Graduate Special Topics in Computer Science

NOTE: for descriptions of standard graduate computer science courses, see Graduate Course Descriptions.

G22.3033-001 Cryptographic Protocols

Most commercial transactions involve two or more parties with different objectives, some of which may try to take advantage of others. For most "real-world" applications, many possible dishonest strategies are evident, and the transactions are designed with these in mind. Imagine, for example, a teller machine where you swipe your ATM card, enter the amount to withdraw, and then take the corresponding amount of money from a stack of bills. Imagine further anonymous credentials in the shape of drivers licenses that do not divulge any identifying information, but where the right to drive a vehicle would be associated with the ownership of such a license. It is clear that while both of these "implementations" work well in an environment where nobody cheats, it would also be highly questionable to employ them in an imperfect society.

Cryptographic protocol design strives to identify and protect against abusive strategies in applications where standard ``real-world'' defenses fail.

To properly defend against attacks, we must first practice ourselves to become aware of the nature of potential threats. These may be unauthorized access to resources or rights, as in the examples involving teller machines and drivers licenses. Examples of other types of unauthorized access are piracy (namely dishonest access to a service or product); unauthorized sharing of information; unauthorized attempts at forging or modifying contracts, and similar. Another type of threat is the violation of other users' privacy, whether this relates to their actions, location, memberships and associations, and more. Yet another type threat is inappropriate use of system features -- such as the use of encryption by drug dealers and the use of steganographically hidden communication by terrorists. (In these examples, the user may simply use available applications in a way that corresponds to their intended use, but for purposes that are not endorsed by society.)

Thus, the design of a system requires not only an understanding of its wanted behavior (e.g., to allow people to withdraw money resp. give evidence that they belong to a certain group of people, such as "people who may drive a car".) It is also crucial to understand the unwanted types of behavior, whether these constitute attacks on the system itself, or simply stray from the intended use. Moreover, it is important to understand the available tools and how these can be employed to reach a set of goals. This course will address these issues by the discussion of various applications, abuses, and cryptographic techniques.

The course will have one technical component, and one component relating to understanding and removing protocol flaws. To understand the nature of the second component, consider the following non-technical example: Most realtors do not request identification from apartment owners picking up or replacing keys of apartments they are listing. How could this be abused

See the detailed description on the course homepage

G22.3033-002 XML for Java Developers Jean-Claude Franchitti

The eXtensible Markup Language (XML) is a platform-independent data representation, which may be viewed as a simplified version of SGML designed for the Web. Java Technology and XML are complementary: XML provides a family of technologies that enable portable data, and Java technology enables portable, maintainable code. Together, XML and Java technologies provide comprehensive support for data representation and exchange, and promote a new generation of Presentation Oriented Publishing (POP) and Message Oriented Middleware (MOM) services for the enterprise. While XML-based POP services are being layered on top of J2EE's JSP and Servlet component models, XML-based MOM services provide uniform access to application server and Enterprise Application Integration (EAI) technologies. As they become core components of the upcoming Web Services platforms (i.e., Sun's Open Net Environment, HP's NetAction, Oracle's Dynamic Services, IBM's WebSphere platform, and Microsoft .NET), XML-based services provide a foundation for modern component-based and device-independent eBusiness via application-level protocols (e.g., ebXML), infrastructure components (e.g., SOAP, WSD, and UDDI, and presentation/integration facilities.

This course is designed for programmers already familiar with the Java language and class libraries. All instruction and development will be based on the J2SE 1.3, and the latest practical W3C standards. Rather than focusing the presentation on the various XML features and technologies, the course illustrates how the use of such XML technologies and applications meshes with the modern approach at building XML-based comprehensive business applications. The course provides an in-depth coverage of XML-based Java-enabled functionality. Students will learn how to specify, and manipulate XML data from Java programs using existing implementations of the current W3C specifications for the Domain Object Model (DOM) and Simple API for XML SAX). Through a set of assignments/projects, students will implement the various components of a sample XML web-enabled and Java-based enterprise application. Students will gain practical exposure to the various XML commercial toolsets being developed by various third-party vendors including IBM, Microsoft, and JavaSoft.

See the detailed description on the course homepage

G22.3033-003 Electronic Commerce - Strategies & Technologies

Pre-requisites: students are expected to have previous course and/or practical experience with network protocols, database systems, and web interfaces.

The popular image of eCommerce is that of a splashy web page, full of products and advertisements. In fact, that web page is the public fašade to a remarkable system that connects front-end presentation of products and services, personalized to user preferences, to a back-end of databases used to manage product inventories, customer profiles, transaction histories, payments, and more.

The permeation of Information Technologies throughout the eCommerce transaction and the internal business practices of the organization have become more generally known as eBusiness. The transformation of the Internet and related protocols to support such practices is what we will investigate in this course.

Commerce was not a design goal or even a remote consideration of the early Internet. What we are observing is a fascinating, historic high-stakes technical re-tooling of the underlying protocols and practices of the Internet to support robust and secure digital transactions, and their subsequent use within core human activities in business, government, education, and beyond. We have moved from an environment that emphasized casual communication and file sharing to one that supports the electronic transfer of funds, and the expectations have changed accordingly.

There is now a demand for comprehensive user authentication, encrypted communication, and digital certification that provably connects people to on-line actions. The subsequent need to balance the required security with an acceptable level of privacy remains as a challenge. How much privacy are users willing to sacrifice in exchange for security and convenience features?

The global scope of the Internet, readily crossing national boundaries, exacerbates such issues. How can uniform standards and governing legislation be enacted and enforced? This is particularly nettlesome, given the relatively anarchic early governing structure of the Internet. While the technical issues of the protocol transformations are challenging, the political issues can be even more difficult to manage. We will restrict ourselves, for the most part, to the more comprehensible technical issues, pointing out social, legal, or political problems that hinder development along the way.

See the detailed description on the course homepage

top | contact