Computer and Network Security

2019-2020
Dit vak wordt in het Engels aangeboden. Omschrijvingen kunnen daardoor mogelijk alleen in het Engels worden weergegeven.

Doel vak

This is a course on security with a focus on systems work. At the end of
the course students will deeply understand the conceprs of
memory corruption attacks (buffer overflows, format strings, etc),
network attacks (such as spoofing, scannning, sniffing, DoS, and TCP
hijacking), and web attacks such as SQL injection, cross-site scripting,
and other vectors used by computer hackers. Besides basic attacks,
students will also learn about state-of-the-art exploitation methods.
The course is very(!) hands-on.

Inhoud vak

The course covers a wide spectrum of security issues. We explicitly
focus on systems security rather than cryptography (although there
will be a little of that too), as we want to show students how attackers
penetrate systems and most security issues are not due to bad crypto.

Specifically, the course focuses on (1) network security (sniffing,
spoofing, hijacking, exploiting network protocols, DDoS, DNS attacks,
etc.), (2) memory corruption and application security (buffer overflows,
format string bugs, dangling pointers, shellcode, return-oriented
programming, ASLR/DEP/canaries, control flow integrity and
cool new ways of exploitation), (3) web security (XSS, SQL
injection, CSRF, http cache poisoning, SOP, authentication, etc.),
(3) crypto (basics, systems aspects).

Much of the course will be hands-on and challenge-based. In assignments,
student will carry out and investigate attacks in a controlled
environment. This involves programming at the both the highest and
lowest levels (say SQL and assembly).

Onderwijsvorm

Lectures and (very challenging) practical assignments.

Toetsvorm

Written exam (30%) and practical assignments (70%).

There is no resit opportunity for the practical assignments.

Vereiste voorkennis

Knowledge of C is highly essential

Literatuur

No set book. All material will be made available during the course.

Aanbevolen voorkennis

No formal requirements, except a keen interest and sufficient time.

Programming experience in C very strongly recommended.

Knowledge of assembly and computer architecture helps too.

Algemene informatie

Vakcode X_400127
Studiepunten 6 EC
Periode P1
Vakniveau 400
Onderwijstaal Engels
Faculteit Faculteit der Bètawetenschappen
Vakcoördinator prof. dr. ir. H.J. Bos
Examinator prof. dr. ir. H.J. Bos
Docenten prof. dr. ir. H.J. Bos

Praktische informatie

Voor dit vak moet je zelf intekenen.

Voor dit vak kun je last-minute intekenen.

Werkvormen Hoorcollege
Doelgroepen

Dit vak is ook toegankelijk als: