Authentication

Denial-of-Service (DoS) Attacks

Traceback

DoS (Denial-of-Service) Defense

Network Monitoring

Fundamental NIDS (Network Intrusion Detection System) Issues

Evaluating Detectors

Computer worm

Worm Detection/Defense

Scanning

Inferring Activity

Forensics

HTTPS

IPv4 Addressing Architecture

Digital identity

Botnets

PPI (Personally Identifiable Information) / Presentations

Abusive Surveillance

Anonymity

Spamming

Cybercrime

CS 261N: Internet/Network Security UC Berkeley Fall 2022 This course offers a comprehensive study of network security, exploring areas like denial-of-service, network monitoring, botnets, and internet ethics. It leans towards a research-based approach with a major team project. The class features a deep dive into seminal papers rather than the latest trends. Prerequisites include CS 168/EE 122 and CS 161 or their equivalents. This class aims to provide a thorough grounding in network security suitable for those interested in conducting research in the area, as well as students more generally interested in either security or networking. We will also look at broader issues relating to Internet security for which networking plays a role. The [syllabus](https://www.icir.org/vern/cs261n/syllabus.html) has overlap with portions of the SEC prelim.

Topics include: denial-of-service; capabilities; network monitoring / intrusion detection; worms; forensics; scanning; traffic analysis / inferring activity; architecture; protocol issues; legality and ethics; web attacks; anonymity; censorship; surveillance; honeypots; botnets; spam; the underground economy; research issues & pitfalls.

The course is taught with an emphasis on seminal papers rather than bleeding-edge for a given topic. It includes a [major project](https://www.icir.org/vern/cs261n/project.html) that students generally undertake in teams of two.

Three hours of lecture per week. 4 units, due to the significant workload.  CS 168 / EE 122 or equivalent; CS 161 or equivalent; basic probability/statistics. (Non-PhD students must receive instructor approval.) There is no required textbook. All reading will be from papers. A tentative list of these is available from the [syllabus](https://www.icir.org/vern/cs261n/homework.html#Syllabus). We will definitely cover most of these topics (and primary papers), but may make some changes over the course of the semester.

CS 261N: Internet/Network Security

Computer Security and Cryptography

Buffer overflow

Hash functions

Browser Security Model

Mobile Platform Security

Buffer Overflow Defenses

Message authentication code (MAC)

Web Application Security

Usable Security

Symmetric-key encryption

Asymmetric Key Cryptography

Web Privacy

Cryptography

Symmetric-key Cryptography

Physical Security

Block Cipher Modes

Web Security

CSE 484 / CSE M 584 Computer Security University of Washington Autumn 2021 This course covers a wide range of computer security topics, including software security, cryptography, web security, malware, and physical security. It encourages a "security mindset" while requiring a firm understanding of computer science fundamentals and command-line Unix development environment. In this course, we will cover topics including: the "security mindset", threat modeling, software security, cryptography, malware, web security, web privacy, smartphone security, authentication, usable security, anonymity, physical security, and security for emerging technologies.  *CSE 332* and *CSE 351*

You should have maturity in both the mathematics of computer science and in the engineering of computer systems. This means that you should: have a good understanding of data structures and algorithms; be comfortable writing programs from scratch in C and Java; be comfortable writing and debugging assembly code; and be comfortable in a command-line Unix development environment (gdb, gcc, etc). You should also have a good understanding of computer architecture, operating systems, and computer networks. Most importantly, you should be eager to challenge yourself and learn more! ### No Textbook

In previous quarters we've used "Foundations of Security: What Every Programmer Needs to Know, Daswani, Kern, and Kesavan, ISBN 1-59059-784-2. This quarter we are not using an official textbook, and are instead using various freely available readings.
We will be using some readings from [Security Engineering](https://www.cl.cam.ac.uk/~rja14/book.html) of which the 2nd edition is freely available on the author's webpage

CSE 484 / CSE M 584 Computer Security

Web Technologies

Web Protocols

Cross-Site Request Forgery (CSRF)

