Software Foundations of Security and Privacy Course ID 15316 Description Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include: policy models and mechanisms for confidentiality, integrity, and availability, language-based techniques for detecting and preventing security threats, mechanisms for enforcing privacy guarantees, and the interaction between software and underlying systems that can give rise to practical security threats. Students will also gain experience applying many of these techniques to write code that is secure by construction. Key Topics Policy models: safety & liveness, information flow, capabilities Reference monitors Security type systems Isolation principles & techniques: software fault isolation, control-flow integrity, hardware protection Trusted computing: authorization logic, public key infrastructure, hardware & software support Side channel vulnerability & defense Techniques for ensuring rigorous data privacy Identifying vulnerabilities in real systems Required Background Knowledge Maturity in programming at the level of 15-213 or 15-150 Course Relevance Fulfills a requirement in the undergraduate concentration in Security & Privacy and is an elective in the concentration on Principles of Programming Languages. Finally, it fulfills the Logics & Languages elective in the CS undergraduate program. 15-316 Section R is reserved for students who are unable to register for an in-person section due to a government visa/travel restriction or a documented medical condition. Enrollment in this section will require university-level approval. Register for an in-person section unless you are absolutely certain when you register that you will not be able to attend in-person this Fall. Course Goals The goal of the course is to teach students the principles and algorithms behind good security and privacy solutions, so they they can adapt and extend them in the future. In order to achieve this level of understanding, the course will cover a number of key ideas from logic and languages when developing the security topics above. Learning Resources See course website Assessment Structure Homeworks 45%, Labs 35%, Final Exam 20% Course Link https://15316-cmu.github.io/2023/index.html