This course introduces students to the fundamentals of computer security, and is structured into four broad sections: Software Security, Cryptography, System/Network Security, and Human Factors. Recurring themes will be crisply defining security goals, assessing possible vulnerabilities that might undermine those goals, and learning and how to identify, fix, and prevent such vulnerabilities. Ultimately students will master the distinguishing feature of the security field, which is the ubiquitous need to consider an adversary, and the resulting interplay between attack and defense that routinely advances both theory and practice.
After completing the course, students will be able to:
- Develop (formal and informal) threat models for modern systems.
- Justify fundamental security principles and apply them to the analysis of novel situations.
- Identify common security vulnerabilities, develop exploits against them, and assess the tradeoffs of possible defenses.
- Explain common techniques used to construct secure systems and evaluate their effectiveness against a range of attacks.
- Select the appropriate cryptographic primitive to achieve a desired security property, perform basic cryptographic proofs, and evaluate the security of cryptographic protocols.
- Argue for and against laws and public policy that intersect with computer security.
- Incorporate human factors into the evaluation of the security of a system.
See the lecture schedule for a more detailed list of topics covered.
This course is the first step in both the SCS Security & Privacy concentration and the ECE Security & Privacy concentration. These concentrations are designed to expose students to the key facets of and concerns about computer security and privacy that drive practice, research, and legislation. On completing the curriculum, students will be prepared to continue developing their interests in security or privacy through graduate study; to be informed participants in public and other processes that shape how organizations and society develop to meet new challenges related to computer security or privacy; and to take jobs in security or privacy that will provide further training in applicable areas.
Concretely, today there are approximately 500,000 cybersecurity-related job openings in the United States  with a projected need for 1.8 million additional cybersecurity professionals by 2022 . As a specific example, U.S. News recently ranked information security analyst the fourth best technology job with a median salary of $95,510.
When: MWF 3:20PM-04:40PM, EDT
Where: The Internet
- Professor Bryan Parno
- Teaching Assistants
- Isabel Basow
- Ari Cohn
- Rebecca Finn
- Jon Miao
- Oscar Ramirez Poulat
- Page Yu