Firewalls

Denial-of-service attack (DoS attack)

Transport Protocols

Stream ciphers

Operating System Security

Public-key cryptography

Passwords

Digital signature

OS Isolation

Malware

Authorization

Cloud Security

Accounting

Storage Encryption

Web Security Model

Networks

Security Principles

Session Management

Transport Layer Security (TLS)

Same-Origin Policy

Certificates

One-time pad

SQL Injection

Block cipher

Cross-Site Scripting (XSS)

OS Privileges

Browser Security

DNS (Domain Name System)

CS1660: Computer Systems Security Brown University Spring 2022 CS1660 delivers a balanced mix of theory and practice in computer systems security. Starting with the foundational aspects of cryptography, the course navigates through security aspects of web applications, operating systems, and networks. Students will hone their "security mindset," learning to identify vulnerabilities and understand defenses across different domains. CS1660 (formerly called CS166) is a course on **computer systems security** through a balanced mixture of theory and practice.

We’ll start out with building the foundations of security through an exploration of **cryptography**. From there, we’ll move to more complex, multi-faceted systems such as **web applications**, **operating systems**, and **networks**. Along the way, we’ll explore complementary topics such as authentication, physical security, social engineering, privacy, anonymity, usability, and the security of emergent systems such as blockchains and machine learning.

By learning about security through these multiple domains, you’ll concretely learn how various classes of attacks appear in a vast variety of scenarios and how they work in practice. You’ll also learn how to evaluate systems adversarially, from writing precise security analyses about subtle issues in protocols to discovering and exploiting vulnerabilities in concrete technical systems for yourself.

Through all of these activities, you’ll ultimately work to develop a specific kind of intuition—a ***“security mindset”***—that will give you the knowledge, vocabulary, and confidence to critically analyze and effectively defend the software and systems you approach as a computer scientist even after the course. - Provide an introduction to computer security
    - Overview security threats and defenses
- Help you develop a security-aware mindset:
    - Take the big picture and understand the details
- Learning by practicing
    - Consider ethical implications and tradeoffs of using, building, and testing secure systems You should have an intro-sequence’s worth of programming experience ([0160](https://cs.brown.edu/courses/info/csci0160/), [0180](https://cs.brown.edu/courses/info/csci0180/), or [0190](https://cs.brown.edu/courses/info/csci0190/)) and have a good understanding of systems programming ([0300](https://cs.brown.edu/courses/info/csci0300/), [0330](https://cs.brown.edu/courses/info/csci0330/), [1310](https://cs.brown.edu/courses/info/csci1310/), or [1330](https://cs.brown.edu/courses/info/csci1330/)). This concretely means that:

- You should be comfortable writing programs and scripts in the language of your choice (such as Python, Ruby, Bash, Go, C++, etc.), be comfortable in a Unix command-line environment (running binaries, filesystem navigation, etc.) and using SSH with the Brown CS filesystem, have a basic understanding of systems programming concepts such as memory management and networking.
- You also should have heard of the terms “race condition”, “packet”, “TCP”, “UDP”, “buffer overflows”, and “DNS”. (If you forget what these are, don’t worry—we’ll describe them again when they come up in the latter half of the course.)
- You should also be at least somewhat comfortable (and very willing) to learn new programming languages and reading code in languages and programs that you’ve never used before. (You’ll get lots of practice with this in this course!)
 
*If you don’t meet the official prerequisites* but still want to take the course, please feel free to ask the instructors–we are happy to discuss your individual situation to determine if the course is right for you!

Your willingness to challenge yourself is perhaps the most important prerequsite for the course. Security can be frustrating at times, but the rewards are great. In exchange for engaging with some difficult intellectual challenges, you’ll have the opportunity to gain concrete insights about systems and security and become a better computer scientist along the way! 

CS1660: Computer Systems Security

Authentication

3 courses cover this concept

CS 261N: Internet/Network Security

CSE 484 / CSE M 584 Computer Security

CS1660: Computer Systems Security