Software Foundations of Security and Privacy
Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include: policy models and mechanisms for confidentiality, integrity, and availability, language-based techniques for detecting and preventing security threats, mechanisms for enforcing privacy guarantees, and the interaction between software and underlying systems that can give rise to practical security threats. Students will also gain experience applying many of these techniques to write code that is secure by construction.
Prerequisites: 15-122, 15-213
This course will cover the following topics:
- Verification and proof
- Privilege separation
- Authentication, identity, and trust
- Policy models
- Information flow and audit
- Statistical release
Students will learn the principles behind designing secure systems by construction. Along the way, they will gain experience both building and proving properties about such systems.
Instructors: Jean Yang and Matt Fredrikson
- Office Hours: By appointment
- Location: TBD
- Email: jyang2@cs mfredrik@cs
TA: Sam Yeom
- Office Hours: Mondays 3-5pm
- Location: varies per week–see Piazza
- Email: syeom@cs
Course staff email list: 15316-spring17-staff@cs
Lectures: TuTh 3-4:20pm in WEH 5415.
Assignments: There will be up to 8 assignments. Students will have approximately two weeks to complete each assignment. See the schedule for assignment dates.
Exams: There will be two exams, a midterm and final.
Textbook: There are no official textbooks for the course. Unofficial textbooks are Secure Coding: Principles and Practices (Graff and van Wyk), The Tangled Web (Zalewski), and Security Engineering (Anderson).
Discussion: We will use Piazza by default for offline discussions. If you do not see the course page in Piazza, contact the course staff.
Grading: Grading will be based on assignments, midterm and final exams, and class participation. Because there is no required textbook, students’ primary source of information is the lecture. Lecture notes will be made available after each meeting, but students are expected to attend class.
- 60% Assignments
- 30% Midterm and final exams
- 10% In-class quizzes and participation
Late work: Students may grant themselves at most four days worth of extensions on assignments throughout the semester, using at most two late days per assignment. This means, for example, that two assignments could be turned in two days late without losing points, or four assignments could each be turned in one day late. Students who wish to use an extension should notify the instructor and TA via email by the original assignment deadline. Assignments turned in after the deadline without notification, or after any extensions have expired, will have their scores deducted by 20% per day.
Academic Integrity: Students are expected to complete each assignment on their own, and should be able to explain all of the work that they hand in. Copying code or proof material from other students or online sources is not allowed. However, students are encouraged to discuss assignments with each other at a sufficiently high level to avoid the risk of duplicating implementation or proof. Examples of this would be discussing algorithms and properties referred to in the assignment, helping other students with questions about a programming language or tool required to complete the assignment, discussing a general proof technique, or referring to an online source with useful information. If you have questions about whether something might be an issue, contact the course staff before discussing further. Please refer to the Carnegie Mellon Code for information about university policies regarding academic conduct.
Take care of yourself: Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress. All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 and visit their website. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.