Anonymity

Asymmetric Key Cryptography

Authentication

Block Cipher Modes

Browser Security Model

Buffer Overflow Defenses

Buffer overflow

Cryptography

Hash functions

Message authentication code (MAC)

Mobile Platform Security

Physical Security

Symmetric-key Cryptography

Symmetric-key encryption

Usable Security

Web Application Security

Web Privacy

Web Security

CSE 484 / CSE M 584 Computer Security University of Washington Autumn 2021 This course covers a wide range of computer security topics, including software security, cryptography, web security, malware, and physical security. It encourages a "security mindset" while requiring a firm understanding of computer science fundamentals and command-line Unix development environment. In this course, we will cover topics including: the "security mindset", threat modeling, software security, cryptography, malware, web security, web privacy, smartphone security, authentication, usable security, anonymity, physical security, and security for emerging technologies.  *CSE 332* and *CSE 351*

You should have maturity in both the mathematics of computer science and in the engineering of computer systems. This means that you should: have a good understanding of data structures and algorithms; be comfortable writing programs from scratch in C and Java; be comfortable writing and debugging assembly code; and be comfortable in a command-line Unix development environment (gdb, gcc, etc). You should also have a good understanding of computer architecture, operating systems, and computer networks. Most importantly, you should be eager to challenge yourself and learn more! ### No Textbook

In previous quarters we've used "Foundations of Security: What Every Programmer Needs to Know, Daswani, Kern, and Kesavan, ISBN 1-59059-784-2. This quarter we are not using an official textbook, and are instead using various freely available readings.
We will be using some readings from [Security Engineering](https://www.cl.cam.ac.uk/~rja14/book.html) of which the 2nd edition is freely available on the author's webpage

CSE 484 / CSE M 584 Computer Security

Computer security and cryptography are related fields that focus on protecting the confidentiality, integrity, and availability of information and systems. Common sub-topics include Cryptography, Operating System Security, Software Security, Encryption etc.

Computer Security and Cryptography

Computer Science

COS 433 - Cryptography Princeton University Fall 2020 An introductory course into modern cryptography, grounded in rigorous mathematical definitions. Covers topics such as secret key and public key encryption, pseudorandom generators, and zero-knowledge proofs. Requires a basic understanding of probability theory and complexity theory, and entails some programming for course projects.  Cryptography is an ancient practice dating back almost 4000 years. However, cryptography practiced today is very different than the cryptography used as recently as a few decades ago. For one, traditional cryptography was mostly synonymous with encryption: translating data into secret codes. Today, however, cryptography extends far beyond basic codes to encompass concepts such as authentication and integrity, and can be used to solve seemingly impossible tasks such as public key encryption (exchanging secret messages without ever having met in person to share a secret key) and zero knowledge proofs (proving theorems without revealing the proof).

Another new feature in modern cryptography is its foundations. Until recently, cryptography was largely an art form based on intuition and ad hoc tweaks to block vulnerabilities. Modern crytpography is instead more of a science, characterized by rigorous mathematical definitions and theorems that guide the design of new systems.

This course is an introduction to modern cryptography, focusing on the theoretical foundations, with some attention to practical considerations. We will cover a variety of topics, including secret key and public key encryption, authentication, commitments, pseudorandom generators, and zero knowledge proofs.  Basic probability theory. Basic complexity theory (as in COS340) recommended. The course projects will involve programming, but no specific programming language is required. 

COS 433 - Cryptography

CS 155 Computer and Network Security Stanford University Spring 2022 This course focuses on principles of computer systems and network security, exploring different attack techniques and corresponding defenses. Course projects aim at building reliable code and understanding attacks. Prior knowledge in operating systems, networking protocols, and basic programming languages is needed. The course covers principles of computer systems and network security. We will discuss various attack techniques and how to defend against them. Topics include network attacks and defenses, operating system holes, web security, e-mail, botnet, malware, social engineering attacks, privacy, and digital rights management. Course projects will focus on building reliable code and understanding attacks. The course is intended for junior and senior undergraduates and first year graduate students.  The course requires an understanding of operating systems, networking protocols, and a basic understanding of programming languages. Programming projects will be done primarily in C and JavaScript, but other languages may be needed.

Pre-requisites: CS110/CS111 (Principles of Computer Systems) There is no textbook for the class.

Instead, we will use research papers posted on the course [syllabus page](https://cs155.stanford.edu/syllabus.html) for every lecture.

CS 155 Computer and Network Security

CS 261N: Internet/Network Security UC Berkeley Fall 2022 This course offers a comprehensive study of network security, exploring areas like denial-of-service, network monitoring, botnets, and internet ethics. It leans towards a research-based approach with a major team project. The class features a deep dive into seminal papers rather than the latest trends. Prerequisites include CS 168/EE 122 and CS 161 or their equivalents. This class aims to provide a thorough grounding in network security suitable for those interested in conducting research in the area, as well as students more generally interested in either security or networking. We will also look at broader issues relating to Internet security for which networking plays a role. The [syllabus](https://www.icir.org/vern/cs261n/syllabus.html) has overlap with portions of the SEC prelim.

Topics include: denial-of-service; capabilities; network monitoring / intrusion detection; worms; forensics; scanning; traffic analysis / inferring activity; architecture; protocol issues; legality and ethics; web attacks; anonymity; censorship; surveillance; honeypots; botnets; spam; the underground economy; research issues & pitfalls.

The course is taught with an emphasis on seminal papers rather than bleeding-edge for a given topic. It includes a [major project](https://www.icir.org/vern/cs261n/project.html) that students generally undertake in teams of two.

Three hours of lecture per week. 4 units, due to the significant workload.  CS 168 / EE 122 or equivalent; CS 161 or equivalent; basic probability/statistics. (Non-PhD students must receive instructor approval.) There is no required textbook. All reading will be from papers. A tentative list of these is available from the [syllabus](https://www.icir.org/vern/cs261n/homework.html#Syllabus). We will definitely cover most of these topics (and primary papers), but may make some changes over the course of the semester.

CS 261N: Internet/Network Security

CS 294-163: Secure Systems from Decentralized Trust UC Berkeley Fall 2022 This graduate seminar focuses on the development of secure systems built from decentralized trust, including end-to-end encryption systems and secure collaborative learning. It requires a solid introduction to cryptography and systems. Topics include blockchain, smart contracts, and zero-knowledge proofs, among others. This course is a graduate seminar on developing (secure) systems from decentralized trust.

In the past years, there has been much excitement in both academia and industry around the notion of decentralized security, which refers to, loosely speaking, security mechanisms that do not rely on the trustworthiness of any central entity. In only a few years, this area has generated many beautiful cryptographic constructs as well as a tremendous amount of real-world adoption, through blockchain, secure custody of secrets, secure collaborative learning – and now forming the technical backbone of the movement on “web3.0”.

The course will cover topics such as decentralized ledger systems, decentralized authentication and access control, end-to-end encryption systems, secure collaborative learning through secure multi-party computation, and others. For concrete learning, throughout the class we will develop a decentralized trust stack enabling common decentralized trust applications (3 units).  This is an advanced course, requiring a solid introduction to cryptography (CS161 or equivalent) and to systems (CS162 or equivalent). There is no required textbook for this class. You can refer to the [Berkeley CS161 textbook](https://textbook.cs161.org/) to refresh on security concepts and [A Graduate Course in Applied Cryptography](http://toc.cryptobook.us/) for cryptography.

CS 294-163: Secure Systems from Decentralized Trust

CS 255: Introduction to Cryptography Stanford University Winter 2023 This course offers an introduction to cryptographic techniques used in computer security, covering encryption, message integrity, digital signatures, key management, and more. It is suitable for advanced undergraduates and masters students with some proof techniques and programming experience. Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to use them correctly.

This course is an introduction to the basic theory and practice of cryptographic techniques used in computer security. We will cover topics such as encryption (secret-key and public-key), message integrity, digital signatures, user authentication, key management, cryptographic hashing, Network security protocols (SSL, IPsec), public-key infrastructure, digital rights management, and a bit of zero-knowledge protocols.

Optional readings can be found in the textbooks denoted by KL and AC in the syllabus below. The optional AC book, by Boneh and Shoup, is more advanced (and free) and is intended for students wishing to go deeper. The [online version of the course](https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/) is another resource for the material covered in class.

- **Boneh-Shoup (AC):** (free) *[A Graduate Course in Applied Cryptography](https://cryptobook.us) (V 0.5)* by D. Boneh and V. Shoup
- **KL:** *[Introduction to Modern Cryptography](http://www.cs.umd.edu/~jkatz/imc.html)* (2nd edition) by J. Katz and Y. Lindell.  The course is self contained, however a basic understanding of probability theory and modular arithmetic will be helpful. The course is intended for advanced undergraduates and masters students. Students are expected to have experience with basic proof techniques and some programming experience. Students can supplement the lectures with an [online version of the course](https://www.coursera.org/learn/crypto) (MOOC) that covers some of the material.

The following books can be used to supplement the lectures:

- Optional: *[A Graduate Course in Applied Cryptography](https://cryptobook.us)* by D. Boneh and V. Shoup. (free)
- Optional: *[Introduction to Modern Cryptography](http://www.cs.umd.edu/~jkatz/imc.html)* by J. Katz and Y. Lindell.

Note that the textbooks do not cover all the material discussed in class.

CSE 484 / CSE M 584 Computer Security

Overview

Prerequisites

Learning objectives

Textbooks and other notes

No Textbook

Other courses in Computer Security and Cryptography

COS 433 - Cryptography

CS 155 Computer and Network Security

CS 261N: Internet/Network Security

CS 294-163: Secure Systems from Decentralized Trust

CS 255: Introduction to Cryptography

Courseware availability

Covered concepts