Software Foundations of Security & Privacy

---

Course Overview

Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include:

• Policy models: safety & liveness, information flow, capabilities
• Reference monitors
• Security type systems
• Isolation principles & techniques: software fault isolation, control-flow integrity, hardware protection
• Trusted computing: authorization logic, public key infrastructure, hardware & software support
• Web application security & best practices
• Side channel vulnerability & defense
• Techniques for ensuring rigorous data privacy

Students will also gain experience applying many of these techniques to write code that is secure by construction. However, the goal of the course is to teach students the principles and algorithms behind good security and privacy solutions, so they they can adapt and extend them in the future. In order to achieve this level of understanding, the course will cover a number of key ideas from logic and languages when developing the security topics above. These include:

• Formal proof
• Soundness and completeness of deductive systems
• Program semantics
• Specification and verification of program behavior
• Software model checking

Instructor: Matt Fredrikson

TAs: Jack Duvall, Aditi Kabra, Nuno Sabino

Lectures: TuTh 8:34-9:55am, Doherty A302

Office hours:

• Monday: 2:00-3:00pm CIC 2126 (Fredrikson)
• Wednesday: 3pm-4pm, Gates Commons Table 3 (Sabino)
• Thursday: 4pm-5pm, Gates Commons Table 6 (Duvall)
• Friday: 1:30pm-2:30pm, Gates Commons Table 7 (Kabra)