The proverb "A chain is only as strong as its weakest link." accurately describes the situation with the security of todays network-centric computing infrastructure and the vast number of applications and services relying on it.
The course is precisely about this "chain." The chain includes an assortment of communication links, protocols, devices (hosts, routers, mobile phones, etc.), executable code (servers, client-side scripts, etc.), and human users. Each and every one of the links in this chain are sources of potential vulnerabilities. For example, vulnerabilities are introduced by malfunctioning code (intentionally, i.e. malware, or even accidentally, i.e., software bugs), channels open for eavesdropping to anyone within range, e.g., wireless channels, sloppiness of human users, etc.
It is virtually impossible for casual users to check the trustworthiness of each and every element in such systems, so the users end up trusting systems without necessarily knowing them. On top of developing techniques for securing systems, we also need to consider how to balance the security of the information resources we are protecting with the degree of inconvenience placed on users.
- Be able to identify the security requirements of a system (at the network protocol, OS, application, and user level) and whether example systems provide the required assurances
- Be able to select the appropriate tools that allow the study of security vulnerabilities of systems
- Be able to recommend the right fixes to safeguard vulnerable systems using mostly existing technologies (ie. firewalls)
- Be able to recognize at a conceptual level what would be the value of cryptography to achieve particular security requirements in a system
- Be familiar with some of the current best practices for developing secure systems
- Group Assignments