This course provides an introduction to practical security concepts. The goal is to understand common attacks and countermeasures in a range of topics. The course is practice oriented, it describes real attacks and countermeasures. Students will practice attacks on a dedicated server (similar to a Capture the Flag competition).
Teaching and Learning Methods :Weekly class. Some guest lectures. Homework are online challenges, on a number of topics related to the class. A first lab is organized during lecture time to bootstrap challenges.
Course Policies :Class attendance is not checked but generally required to succeed.
There are no books covering all topics. Some resources can be found on the public page of the course:
http://www.s3.eurecom.fr/~aurel/teaching.html
It is recommended to have basic knowledge in:
OS, NETW_I, Comparch
It is still possible to follow Syssec course if this is not the case as required concepts will be reminded .
Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is often not well understood. The course aims to make the students gain a basic understanding about real world security issues and countermeasures. Another of the goals of this course is to teach students to think as an attacker. This state of mind is a requirement for performing security audits and very useful to design secure systems and avoid common pitfalls.The course introduces the students to all the basic concepts of system security in the areas of host, network, and web security. The class has a very practical spin. A number of challenge-like homework assignment are used to force the student to practice on the low level aspects of the concept presented during the lectures. Therefore, prior experience in basic programming (C) as well as knowledge of basic concepts in operating systems and networks is recommended.
The following topics are introduced in this course:
- Windows and Unix Security Basics
- Race Conditions
- Memory Corruption, Exploitation and Modern Countermeasures
- Trusted Computing
- Web Security
- Wireless Security
- Network Security
- Testing for Security
- Malware
- Embedded systems security
- Every year there are guest lectures on selected topics.
All above topics will be mostly covered at a high level (possibly covered in more details in other courses). A particular focus is put on exploitation of memory vulnerabilities well as on web security.
Learning outcome:
Students will have a overall understanding of security problems in systems and the basic countermeasures. They will be able to perform a range of attacks (code injection, etc).
Students should be able to understand a Vulnerability, how to read a security advisory, and how to handle them to either attack systems or defend against attacks.
Nb hours : 42
Grading Policy :
Solving challenges counts for 20 to 25 % of the grade.
Final written exam covering all the topics from the lectures.
Additional points for extra participation in class (e.g., 10 minutes presentation on a related topic/mini project).
