The Cedar policy language for authorization, and verification-guided development methodologies for building high-assurance systems.

Research on measuring and improving cybersecurity practices, developer behavior, and end-user impact.

This seminar course explores how to assess the technology and practices that aim to enhance computer security and privacy. A key theme is understanding how to measure whether security and privacy goals have been achieved. We read and discuss papers from the research literature, learn about promising measurement and data analysis techniques, and surface gaps to find opportunities to do better.

This seminar course explores how to assess the technology and practices that aim to enhance computer security and privacy. A key theme is understanding how to measure whether security and privacy goals have been achieved. We read and discuss papers from the research literature, learn about promising measurement and data analysis techniques, and surface gaps to find opportunities to do better.

This course explores the foundations of software security, covering important software vulnerabilities and attacks that exploit them, such as buffer overflows, SQL injection, and session hijacking. The course also considers defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. We take a ‘build security in’ mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.