ECS 153C: Computer & Information Security & Privacy III

Summary of Course Content

1. What is assurance: high assurance vs. low assurance; security requirements; reference monitors; gathering assurance evidence; documentation for appropriate audiences
 2. Testing: fuzzing, unit testing, system testing, red teaming, vulnerability categorization and analysis; static and dynamic analysis; use of artificial intelligence/machine learning 
 3. Assurance in practice: how it is done, its effect on other system characteristics such as performance; various methodologies
 4. Secure programming: review of design principles; defensive programming; robust programming; programming to meet security requirements
 5. Privacy: privacy by design, anonymization techniques, differential privacy, computation of quasi-identifiers
 6. Formal methods: theoretical basis, environment; methodologies, languages such as Z, HOL, SML, Larch; proof systems such as Isabelle; verification
 7. Social aspects of security: importance, reliance, resilience, disinformation
 8. Machine learning and large language models in security; security of machine learning systems
 9. Current topics in computer and information assurance

Illustrative Reading

* T. Nipkow, G. Klein, Concrete Semantics: With Isabelle/HOL, 2016
* R. Seacord, Secure Coding in C and C++ (SEI Series in Software Engineering), 2nd Edition, 2013
* Selected readings from the research literature

Potential Course Overlap

The content of this course overlaps some with course 153B. This course focuses on information and computer assurance as opposed to security. Privacy is included here as well as in 153B because of the assurance component of maximizing the difficulty of deanonymization, which defines a level of assurance evidence.