Secure Design Lifecycle
Instructor
Shreyas Sen, Assistant Professor in the School of Electrical & Computer Engineering
Course Description:
If nothing else, the goal of this course is to help designers embrace the mindset that security is not an afterthought, but a critical part to all stages of the design process. This course covers the integration of security in the design lifecycle, helping develop the security first mindset. Cyber security will be explored with a Systems focus covering topics on both computer software and hardware.
This course introduces students to a security design mindset. Upon completing the course, students will:
- Recognize the importance of security as a key component of every step of the design lifecycle.
- Describe different ways security can be incorporated into the designs of hardware and software.
- Identify applications and techniques to ensure increased security.
Topics Covered:
To highlights the systems nature to analyzing and developing cyber security we plan to adopt a crosscutting holistic approach as follows: Cyber security is the extremely important problem as it connects systems to wide variety of internet-connected adversaries. Cyber security threats could be efficiently analyzed and solved using a holistic view of system security. System security is further composed of both Hardware and software security.
Addressing a Varied Background of Participants:
There is an understanding students will have diverse backgrounds and background in software and hardware concepts needed to understand the variety of security issues addressed in the course. The two main knowledge domains we expect students to come from software background and hardware background, and we don’t assume students from one domain have detailed knowledge in the other.
To address this asymmetry, we have adopted the following strategies when dealing with advanced concepts in software and hardware. When dealing with software, algorithms and code will be presented as pseudocode to be accessible without knowledge of any programming languages. For those who are interested in learning more, resources will be provided with more detail and examples with real code. In dealing with hardware issues, the relevant physical phenomenon will be introduced, then the corresponding logic and equations will be given. For those interested in the derivation of equations and more detail on such physics, additional reading references will be provided.
The course’s plan of presenting Crosscutting Security Concepts:
To highlights the ‘systems’ nature to analyzing and developing cyber security we plan to adopt a crosscutting holistic approach as follows: Cyber security is the extremely important problem as it connects systems to a wide variety of internet-connected adversaries. Cyber security threats could be efficiently analyzed and solved using a holistic view of system security. System security is further composed of both Hardware and software security.
Course Content includes:
SDL; SW/HW Design Flow, Product development lifecycle; Software Attacks, Buffer Overflow; Hardware Attacks, HW Trojans, Supply Chain; Threat Modeling; Security Objectives, Risk Analysis, Attack Surface Analysis and Reduction; SGX Hardware and Software; Malware, Viruses/worms, Trojans, Rootkits, Ransomware, Spyware/Adware, Bots, Botnets, Social Engineering, Phishing, Watering Hole, Defenses; IO Validation; Buffer Overflows, Software Implementation, Wi-Fi, Mobile Devised, SSL/TLS & Certificates; Secure Storage, Data at Rest Encryption, Password Hashing, Brute Force/Dictionary; Rainbow Tables; Side Channel Attacks, Cache Attacks; Debug; FPGA Security; Penetration Testing; Fuzz Testing; Code Review; Intrusion Detection; Intrusion Detectio