Computer and Network Security

2018-2019
Dit vak wordt in het Engels aangeboden. Omschrijvingen kunnen daardoor mogelijk alleen in het Engels worden weergegeven.

Doel vak

This is a course on security with a focus on systems work. At the end of
the course students will deeply understand the basic notion of
memorycorruption attacks (buffer overflows, format strings, etc),
network attacks (such as spoofing, scannning, sniffing, DoS, and TCP
hijacking), and web attacks such as SQL injection, cross-site scripting,
and other vectors used by computer hackers. Besides basic attacks,
students will also learn about state-of-the-art exploitation methods.
The course is very(!) hands-on.

Inhoud vak

The course covers a wide spectrum of security issues. We explicitly
focus on systems security rather than (say) cryptography, as we want to
show students how attackers penetrate systems.

Specifically, the course focuses on (1) network security (sniffing,
spoofing, hijacking, exploiting network protocols, DDoS, DNS attacks,
etc.), (2) memory corruption and application security (buffer overflows,
format string bugs, dangling pointers, shellcode,
return oriented programming, ASLR/DEP/canaries, control flow integrity
and cool new ways of exploitation), (3) web security (XSS, SQL
injection, CSRF, http cache poisoning, SOP, authentication, etc.), (4)
botnets (centralised/P2P, fast flux, double flux), (4) crypto (basics,
systems aspects).

Much of the course will be hands-on and challenge-based. In assignments,
student will carry out and investigate attacks in a controlled
environment. This involves programming at the both the highest and
lowest levels (say SQL and assembly).

Onderwijsvorm

Lectures and (very challenging) practical assignments.

Toetsvorm

Written exam (30%) and practical assignments (70%).

Vereiste voorkennis

Knowledge of C is highly recommended (and probably essential)

Literatuur

No set book. All material will be made available during the course.

Aanbevolen voorkennis

No formal requirements, except a keen interest and sufficient time.

Programming experience in C very strongly recommended.

Knowledge of assembly and computer architecture helps too.

Algemene informatie

Vakcode X_400127
Studiepunten 6 EC
Periode P1
Vakniveau 400
Onderwijstaal Engels
Faculteit Faculteit der Bètawetenschappen
Vakcoördinator prof. dr. ir. H.J. Bos
Examinator prof. dr. ir. H.J. Bos
Docenten prof. dr. ir. H.J. Bos

Praktische informatie

Voor dit vak moet je zelf intekenen.

Voor dit vak kun je last-minute intekenen.

Werkvormen Hoorcollege
Doelgroepen

Dit vak is ook toegankelijk als: