Security Principles, Applied Cryptography, Access Control, Authentication
Moderate. I took it in Spring 2015. Comprised of 4-5 homeworks and a semester-long project. The scope of your project is really gonna change your workload.
Get a good team for the project. You’re going to be working with them all semester, and that project is most of your grade.
You learn all the necessary details in systems security such as private and public key cryptography. You also learn how to properly build a secure system and guiding principles like NEVER assume your source code is secret (thus don’t hard code your AES key!). Lastly, you learn that attacks are not particularly clever and arise from people making dumb assumptions with their system. While I enjoyed the article (http://shaanan.cohney.info/blog/2013/04/the-attack/), I feel like taking system’s security will teach you NOT to make some of the mistakes those groups have made (ie sending your source code to someone should not compromise your system). So in conclusion, systems security here is much more theoretical but assuming you paid attention, you should be an expert in both defending and attacking systems.
Spring 2015, this course had a huge emphasis on the project. It was awesome. The classroom time was a lot of the theoretical grounding for the first 2/3rds of the course, followed by a month of guest lectures on various security-related topics and projects. The project was a full-semester assignment to develop a password manager. It really forced you to engage with the classroom material on a practical level, and was also great practice at developing medium-sized applications. It does however, make it really important that you’re proficient in Java and in software engineering. If the “build a large java application” part is a challenge for you, you’re gonna have a hard time.
| Semester | Time | Professor | Median Grade | Course Page | | — | — | — | — | — |