Software is responsible for enforcing many central security goals in computer systems. These goals include authenticating users and other external principals, authorizing their actions, and ensuring the integrity and confidentiality of their data.
This course studies how to design, implement, and analyze mechanisms to enforce these goals in both web systems and programs in traditional languages. Topics include: identifying programming choices that lead to reliable or flawed security outcomes, successful and unsuccessful strategies for incorporating cryptography into software, and analysis techniques that identify security vulnerabilities. The course will cover both practical and theoretical aspects of secure software, and will include a substantial secure software design project.
Prerequisites
Programming and software engineering experience (commensurate with an undergraduate Computer Science major), and background in foundational models of computing systems (on par with CS 5003 or CS 503)