Course ObjectiveThis is a course on security with a focus on systems work. At the end of
the course students will deeply understand the conceprs of
memory corruption attacks (buffer overflows, format strings, etc),
network attacks (such as spoofing, scannning, sniffing, DoS, and TCP
hijacking), and web attacks such as SQL injection, cross-site scripting,
and other vectors used by computer hackers. Besides basic attacks,
students will also learn about state-of-the-art exploitation methods.
The course is very(!) hands-on.
Course ContentThe course covers a wide spectrum of security issues. We explicitly
focus on systems security rather than cryptography (although there
will be a little of that too), as we want to show students how attackers
penetrate systems and most security issues are not due to bad crypto.
Specifically, the course focuses on (1) network security (sniffing,
spoofing, hijacking, exploiting network protocols, DDoS, DNS attacks,
etc.), (2) memory corruption and application security (buffer overflows,
format string bugs, dangling pointers, shellcode, return-oriented
programming, ASLR/DEP/canaries, control flow integrity and
cool new ways of exploitation), (3) web security (XSS, SQL
injection, CSRF, http cache poisoning, SOP, authentication, etc.),
(3) crypto (basics, systems aspects).
Much of the course will be hands-on and challenge-based. In assignments,
student will carry out and investigate attacks in a controlled
environment. This involves programming at the both the highest and
lowest levels (say SQL and assembly).
Teaching MethodsLectures and (very challenging) practical assignments.
Method of AssessmentWritten exam (30%) and practical assignments (70%).
There is no resit opportunity for the practical assignments.
Entry RequirementsKnowledge of C is highly essential
LiteratureNo set book. All material will be made available during the course.
Recommended background knowledgeNo formal requirements, except a keen interest and sufficient time.
Programming experience in C very strongly recommended.
Knowledge of assembly and computer architecture helps too.
|Language of Tuition||English|
|Faculty||Faculty of Science|
|Course Coordinator||prof. dr. ir. H.J. Bos|
|Examiner||prof. dr. ir. H.J. Bos|
prof. dr. ir. H.J. Bos
You need to register for this course yourself
Last-minute registration is available for this course.
This course is also available as: