COMS W4187: Security Architecture & Engineering (Fall 2017)


Lecture Details

Instructor: Suman Jana
Office: Mudd 412
Office hours: Monday (4-6 pm) or by appointment
TA Office hours: Plaban Mohanty(pm2878 AT columbia.edu) Tuesday & Thursday (5-6:30 pm) CS IA room
Classroom: Mudd 545
Class hours: Monday and Wednesday (2:40-3:55 pm)

Description

This class will teach you different concepts and tools for building secure systems. We will start from the fundamentals of computer security and cryptography. Next, we will examine how these concepts are implemented in modern systems. Finally, we will demonstrate how common mistakes made by the developers undermine the security of deployed real-world systems and describe how to avoid making such mistakes.

Note:There will be no assigned textbook for the class and you are expected to read the assigned articles/papers carefully.

Prerequisite

There is no formal prerequisite for this class but you should be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.

Grading

Both midterm and final will be open-notes but no internet access will be allowed.

Schedule

Date Topics Lecture slides & Reading
Sep 6 Introduction intro.pptx, intro.pdf
Sep 11 Principle of least privilege/Access control principles.pptx, principles.pdf
Reading materials: SetUID demystified, Operating Systems Security (Chapter 4), qmail security architecture
Sep 13 Principle of least privilege/Access control (cntd.)
Sep 18 Principle of least privilege/Access control (cntd.) PA1 is posted in CourseWorks and is due by 11:59pm on 27th Sep.
Sep 20 Sandboxing & Isolation isolation.pptx, isolation.pdf
Reading materials: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, Efficient Software-Based Fault Isolation
Sep 25 Sandboxing & Isolation (cntd.)
Sep 27
Oct 2
Oct 4
Oct 9
Oct 11
Oct 16
Oct 18
Oct 23
Oct 25
Oct 30
Nov 1
Nov 6 No class (Academic Holiday)
Nov 8
Nov 13
Nov 15
Nov 20
Nov 22 No class (Academic Holiday)
Nov 27
Nov 29
Dec 4
Dec 6 Final exam
Dec 11 Final exam