18-739 Foundations of Security and Privacy
Lectures: Tuesday, Thursday 1:30-2:50PM EST, HH 1107 / 10:30-11:50AM PST, B23 118 (SV Campus)
Computer security and privacy is concerned with the design, implementation and analysis of mechanisms intended to guarantee that desired policies (or properties) hold in the presence of adversaries. This course will cover a selection of topics in this area with a focus on protocols and privacy.
· Protocols: Topics include protocols for authentication and key exchange, anonymous communication, electronic voting, and password generation. Quite amazingly, many of these classes of protocols solve seemingly impossible problems. Many of these protocols are widely used in practice. We will study the design of such protocols, precise security definitions that they intend to achieve, and analysis techniques and tools for showing that the protocols achieve the desired properties and for identifying attacks on them. We will see the role of abstraction and composition in the analysis and understanding of complex protocols.
· Privacy: Privacy is a significant concern in modern society. Individuals share personal information with many different organizations - healthcare, financial and educational institutions, the census bureau, web services providers and online social networks - often in electronic form. Privacy violations occur when such personal information is inappropriately collected, shared or used. We will study privacy in a few settings where rigorous definitions and enforcement mechanisms are being developed – statistical disclosure limitation (as may be used by the census bureau in releasing statistics), semantics and logical specification of privacy policies that constrain information flow and use (e.g., by privacy regulations such as the HIPAA Privacy Rule), principled audit mechanisms for enforcing privacy policies – and other settings in which privacy concerns have prompted much research, such as social networks and online tracking & targeted advertising.
This course should be of interest to graduate students and advanced undergraduates interested in security, privacy, cryptography, programming languages and formal methods. An introductory course on computer security such as 18-487 or 18-730 is recommended but not required to take this course.
· Homework: 50%
· Reading and class participation: 10%
· Project: 40%