18-631   Introduction to Information Security

Location: Africa

Units: 12

Semester Offered: Fall, Spring

Course description

Our growing reliance on information systems for daily activities, ranging from remote communications to financial exchanges, has made information security a central issue of our critical infrastructure. The course introduces the technical and policy foundations of information security. The main objective of the course is to enable students to reason about information systems from a security engineering perspective, taking into account technical, economic, and policy factors. Some topics covered in the course include elementary cryptography; access control; common software vulnerabilities; common network vulnerabilities; policy and export control laws in the U.S., Japan, and elsewhere; privacy; management and assurance; economics of security; and special topics in information security.

Learning objectives

This course primarily aims at providing a level of literacy in information security adequate enough to understand the security implications on a number of diverse domains including software engineering; networking; privacy; and policy.

A secondary objective is to provide a working knowledge of topics such as cryptography, privacy, network security, and infrastructure management so that students can acquire the necessary background for more advanced security courses.

Outcomes

After completing this course, students should be able to reason about systems from the perspective of a security engineer. That is, they should be able to define the system to protect; determine the desired security properties for this system; identify the possible threats to these security properties and their likelihood of occurrence; and consider possible mitigations against these threats.

Content details

The course will cover the following topics:

  • Threat models
  • Basic security properties
  • Basic policy overview
  • Cryptography I: history, private key algorithms
  • Cryptography II: DES, stream cyphers
  • Cryptography III: public key algorithms
  • Cryptography IV: unkeyed algorithms, hashes
  • PKI
  • Access control I: Operating systems
  • Access control II: Multilevel & multilateral security
  • Buffer overflows and software vulnerabilities
  • Security protocols
  • SSL, Networks I: TCP vulnerabilities
  • Networks II: DDoS attacks
  • Networks III: Anonymity
  • Guest lecture/Applications: TBD
  • Wireless Security, Intelligent Jamming
  • Elements of Web Security
  • Copyright law and P2P
  • Security economics
  • Management, assurance

Prerequisites

The course assumes a basic working knowledge of computers, networks, C, and UNIX programming as well as an elementary mathematics background. But, it does not assume any prior exposure to topics in computer or communications security. Students lacking technical background (e.g., students without any previous exposure to programming) are expected to catch up through self-study.

Faculty

Tim Brown and João Barros