EECS 588: Computer and Network Security
Instructor:
Professor J. Alex Halderman
Course Homepage:
http://www.eecs.umich.edu/courses/eecs588/
Coverage
This course covers foundational work and current topics in computer systems security. We will read research papers and discuss attacks and defenses against operating systems, client-side software, web applications, and IP networks. Students will be prepared for research in computer security and for security-related research in other subfields, and they will gain hands-on experience designing and evaluating secure systems.
Syllabus
- Part 1: Building Blocks
- The security mindset, thinking like an attacker, reasoning about risk, research ethics
- Symmetric ciphers, hash functions, message authentication codes, pseudorandom generators
- Key exchange, public-key cryptography, key management, the SSL protocol
- Part 2: Software Security
- Exploitable bugs: buffer overflows and other common vulnerabilities, attacks and defenses
- Malware: viruses, spyware, rootkits, operation and detection
- Automated security testing and tools for writing secure code
- Virtualization, sandboxing, and OS-level defenses
- Part 3: Web Security
- The browser security model
- Web site attacks and defenses: cross-site scripting, SQL injection, cross-site reference forgery
- Internet crime: spam, phishing, botnets, technical and nontechnical responses
- Part 4: Network Security
- Network protocols security: TCP and DNS, attacks and defenses
- Policing packets: Firewalls, VPNs, intrusion detection
- Denial of service attacks and defenses
- Wireless and mobile device security
- Data privacy, anonymity, censorship, surveillance
- Part 5: Advanced Topics
- Hardware security, attacks and defenses
- Trusted computing and digital rights management
- Electronic voting , vulnerabilities, cryptographic voting protocols
- Physical security , locks and safes