18-739 Foundations of Security and Privacy
Lectures: Tuesday,
Thursday 1:30-2:50PM EST, HH 1107 / 10:30-11:50AM PST, B23 118 (SV Campus)
Instructor: Anupam
Datta
Email: danupam@cmu.edu
Phone:
650-335-2884
Office Hours: Mon 4-5PM EDT
Office: CMU SV Bldg. 23
Teaching Assistant: Divya Sharma
Email: cmu18739ta@gmail.com
Office Hours: Thu 4-5PM EDT, Fri 1-2PM EDT
Office Hours Location: CIC 2312
Office: CIC 2314D
Course Description
Computer
security and privacy is concerned with the design, implementation and analysis
of mechanisms intended to guarantee that desired policies (or properties) hold
in the presence of adversaries. This course will cover a selection of topics in
this area with a focus on protocols
and privacy.
·
Protocols: Topics
include protocols for authentication and key exchange, anonymous communication,
electronic voting, and password generation. Quite amazingly, many of these
classes of protocols solve seemingly impossible problems. Many of these
protocols are widely used in practice. We will study the design of such
protocols, precise security definitions that they intend to achieve, and
analysis techniques and tools for showing that the protocols achieve the
desired properties and for identifying attacks on them. We will see the role of abstraction and
composition in the analysis and understanding of complex protocols.
·
Privacy: Privacy is a significant concern in modern
society. Individuals share personal information with many different
organizations - healthcare, financial and educational institutions, the census
bureau, web services providers and online social networks - often in electronic
form. Privacy violations occur when such personal information is
inappropriately collected, shared or used. We will study privacy in a few
settings where rigorous definitions and enforcement mechanisms are being
developed – statistical disclosure limitation (as may be used by the census
bureau in releasing statistics), semantics and logical specification of privacy
policies that constrain information flow and use (e.g., by privacy regulations
such as the HIPAA Privacy Rule), principled audit mechanisms for enforcing
privacy policies – and other settings in which privacy concerns have prompted
much research, such as social networks and online tracking & targeted
advertising.
This course should be of interest to graduate students and
advanced undergraduates interested in security, privacy, cryptography,
programming languages and formal methods. An introductory course on computer
security such as 18-487 or 18-730 is recommended but not required to take this
course.
Grading
·
Homework: 50%
·
Reading and class participation: 10%
·
Project: 40%