CSc 466/566 Computer Security is an introductory course covering the fundamentals of computer security. In particular, the course covers basic concepts of computer security such as threat models and security policies, and shows how these concepts apply to specific areas such as communication security, software security, operating system security, network security, web security, and hardware-based security.

Topics

• Communication security: cryptography and cryptographic protocols, including encryption, message authentication codes, hash functions, one-way functions, public-key cryptography, digital signatures, cryptographic protocols.
• Software security: secure software engineering, defensive programming, control-flow hijacking attacks (buffer overflows, format string bugs, integer overflows, heap attacks), exploitation techniques (string analysis, fuzzing, bug finding), analysis of code for security errors, safe languages, sandboxing techniques, and tools for writing secure code.
• Operating system security: memory protection, access control, authorization, authenticating users (something you know, something you have, something you are, password cracking.
• Network security: firewalls, port scanning attacks, intrusion detection systems, denial of service attack and defense, VPNs.
• Malware: worms, spyware, rootkits, botnets, key-loggers, and defenses against them.
• Web security: same-origin policy, cross-site scripting attacks, SQL injection attacks.
• Hardware-based security: The trusted computing architecture and its applications.
• Intellectual property protection: digital rights management, copy protection, software tamper-resistance.
• Advanced topics: privacy, mobile code, electronic voting, phishing, cybercrime, cyber-terrorism, financial security, spam, covert channels.