Software Foundations of Security & Privacy
Course Overview
Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include:
- Policy models: safety & liveness, information flow, capabilities
- Reference monitors
- Security type systems
- Isolation principles & techniques: software fault isolation, control-flow integrity, hardware protection
- Trusted computing: authorization logic, public key infrastructure, hardware & software support
- Web application security & best practices
- Side channel vulnerability & defense
- Techniques for ensuring rigorous data privacy
- Formal proof
- Soundness and completeness of deductive systems
- Program semantics
- Specification and verification of program behavior
- Software model checking
Instructor: Matt Fredrikson
TAs: Jiaqi Liu, Victor Song
Lectures: TuTh 8:34-9:55am, Margaret Morrison A14
Office hours:
- Monday: 1-2pm CIC 2126
- Tuesday: 10-11am CIC 2126
- Wednesday: 2-3pm Gates Commons (Table 4), 4-6pm Gates Commons (Table 4)
- Thursday: 1-3pm Gates Commons (Table 1)
- Friday: 3-4pm Gates Commons (Table 5)