This seminar course explores how to assess the technology and practices that aim to enhance computer security and privacy. A key theme is understanding how to measure whether security and privacy goals have been achieved. We read and discuss papers from the research literature, learn about promising measurement and data analysis techniques, and surface gaps to find opportunities to do better.

This course explores the foundations of software security, covering important software vulnerabilities and attacks that exploit them, such as buffer overflows, SQL injection, and session hijacking. The course also considers defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. We take a ‘build security in’ mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.