Basic Information

  • Course Code: CS 745
  • Course Name: Principles of Data and System Security
  • Course Offered In: Spring 2023
  • Instructors: Prof. Virendra Singh
  • Prerequisites: None
  • Difficulty (on a scale of 5): 3

Course Content

The course goes through certain practices and principles used in the industry for the design of secure hardware and software systems. The course touches concepts for access control (DAC, MAC) various models of access control (Biba, Bell LaPadula, Chinese Wall). It goes through various terminologies used in the field of cybersecurity. Few lectures provide an introduction to the field of cryptography and the various types of tools and policies used in industry like assymetric key ciphering, SSL etc. Then a major portion of the course focuses on program analysis for security, where lectures are taken introducing various vulnerabilities present in programs such as buffer overflow, SQL injection, CSRF etc via examples and how to avoid and address them. The final portion of the course focuses on OS, IoT and hardware security where again vulnerabilities and their remedies are discussed.

Feedback on Lectures

Some of the lectures were taken by Prof. Virendra Singh himself, which were intellectually stimulating and the professor always cleared any doubts. Some lectures were taken by Prof. Vishwas Patil a cybersecurity researcher at IITB. Lectures pertaining to Access Control were taken by Prof RK Shyamsundar, these were a bit monotonous and the slides were verbose. But overall the lecture experience was great

Feedback on Evaluations

Initially discussed course logistics by the professor

  • Mid Term Exam (15-20%)

  • Final Exam (35-40%)

  • Assignments (10-15%)

  • Course Projects (15%) Group ( Max size 4)

  • Continuous Evaluations (15%)

  • Presentation/Viva (5%)
  • (BONUS) Research Project (15%)
  • (BONUS) Class notes (5%)

Weekly and fortnightly pen and paper quizzes were taken pertaining to the topics discussed in previous weeks. Midsem and Endsem were both infinite time and open notes. They had open ended and application specific problem statements, where the concepts learnt from the course had to be indirectly applied, going through and keeping the reference books handy would be sufficient to score well in these exams. A group course project was initially announced but the submission links appeared a couple of days before grade submission deadline which was a surprise to many already gone for their vacations and internships.

Study Material and Resources

Lecture slides shared by the instructor

  • Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, 2nd Edition, Wiley, 2008, SBN: 978-0-470-06852-6

  • Cryptography and Data Security – Dorothy Denning, Addison Wesley, 1988

  • Computer Security: Art and Science., M. Bishop, Addison-Wesley Professional, 2nd Edition, 2018

  • Other reference papers provided in the slides

Follow-up Courses

CS 741, Any other advanced network security or cryptography course

Final Takeaway

A very good course, allows to get a good overview of the field of industry practices, secure system design, various vulnerabilities and techniques to defend the system against it. And an opportunity to implement a secure system using something learnt from the course via the course project.