EECS 588: Computer and Network Security

Professor J. Alex Halderman

Course Homepage:

This course covers foundational work and current topics in computer systems security. We will read research papers and discuss attacks and defenses against operating systems, client-side software, web applications, and IP networks. Students will be prepared for research in computer security and for security-related research in other subfields, and they will gain hands-on experience designing and evaluating secure systems.


  • Part 1: Building Blocks
    • The security mindset, thinking like an attacker, reasoning about risk, research ethics
    • Symmetric ciphers, hash functions, message authentication codes, pseudorandom generators
    • Key exchange, public-key cryptography, key management, the SSL protocol
  • Part 2: Software Security
    • Exploitable bugs: buffer overflows and other common vulnerabilities, attacks and defenses
    • Malware: viruses, spyware, rootkits, operation and detection
    • Automated security testing and tools for writing secure code
    • Virtualization, sandboxing, and OS-level defenses
  • Part 3: Web Security
    • The browser security model
    • Web site attacks and defenses: cross-site scripting, SQL injection, cross-site reference forgery
    • Internet crime: spam, phishing, botnets, technical and nontechnical responses
  • Part 4: Network Security
    • Network protocols security: TCP and DNS, attacks and defenses
    • Policing packets: Firewalls, VPNs, intrusion detection
    • Denial of service attacks and defenses
    • Wireless and mobile device security
    • Data privacy, anonymity, censorship, surveillance
  • Part 5: Advanced Topics
    • Hardware security, attacks and defenses
    • Trusted computing and digital rights management
    • Electronic voting , vulnerabilities, cryptographic voting protocols
    • Physical security , locks and safes