Computer Security
Spring 2019
Design and implementation of secure computer systems. Lectures cover threat models, attacks that compromise security, and techniques for achieving security, based on recent research papers. Topics include operating system (OS) security, capabilities, information flow control, language security, network protocols, hardware security, and security in web applications. Assignments include labs that involve implementing and compromising a secure web server and web application, and a group final project.
Lectures will be held on Wednesdays 12:00pm - 3:00pm in RC-3
Grading policy
This course will be graded based on three assignments and one independent project. In the project, you need to either find a security vulnerability in an open source project or build extensions to protection mechanisms. Grading policy for the course is as follows. Each assignment is worth 15%. Project is worth 40%. Reviews of required reading is worth 10%. Class participation is worth 5%.
Collaboration
You are welcome to discuss lecture material and assignment ideas, but you should complete all assignments on your own. You should also carefully acknowledge all ideas by others, whether from classmates or from reading material. Read the Rutgers and CS academic integrity policy.
Warning
You'll learn how to attack computer systems in this lass in order to better understand how to design defenses. Do not attack other people's computers or information without their prior permission. It is illegal and will get you into serious trouble.
This recent incident highlights the consequences of attacking others' computer systems.
Acknowledgement
This course borrows heavily from prior security courses at Rutgers CS taught by Vinod Ganapathy, 6.858 from MIT taught by Frans Kaashoek and Nickolai Zeldovic, and CMSC 33250 from University of Chicago taught by Ben Zhao, Blase Ur, and David Cash.