Computer and Network Security

Instructor: Professor Atul Prakash

EECS 588
Fall 2007

 Credits: 4. (This course qualifies towards meeting software quals requirements)  
Prerequisites: EECS 482 or EECS 489 or grad standing. Understanding projects and papers well is likely to require some Operating Systems or networking background as an undergraduate or graduate student.
Schedule: Lectures: TuTh 1:30-3:00,  Friday, 1:30-2:30, 3150 Dow.

Office Hours: 3:00-4:00 TuTh, 4741 CSE.

 This course will discuss foundational work and research papers in the following areas: Cryptography background and review of some current topics,  including hash functions, public/private key encryption, block ciphers, and Merkle-hash trees; security issues and attack on real-world systems; security models,  operating systems security,  reverse-turing tests; public key infrastructures and key management issues, and policy management. The course will also have a fair amount of formal material on applicability of Baysian methods to intrusion detection, spam filtering, etc.

Part of the goal of the course is to be comfortable with designing and evaluating security in systems and to prepare for research in the area.

Lecture Topics

What is computer and network security? What are the major topics in the field?

Using cryptographic techniques for confidentiality and integrity.

Authentication methods.

Use of Statistical Techniques in Security

This paper makes use of techniques from probability and AI, which are also helpful in understanding papers on intrusion detection and spam filtering. If you have taken an AI course and have its textbook, you may find it useful to look at the material on conditional probability (especially Bayes law) and hidden markov models. If you haven't, don't worry. We will review what we need below.

Secure Coding

Security Models, Policies, and Applications

Viruses and Worms

Operating Systems and Security

Database security/privacy

Misc. Topics

Reference Books

A reference book is optional for the course. It is good to have one security book around as a general reference.  One of these or most others would do.


Honor code, ethical hacking, etc.

Please read information on Engineering Honor Code. You are all expected to observe it.

In this course, you may also learn techniques to compromise security of systems, since to be a good designer of secure systems, you need to be familiar with threats. However, using those techniques in real world may violate law and university's computing practices.  Please read CAEN's policy document on rights and responsibilities and the links under that page on guidelines at UM for use of technology resources. As members of the university, you are expected to adhere to the policies.