By Joe Pickett, OCW Publication Director
Given the way the world has become dependent on computer systems, few subjects can have more urgency than cybersecurity. Every week, it seems, large computer systems are attacked, and vast amounts of information get stolen—social security numbers, credit card and bank accounts, droves of email messages, confidential business data, state secrets. Hackers work feverishly around the clock to break-in, shut down, tie up, hijack, and make off with the goods.
Luckily, MIT is on the job educating students how to design computer systems that can stymie these attacks. OCW has just published 6.858 Computer Systems Security, a graduate-level course taught by Professor Nickolai Zeldovich. The course site has full lecture videos, notes for most lectures, labs with supporting files, exams with solutions, and an extensive array of links to resources on cryptography, OS security, and more. There is no textbook; rather, students read a sequence of papers and submit questions before each lecture.
As Professor Zeldovich explains, computer system security has three high-level components. First, programmers must develop a policy, a set of goals they want to achieve. Second, they must construct a threat model, a set of assumptions that profile the adversary behind potential attacks. And they must create mechanisms that execute the policy and thwart the threat model.
All three areas are prone to error and must be questioned and tested in an iterative process to achieve a high level of security. The assumptions about the behavior of users (as in the kind of passwords they create or the answers they provide for security questions) can be flawed. Even if accurately predicted at first, the capability of the bad guys can change as technology changes over time. The mechanisms providing security can have bugs, and even small bugs can lead to catastrophic consequences.
It’s all quite scary, but that’s to the good. Computer security is one area where paranoia can be not just beneficial, but essential.
OCW users who would like a more extensive introduction to how secrets can be shared safely will want to explore 6.857 Network and Computer Security, taught by Professor Ron Rivest, which emphasizes cryptography.