This is an introductory course on information security. The emphasis
will be on how to develop applications with security in mind. At the
end of the course, students should be familiar with the following:
1. Importance of security in modern engineering.
2. How common cryptographic primitives work, and why they are essential.
3. How bugs can degrade the security of software.
4. Common memory corruption bugs and their (security) side-effects in
The course is divided into the following modules:
A. Understanding Cryptographic primitives
1. Confidentiality, Integrity and Authentication (CIA) properties
2. Symmetric/asymmetric/stream ciphers
3. Digital certificates/signatures
4. Cryptographic hash Functions
5. OpenSSL engineering
B. Understanding (and avoiding) low-level bugs
1. Process memory layout
2. Buffer overflows
3. Integer overflow/format strings
4. Bug detection and mitigation
5. Secure Development Lifecycle (SDL)
C. Special topics in Security (optional)
Lectures and practical assignments.
Written Exam (60%). Practical assignments (40%).
1. Principles of Information Security, By Michael E. Whitman and Herbert
2. Security Engineering: A Guide to Building Dependable Distributed
Systems by Ross J. Anderson (free on-line:
3. Online materials (articles)
Knowledge of computer programming, preferably in C. Some knowledge of
assembly is beneficial.
Background in mathematics (number theory), working knowledge of web,
programming in C and (to a limited extent) assembly, scripting in