and security. This is a reading-intensive course. Students will be exposed to a broad range of computer security issues. Along those lines, students will learn to identify and avoid typical software development mistakes that lead to security vulnerabilities.
Prerequisites:
Literature: