Logistics:
| Credits: | 2 |
| Classes: | Mondays and Wednesdays, 3:00 PM - 4:30 PM (add to your calendar) |
| Classroom: | AC-04-LR-301 |
| Teaching Fellow: | TBD |
| Teaching Assistant: | TBD |
Links:
| Course Outline and Lectures |
| Resources and Reading Materials |
Course Description:
Are your secrets safe? Is your data truly private? What do they really know?
The answers to these questions depend on how we design the systems that manage our information and the assumptions built into them. This course offers a formal, rigorous study of the security of these systems—its theory, its practice, and its implications.
We will examine foundational concepts including threat models, confidentiality, privacy, authentication, cryptography, and access control. Alongside the technical framework, we will consider the human, organizational, and societal dimensions that influence real-world security outcomes.
The course is divided into three modules:
- Theoretical Foundations: We begin by establishing security definitions and introducing threat models to formalize how we think about adversaries and protection goals. This is followed by a review of the two major perspectives of modern information security: cryptography (which relies on complexity-theoretic assumptions), and verification (which uses logic and formal reasoning to prove that systems behave securely).
- Practical Cases: We then shift to real-world systems and their failures. The case studies include the Heartbleed vulnerability, private or “incognito” browsing modes, prompt injection risks in large language models, and the security challenges surrounding electronic voting machines. These examples illustrate how security can break down due to implementation errors, design trade-offs, usability constraints, and human assumptions.
- Advanced Topics: Finally, we look at a few emerging and future-facing areas of security research, such as zero-knowledge proofs, secure multiparty computation, and post-quantum cryptography.
Prerequisites: The course will require a certain level of mathematical and programming maturity (equivalent to having passed CS-2212 Data Structures and Algorithms).
Grading: The grading rubric for this course is as follows:
- Assessments (70%): Weekly in-class assessments will contribute to a total of 70% to the final grade.
- Final Exam (30%): The final exam, scheduled by the Office of Examination, will account for 30% of the grade.
- Extra Credit: If a student loses points on the weekly assessments, they will have the opportunity to revise and resubmit their papers to correct mistakes based on feedback. Successfully addressing the identified issues can earn up to a fourth of the lost points. This is intended as an opportunity to learn from mistakes and refine understanding.
Audit Requirements: 40% of the final grade.
Policies: Please note the following policies:
- Regular attendance is expected but not mandatory. Students arriving more than 5 minutes late may not enter, to minimize disruption. Eating in class is not allowed, and the use of laptops or cellphones is prohibited unless specifically required for course activities. Students are encouraged to take notes on paper by hand (unless granted an exception by OLS or OAA).
- As outlined in Ashoka's Academic Integrity Policy (see MyAshoka → Information and Documents → Office of Academic Affairs), plagiarism and other violations (including but not limited to unauthorized use of large language models or other generative AI tools) are serious offenses. Any violation will result in a failing grade (F) for the course. Please review the policy carefully.
Support: Students are encouraged to reach out to University offices such as the Office of Learning Support, Ashoka Center for Well-Being, and Center for Writing and Communication for additional support.