Course Description
This course covers the security of users, individual computer systems, including personal computers, smart cards and embedded platforms. The course starts with considerations of common security flaws in a computer system, security of widely used computer platforms and user authentication. Then, topics such as physical‐layer attacks and tamper resistant hardware are discussed. Finally, the course ends with a set of selected security topics like biometrics, computer forensics, and Bitcoin.
Prerequisites
Learning Objectives
- Define security objectives for a given computer system based on problem setting and requirements
- Explain how computer systems are compromised
- Learn how to defend against common attacks to various computer systems
- Apply basic security design principles to a secure computer system design and implementation
Measurable Outcomes
- Identify the security objectives of a computer system by defining and assessing the security level of an existing computer system properly and comprehensively, through a design project
- Demonstrate ability to apply and analyse common attacks on various computer systems, through successfully compromising a computer system in a laboratory environment
- Analyze and apply defensive technology and software to defend various computer systems, by demonstrating security level improvement of existing vulnerable computer systems
- Demonstrate mastery of applying system security design principles and best practices by interpreting the process of securing a computer system in a design project
Topics Covered
- Introduction
- Memory safety attacks
- Defenses for memory safety
- Authentication
- Privilege Separation
- Isolation
- Hardware Security
- Mobile Security
- Web Security
- Secure Channels
- Secure Messaging
Textbook(s) and/or Other Required Material
- Ross Anderson, Security Engineering, John Wiley & Sons, 2001
- Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, 2011