Software Foundations of Security and Privacy

Course ID 15316

Description Security and privacy issues in computer systems continue to be a pervasive issue in technology and society. Understanding the security and privacy needs of software, and being able to rigorously demonstrate that those needs are met, is key to eliminating vulnerabilities that cause these issues. Students who take this course will learn the principles needed to make these assurances about software, and some of the key strategies used to make sure that they are correctly implemented in practice. Topics include: policy models and mechanisms for confidentiality, integrity, and availability, language-based techniques for detecting and preventing security threats, mechanisms for enforcing privacy guarantees, and the interaction between software and underlying systems that can give rise to practical security threats. Students will also gain experience applying many of these techniques to write code that is secure by construction.

Key Topics
Policy models: safety & liveness, information flow, capabilities
Reference monitors
Security type systems
Isolation principles & techniques: software fault isolation, control-flow integrity, hardware protection
Trusted computing: authorization logic, public key infrastructure, hardware & software support
Side channel vulnerability & defense
Techniques for ensuring rigorous data privacy
Identifying vulnerabilities in real systems

Required Background Knowledge
Maturity in programming at the level of 15-213 or 15-150

Course Relevance
Fulfills a requirement in the undergraduate concentration in Security & Privacy and is an elective in the concentration on Principles of Programming Languages. Finally, it fulfills the Logics & Languages elective in the CS undergraduate program. 15-316 Section R is reserved for students who are unable to register for an in-person section due to a government visa/travel restriction or a documented medical condition. Enrollment in this section will require university-level approval. Register for an in-person section unless you are absolutely certain when you register that you will not be able to attend in-person this Fall.

Course Goals
The goal of the course is to teach students the principles and algorithms behind good security and privacy solutions, so they they can adapt and extend them in the future. In order to achieve this level of understanding, the course will cover a number of key ideas from logic and languages when developing the security topics above.

Learning Resources
See course website

Assessment Structure
Homeworks 45%, Labs 35%, Final Exam 20%

Course Link
https://15316-cmu.github.io/2023/index.html