Back to Course List

EECS 588: Computer and Network Security

Instructor: J. Alex Halderman

Course Homepage:

This course covers foundational work and current topics in computer systems security. We will read research papers and discuss attacks and defenses against operating systems, client-side software, web applications, and IP networks. Students will be prepared for research in computer security and for security-related research in other subfields, and they will gain hands-on experience designing and evaluating secure systems.

Part 1: Building Blocks
The security mindset, thinking like an attacker, reasoning about risk, research ethics
Symmetric ciphers, hash functions, message authentication codes, pseudorandom generators
Key exchange, public-key cryptography, key management, the SSL protocol

Part 2: Software Security
Exploitable bugs: buffer overflows and other common vulnerabilities, attacks and defenses
Malware: viruses, spyware, rootkits, operation and detection
Automated security testing and tools for writing secure code
Virtualization, sandboxing, and OS-level defenses

Part 3: Web Security
The browser security model
Web site attacks and defenses: cross-site scripting, SQL injection, cross-site reference forgery
Internet crime: spam, phishing, botnets, technical and nontechnical responses

Part 4: Network Security
Network protocols security: TCP and DNS, attacks and defenses
Policing packets: Firewalls, VPNs, intrusion detection
Denial of service attacks and defenses
Wireless and mobile device security
Data privacy, anonymity, censorship, surveillance

Part 5: Advanced Topics
Hardware security, attacks and defenses
Trusted computing and digital rights management
Electronic voting , vulnerabilities, cryptographic voting protocols
Physical security , locks and safes