Software Foundations of Security & Privacy
Course Overview
Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include:
- Policy models: safety & liveness, information flow, capabilities
- Reference monitors
- Security type systems
- Isolation principles & techniques: software fault isolation, control-flow integrity, hardware protection
- Trusted computing: authorization logic, public key infrastructure, hardware & software support
- Side channel vulnerability & defense
- Techniques for ensuring rigorous data privacy
- Formal proof
- Soundness and completeness of deductive systems
- Program semantics
- Specification and verification of program behavior
- Software model checking
Instructor: Frank Pfenning
TAs: Myra Dotzel, Derek Duenas, Hemant Gouni, Runming Li, Ray Man, Jason Yao
Lectures: TuTh 2:00-3:20, Porter Hall 100
Office hours:
- Monday: Frank, 10:30am-12:00noon (and by appointment), GHC 6017
- Monday: Runming Li, 5:00pm-6:30pm, GHC 5113
- Tuesday: Myra, 10:00am-11:30am, GHC Commons Table 5
- Tuesday: Ray, 4:00pm-5:30pm, GHC Commons Table 2
- Wednesday: Jason, 5:00pm-6:30pm, GHC Carrel 3
- Thursday: Derek, 10:00am-11:30am, GHC Commons Table 6
- Friday: Hemant 2:30pm-4:00pm, GHC Commons Table 1
Grading
- Written assignments (5) totaling 400 points
- Labs (3) totaling 400 points
- Midterm exam worth 200 points
(in lecture on Oct 10, closed book, closed notes)