ECS 153B: Computer & Information Security & Privacy II

Summary of Course Content

1. What are security and privacy: notion of an informal policy, formalization of policy
 2. Encryption: classical, public-key; implementation, problems; AES, RSA, elliptic curves
 3. Authentication: model of authentication systems, traditional passwords, challenge/response, one-time passwords; cryptographic protocols, simple cryptosystems; implementations of authentication mechanisms
 4. Access control: controlling access to resources, access matrix model, undecidability result, access control lists and capability lists; mandatory controls, discretionary controls, originator controls; variants such as role-based access control
 5. Integrity: cryptographic checksums, malicious logic, viruses, Trojan horses; defenses, prevention; UNIX integrity checking tools and how they work; malicious logic and UNIX
 6. Networks and security: Internet Security Architecture, analysis of Internet protocols, design and implementation considerations; firewalls; intrusion detection
 7. Penetration analysis: common types of flaws, examples, flaw hypothesis methodology, analysis of programs and systems
 8. Privacy and anonymity: definitions, goals, methods such as k-anonymity, differential privacy
 9. Information flow for integrity, confidentiality
10. Current topics in computer security and information assurance

Illustrative Reading

M. Bishop, Computer Security: Art and Science, 2nd Edition, Addison-Wesley Professional, 2018
R. Anderson, Security Engineering, John Wiley & Sons. 2020
C. Pfleeger, S. L. Pfleeger, L. Coles-Kemp, Security in Computing, Sixth Edition, 2023

Potential Course Overlap

The content of this course overlaps some with course 153A, and is for those who intend, or are considering, to focus on cybersecurity. It expands on topics covered in ECS 153A, providing both technical detail and depth.